summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2023-04-21 17:55:40 +0300
committerJakub Kicinski <kuba@kernel.org>2023-04-21 17:55:41 +0300
commitf9bcdcec3bf0063a010d123a9977cb7a8e240f95 (patch)
tree0146096f82abc35005b87fc444dc05d4e147737a /include
parente375b503943f512cdd3a7dd12849972b7a006076 (diff)
parent73db1b8f2bb6725b7391e85aab41fdf592b3c0c1 (diff)
downloadlinux-f9bcdcec3bf0063a010d123a9977cb7a8e240f95.tar.xz
Merge tag 'nf-23-04-21' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net 1) Set on IPS_CONFIRMED before change_status() otherwise EBUSY is bogusly hit. This bug was introduced in the 6.3 release cycle. 2) Fix nfnetlink_queue conntrack support: Set/dump timeout accordingly for unconfirmed conntrack entries. Make sure this is done after IPS_CONFIRMED is set on. This is an old bug, it happens since the introduction of this feature. * tag 'nf-23-04-21' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: conntrack: fix wrong ct->timeout value netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert() ==================== Link: https://lore.kernel.org/r/20230421105700.325438-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include')
-rw-r--r--include/net/netfilter/nf_conntrack_core.h6
1 files changed, 5 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 71d1269fe4d4..3384859a8921 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -89,7 +89,11 @@ static inline void __nf_ct_set_timeout(struct nf_conn *ct, u64 timeout)
{
if (timeout > INT_MAX)
timeout = INT_MAX;
- WRITE_ONCE(ct->timeout, nfct_time_stamp + (u32)timeout);
+
+ if (nf_ct_is_confirmed(ct))
+ WRITE_ONCE(ct->timeout, nfct_time_stamp + (u32)timeout);
+ else
+ ct->timeout = (u32)timeout;
}
int __nf_ct_change_timeout(struct nf_conn *ct, u64 cta_timeout);
generated by cgit v1.2.3 (git 2.39.0) at 2026-01-01 16:27:58 +0300