diff options
| author |   Felix Kaechele <felix@kaechele.ca> | 2019-06-25 16:48:59 -0400 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-26 11:07:50 +0200 |
| commit | e7600865db32b69deb0109b8254244dca592adcf (patch) | |
| tree | a4dfc3033f0885425b348fab3e5f23a91cdec26a /net/netfilter/utils.c | |
| parent | ipvs: fix tinfo memory leak in start_sync_thread (diff) | |
| download | linux-dev-e7600865db32b69deb0109b8254244dca592adcf.tar.xz linux-dev-e7600865db32b69deb0109b8254244dca592adcf.zip | |
netfilter: ctnetlink: Fix regression in conntrack entry deletion
Commit f8e608982022 ("netfilter: ctnetlink: Resolve conntrack
L3-protocol flush regression") introduced a regression in which deletion
of conntrack entries would fail because the L3 protocol information
is replaced by AF_UNSPEC. As a result the search for the entry to be
deleted would turn up empty due to the tuple used to perform the search
is now different from the tuple used to initially set up the entry.
For flushing the conntrack table we do however want to keep the option
for nfgenmsg->version to have a non-zero value to allow for newer
user-space tools to request treatment under the new behavior. With that
it is possible to independently flush tables for a defined L3 protocol.
This was introduced with the enhancements in in commit 59c08c69c278
("netfilter: ctnetlink: Support L3 protocol-filter on flush").
Older user-space tools will retain the behavior of flushing all tables
regardless of defined L3 protocol.
Fixes: f8e608982022 ("netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression")
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/utils.c')
0 files changed, 0 insertions, 0 deletions