diff options
| author | Florian Westphal <fw@strlen.de> | 2021-07-18 18:36:00 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-08-04 12:23:45 +0200 |
| commit | 512fd52e2091560de66da26799b3f1ca7ca1d41b (patch) | |
| tree | f343f1f091d02037826bc789419f98b53f464b7b /net/netfilter | |
| parent | 672f6ea510391a85dfce3362ad5d832bce447c14 (diff) | |
| download | linux-stable-512fd52e2091560de66da26799b3f1ca7ca1d41b.tar.gz linux-stable-512fd52e2091560de66da26799b3f1ca7ca1d41b.tar.bz2 linux-stable-512fd52e2091560de66da26799b3f1ca7ca1d41b.zip | |
netfilter: conntrack: adjust stop timestamp to real expiry value
[ Upstream commit 30a56a2b881821625f79837d4d968c679852444e ]
In case the entry is evicted via garbage collection there is
delay between the timeout value and the eviction event.
This adjusts the stop value based on how much time has passed.
Fixes: b87a2f9199ea82 ("netfilter: conntrack: add gc worker to remove timed-out entries")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 1dceda3c0e75..c5590d36b775 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -630,8 +630,13 @@ bool nf_ct_delete(struct nf_conn *ct, u32 portid, int report) return false; tstamp = nf_conn_tstamp_find(ct); - if (tstamp && tstamp->stop == 0) + if (tstamp) { + s32 timeout = ct->timeout - nfct_time_stamp; + tstamp->stop = ktime_get_real_ns(); + if (timeout < 0) + tstamp->stop -= jiffies_to_nsecs(-timeout); + } if (nf_conntrack_event_report(IPCT_DESTROY, ct, portid, report) < 0) { |