target/linux/generic/backport-4.14/371-netfilter-nf_flow_table-fix-up-ct-state-of-flows-aft.patch

   1 From: Felix Fietkau <nbd@nbd.name>
   2 Date: Thu, 14 Jun 2018 11:20:09 +0200
   3 Subject: [PATCH] netfilter: nf_flow_table: fix up ct state of flows after
   4  timeout
   5
   6 If a connection simply times out instead of being torn down, it is left
   7 active with a long timeout. Fix this by calling flow_offload_fixup_ct_state
   8 here as well.
   9
  10 Signed-off-by: Felix Fietkau <nbd@nbd.name>
  11 ---
  12
  13 --- a/net/netfilter/nf_flow_table_core.c
  14 +++ b/net/netfilter/nf_flow_table_core.c
  15 @@ -233,6 +233,9 @@ static void flow_offload_del(struct nf_f
  16         e = container_of(flow, struct flow_offload_entry, flow);
  17         clear_bit(IPS_OFFLOAD_BIT, &e->ct->status);
  18
  19 +       if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN))
  20 +               flow_offload_fixup_ct_state(e->ct);
  21 +
  22         flow_offload_free(flow);
  23  }
  24