netfilter: nf_flow_table: do not flow offload deleted conntrack entries - linux.git - dakr's fork of kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

diff options

author	Taehee Yoo <ap420073@gmail.com>	2019-04-30 22:56:14 +0900
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-05-06 15:15:09 +0200
commit	8cd2bc981c5335cacc432cba7666c2741c3e912f (patch)
tree	8de1f99a7e53dfc00f572dfb356ffa46b4be1ae0 /include
parent	b33c448c4f920d5399acea9ccbb508baec272f6f (diff)

netfilter: nf_flow_table: do not flow offload deleted conntrack entries

Conntrack entries can be deleted by the masquerade module. In that case, flow offload should be deleted too, but GC and data-path of flow offload do not check for conntrack status bits, hence flow offload entries will be removed only by the timeout. Update garbage collector and data-path to check for ct->status. If IPS_DYING_BIT is set, garbage collector removes flow offload entries and data-path routine ignores them. Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'include')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: