git.baikalelectronics.ru Git - kernel.git/commit

author	Yi-Hung Wei <yihung.wei@gmail.com>
	Tue, 12 Jun 2018 17:51:34 +0000 (10:51 -0700)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 12 Jun 2018 18:07:07 +0000 (20:07 +0200)
commit	87b3e9fcd7a6c2879ef7fd6fc6a5f4515bf85dd9
tree	2df27a0099a40362eebd1a1a6be182d52134a550	tree \| snapshot
parent	2be79d8f394e752d86c4f49636523b7acab3a434	commit \| diff

netfilter: nf_conncount: Fix garbage collection with zones

Currently, we use check_hlist() for garbage colleciton. However, we
use the ‘zone’ from the counted entry to query the existence of
existing entries in the hlist. This could be wrong when they are in
different zones, and this patch fixes this issue.

Fixes: ee1978951743 ("netfilter: xt_connlimit: honor conntrack zone if available")
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_count.h		diff \| blob \| history
net/netfilter/nf_conncount.c		diff \| blob \| history
net/netfilter/nft_connlimit.c		diff \| blob \| history