OpenWrt
/branches/18.06.1/target/linux/generic/backport-4.14/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch |
@@ -0,0 +1,24 @@ |
From: Felix Fietkau <nbd@nbd.name> |
Date: Thu, 14 Jun 2018 11:20:09 +0200 |
Subject: [PATCH] netfilter: nf_flow_table: fix up ct state of flows after |
timeout |
|
If a connection simply times out instead of being torn down, it is left |
active with a long timeout. Fix this by calling flow_offload_fixup_ct_state |
here as well. |
|
Signed-off-by: Felix Fietkau <nbd@nbd.name> |
--- |
|
--- a/net/netfilter/nf_flow_table_core.c |
+++ b/net/netfilter/nf_flow_table_core.c |
@@ -233,6 +233,9 @@ static void flow_offload_del(struct nf_f |
e = container_of(flow, struct flow_offload_entry, flow); |
clear_bit(IPS_OFFLOAD_BIT, &e->ct->status); |
|
+ if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN)) |
+ flow_offload_fixup_ct_state(e->ct); |
+ |
flow_offload_free(flow); |
} |
|