diff options
| author | Fernando Fernandez Mancera <fmancera@suse.de> | 2025-12-17 17:46:40 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-01-17 18:31:22 +0300 |
| commit | 26a82dce2beee39c43c109d9647e16f49cb02a35 (patch) | |
| tree | 4540993205ffaef461cc876091c892f817095e01 | |
| parent | e1a436981ac9552bd25ce18e601140c2716e8400 (diff) | |
| download | linux-26a82dce2beee39c43c109d9647e16f49cb02a35.tar.xz | |
netfilter: nf_conncount: update last_gc only when GC has been performed
[ Upstream commit 7811ba452402d58628e68faedf38745b3d485e3c ]
Currently last_gc is being updated everytime a new connection is
tracked, that means that it is updated even if a GC wasn't performed.
With a sufficiently high packet rate, it is possible to always bypass
the GC, causing the list to grow infinitely.
Update the last_gc value only when a GC has been actually performed.
Fixes: d265929930e2 ("netfilter: nf_conncount: reduce unnecessary GC")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | net/netfilter/nf_conncount.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c index 3c1b155f7a0e..828d5c64c68a 100644 --- a/net/netfilter/nf_conncount.c +++ b/net/netfilter/nf_conncount.c @@ -229,6 +229,7 @@ static int __nf_conncount_add(struct net *net, nf_ct_put(found_ct); } + list->last_gc = (u32)jiffies; add_new_node: if (WARN_ON_ONCE(list->count > INT_MAX)) { @@ -248,7 +249,6 @@ add_new_node: conn->jiffies32 = (u32)jiffies; list_add_tail(&conn->node, &list->head); list->count++; - list->last_gc = (u32)jiffies; out_put: if (refcounted) |