diff options
author | Florian Westphal <fw@strlen.de> | 2011-09-30 16:38:29 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-10-03 12:43:24 +0200 |
commit | 98d9ae841ad620045d653fb05764e4a899f42dbd (patch) | |
tree | 040d36bf3b350c16e6af847584fddc70272ccf9c | |
parent | b582ad8e961c78458005250ae28fdd7a25db55aa (diff) | |
download | linux-98d9ae841ad620045d653fb05764e4a899f42dbd.tar.gz linux-98d9ae841ad620045d653fb05764e4a899f42dbd.tar.bz2 linux-98d9ae841ad620045d653fb05764e4a899f42dbd.zip |
netfilter: nf_conntrack: fix event flooding in GRE protocol tracker
GRE connections cause ctnetlink event flood because the ASSURED event
is set for every packet received.
Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Tested-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/nf_conntrack_proto_gre.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c index cf616e55ca41..d69facdd9a7a 100644 --- a/net/netfilter/nf_conntrack_proto_gre.c +++ b/net/netfilter/nf_conntrack_proto_gre.c @@ -241,8 +241,8 @@ static int gre_packet(struct nf_conn *ct, nf_ct_refresh_acct(ct, ctinfo, skb, ct->proto.gre.stream_timeout); /* Also, more likely to be important, and not a probe. */ - set_bit(IPS_ASSURED_BIT, &ct->status); - nf_conntrack_event_cache(IPCT_ASSURED, ct); + if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status)) + nf_conntrack_event_cache(IPCT_ASSURED, ct); } else nf_ct_refresh_acct(ct, ctinfo, skb, ct->proto.gre.timeout); |