]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 79e3a66) | patch
netfilter: nf_conncount: Fix garbage collection with zones
authorYi-Hung Wei <yihung.wei@gmail.com>
Tue, 12 Jun 2018 17:51:34 +0000 (10:51 -0700)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 12 Jun 2018 18:07:07 +0000 (20:07 +0200)
commit5046a7c4a37c8b88eb2cc75a421bcf34427ee039
tree2df27a0099a40362eebd1a1a6be182d52134a550tree | snapshot
parent79e3a66a3c84e9cdd82918e51c23d77775acdc78commit | diff
netfilter: nf_conncount: Fix garbage collection with zones

Currently, we use check_hlist() for garbage colleciton. However, we
use the ‘zone’ from the counted entry to query the existence of
existing entries in the hlist. This could be wrong when they are in
different zones, and this patch fixes this issue.

Fixes: 02b9b7d706e5 ("netfilter: xt_connlimit: honor conntrack zone if available")
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_conntrack_count.h diff | blob | history
net/netfilter/nf_conncount.c diff | blob | history
net/netfilter/nft_connlimit.c diff | blob | history
Linux Kernel Source Tree.