diff options
| author | Dirk Morris | 2019-08-08 22:57:51 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2019-08-13 18:03:11 +0200 |
| commit | 656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a (patch) | |
| tree | 1186dee56773e7bdd5de75aeb7d42718091d91cb /net/netfilter/nft_flow_offload.c | |
| parent | netfilter: nf_flow_table: teardown flow timeout race (diff) | |
| download | kernel-qcow2-linux-656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a.tar.gz kernel-qcow2-linux-656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a.tar.xz kernel-qcow2-linux-656c8e9cc1badbc18eefe6ba01d33ebbcae61b9a.zip | |
netfilter: conntrack: Use consistent ct id hash calculation
Change ct id hash calculation to only use invariants.
Currently the ct id hash calculation is based on some fields that can
change in the lifetime on a conntrack entry in some corner cases. The
current hash uses the whole tuple which contains an hlist pointer which
will change when the conntrack is placed on the dying list resulting in
a ct id change.
This patch also removes the reply-side tuple and extension pointer from
the hash calculation so that the ct id will will not change from
initialization until confirmation.
Fixes: 3c79107631db1f7 ("netfilter: ctnetlink: don't use conntrack/expect object addresses as id")
Signed-off-by: Dirk Morris <dmorris@metaloft.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_flow_offload.c')
0 files changed, 0 insertions, 0 deletions