| From 8685bd1e19781d36ec6b234e1fba3f07e0d78866 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Sun, 18 Jul 2021 18:36:00 +0200 |
| Subject: netfilter: conntrack: adjust stop timestamp to real expiry value |
| |
| From: Florian Westphal <fw@strlen.de> |
| |
| [ Upstream commit 30a56a2b881821625f79837d4d968c679852444e ] |
| |
| In case the entry is evicted via garbage collection there is |
| delay between the timeout value and the eviction event. |
| |
| This adjusts the stop value based on how much time has passed. |
| |
| Fixes: b87a2f9199ea82 ("netfilter: conntrack: add gc worker to remove timed-out entries") |
| Signed-off-by: Florian Westphal <fw@strlen.de> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| net/netfilter/nf_conntrack_core.c | 7 ++++++- |
| 1 file changed, 6 insertions(+), 1 deletion(-) |
| |
| diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c |
| index ff0168736f6e..f9f2af26ccb3 100644 |
| --- a/net/netfilter/nf_conntrack_core.c |
| +++ b/net/netfilter/nf_conntrack_core.c |
| @@ -661,8 +661,13 @@ bool nf_ct_delete(struct nf_conn *ct, u32 portid, int report) |
| return false; |
| |
| tstamp = nf_conn_tstamp_find(ct); |
| - if (tstamp && tstamp->stop == 0) |
| + if (tstamp) { |
| + s32 timeout = ct->timeout - nfct_time_stamp; |
| + |
| tstamp->stop = ktime_get_real_ns(); |
| + if (timeout < 0) |
| + tstamp->stop -= jiffies_to_nsecs(-timeout); |
| + } |
| |
| if (nf_conntrack_event_report(IPCT_DESTROY, ct, |
| portid, report) < 0) { |
| -- |
| 2.30.2 |
| |
