blob: 383641dfb72fa8132a415c6b15fd9d4bb13fad17 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 14 Jun 2018 11:20:09 +0200
Subject: [PATCH] netfilter: nf_flow_table: fix up ct state of flows after
timeout
If a connection simply times out instead of being torn down, it is left
active with a long timeout. Fix this by calling flow_offload_fixup_ct_state
here as well.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -268,6 +268,9 @@ static void flow_offload_del(struct nf_f
else if (flow->flags & FLOW_OFFLOAD_TEARDOWN)
flow_offload_fixup_ct_timeout(e->ct);
+ if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN))
+ flow_offload_fixup_ct_state(e->ct);
+
flow_offload_free(flow);
}
|