From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 14 Jun 2018 11:20:09 +0200
Subject: [PATCH] netfilter: nf_flow_table: fix up ct state of flows after
 timeout

If a connection simply times out instead of being torn down, it is left
active with a long timeout. Fix this by calling flow_offload_fixup_ct_state
here as well.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -243,6 +243,9 @@ static void flow_offload_del(struct nf_f
 	e = container_of(flow, struct flow_offload_entry, flow);
 	clear_bit(IPS_OFFLOAD_BIT, &e->ct->status);
 
+	if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN))
+		flow_offload_fixup_ct_state(e->ct);
+
 	flow_offload_free(flow);
 }