diff options
| author | Fernando Fernandez Mancera <fmancera@suse.de> | 2025-12-17 15:46:40 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-01-17 16:35:22 +0100 |
| commit | 8bdafdf4900040a81422056cabe5e00a37bd101a (patch) | |
| tree | 0a6753ab384f0b8396f720a53a44a8551ae3c62a /net | |
| parent | 7f066cba650c584f55c6732d2d99a967928515f7 (diff) | |
| download | linux-8bdafdf4900040a81422056cabe5e00a37bd101a.tar.gz linux-8bdafdf4900040a81422056cabe5e00a37bd101a.tar.bz2 linux-8bdafdf4900040a81422056cabe5e00a37bd101a.zip | |
netfilter: nf_conncount: update last_gc only when GC has been performed
[ Upstream commit 7811ba452402d58628e68faedf38745b3d485e3c ]
Currently last_gc is being updated everytime a new connection is
tracked, that means that it is updated even if a GC wasn't performed.
With a sufficiently high packet rate, it is possible to always bypass
the GC, causing the list to grow infinitely.
Update the last_gc value only when a GC has been actually performed.
Fixes: d265929930e2 ("netfilter: nf_conncount: reduce unnecessary GC")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_conncount.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c index 3c1b155f7a0e..828d5c64c68a 100644 --- a/net/netfilter/nf_conncount.c +++ b/net/netfilter/nf_conncount.c @@ -229,6 +229,7 @@ static int __nf_conncount_add(struct net *net, nf_ct_put(found_ct); } + list->last_gc = (u32)jiffies; add_new_node: if (WARN_ON_ONCE(list->count > INT_MAX)) { @@ -248,7 +249,6 @@ add_new_node: conn->jiffies32 = (u32)jiffies; list_add_tail(&conn->node, &list->head); list->count++; - list->last_gc = (u32)jiffies; out_put: if (refcounted) |