1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Thu, 14 Jun 2018 11:20:09 +0200
3 Subject: [PATCH] netfilter: nf_flow_table: fix up ct state of flows after
6 If a connection simply times out instead of being torn down, it is left
7 active with a long timeout. Fix this by calling flow_offload_fixup_ct_state
10 Signed-off-by: Felix Fietkau <nbd@nbd.name>
13 --- a/net/netfilter/nf_flow_table_core.c
14 +++ b/net/netfilter/nf_flow_table_core.c
15 @@ -231,6 +231,9 @@ static void flow_offload_del(struct nf_f
16 e = container_of(flow, struct flow_offload_entry, flow);
17 clear_bit(IPS_OFFLOAD_BIT, &e->ct->status);
19 + if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN))
20 + flow_offload_fixup_ct_state(e->ct);
22 flow_offload_free(flow);