Received: by 2002:a05:6a10:c7c6:0:0:0:0 with SMTP id h6csp1644323pxy; Mon, 2 Aug 2021 06:59:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAa3u4KsTUXq4nNdk3CHHZMr4+hTYpmCTNSJFWi78hJCvVEmyE/BgFyU0uTDcQUrZMr2tf X-Received: by 2002:a05:6402:550:: with SMTP id i16mr19512329edx.177.1627912763734; Mon, 02 Aug 2021 06:59:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627912763; cv=none; d=google.com; s=arc-20160816; b=UjNaQG94mhMBKHJ6Spp9hnuh8RFA9meEecXK0kyitVzAESJv7hn+9hSLk+d7omxnW/ onVRmWzV3P2lLIXyhQMt1ej2rKRZ5RPoJ0VHp8a8MbdC2CZIpcvlXZX7Osm8IOiUJ/gz yfqSbAebwpzezP89ZrrcEOhiphorkhffvxTnasvFiK6cNsnj5GayIB3g1npXoV6j006m yxNQH/qL+m6ceSs5U33Xw63Kjr+yxs/WzPxiDu5as22a7zBu0VCzqfh5mf7iK/yNZBrf /vj1YqfZX5+dfjWdLUJnSvVmNyPWvcOE257I7tMa6cnqkW/QJt8rsR/yjVuOg6s4O4KG ITVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=pLF+jEOaBVvL+mOcUEh9A7igR01KqOAVRwwcXkIesfo=; b=A4noHLsKmCU2cUOfLYUljyagOJIPoE8dZfwxFiXnJfjQNxp18nNtdBUi5pqfH0+ddr UggRxRD5EavURTUmwhm5DYNo8o0MrWEgcC4OxzejpyMXX1bG4ue6wz4drdDrJqy1eyFX umUNp5vRqqdxqBrBLEzlQQ+67qbumx4wAXB44T1/9tCy9kBAR2GaJWQE2EMW0lVZyRhy RcwZmBfFH3hIREpqt1klQyafwpD8k9QIQLufLCWIvwDniv+hNuULnYkXkDgoH4/HOEyt qpAHnXm4dscgFjTdr2cfcBIHv3PPhJ36N7h/Z9JAcE56j5o8f75L1gr7F+AEyFdS7a6T +BRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=2TSJA7g0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dd5si9741253ejb.329.2021.08.02.06.58.57; Mon, 02 Aug 2021 06:59:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=2TSJA7g0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235571AbhHBN5t (ORCPT + 99 others); Mon, 2 Aug 2021 09:57:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:34364 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235139AbhHBNvf (ORCPT ); Mon, 2 Aug 2021 09:51:35 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6A5C3610FE; Mon, 2 Aug 2021 13:51:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1627912260; bh=2jn9FWGO1qoY5uU5T2PrJ4ffgaBkKIi44ZJygy7kA24=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2TSJA7g08YbZKBU07RDv9TkvXObzmwlYdL5s11CO73hzZ+GVVkf1LTsTV0fKUUe+x AdwckGcNvLSf7kivzXmGJoG9W35APr1KIouO4KF8i/fBrp8o0eDe5c54i60TI+paFk RkoGVAfVCZdO8JizGkKJXY1bkp0hgU/9Q6QAdD3s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Florian Westphal , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 5.4 20/40] netfilter: conntrack: adjust stop timestamp to real expiry value Date: Mon, 2 Aug 2021 15:45:00 +0200 Message-Id: <20210802134336.035104638@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210802134335.408294521@linuxfoundation.org> References: <20210802134335.408294521@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Florian Westphal [ Upstream commit 30a56a2b881821625f79837d4d968c679852444e ] In case the entry is evicted via garbage collection there is delay between the timeout value and the eviction event. This adjusts the stop value based on how much time has passed. Fixes: b87a2f9199ea82 ("netfilter: conntrack: add gc worker to remove timed-out entries") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/nf_conntrack_core.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 9a40312b1f16..4a988ce4264c 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -660,8 +660,13 @@ bool nf_ct_delete(struct nf_conn *ct, u32 portid, int report) return false; tstamp = nf_conn_tstamp_find(ct); - if (tstamp && tstamp->stop == 0) + if (tstamp) { + s32 timeout = ct->timeout - nfct_time_stamp; + tstamp->stop = ktime_get_real_ns(); + if (timeout < 0) + tstamp->stop -= jiffies_to_nsecs(-timeout); + } if (nf_conntrack_event_report(IPCT_DESTROY, ct, portid, report) < 0) { -- 2.30.2