Commit 98d9ae84 authored Sep 30, 2011 by Florian Westphal Committed by Pablo Neira Ayuso Oct 03, 2011

netfilter: nf_conntrack: fix event flooding in GRE protocol tracker



GRE connections cause ctnetlink event flood because the ASSURED event
is set for every packet received.

Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Tested-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent b582ad8e

net/netfilter/nf_conntrack_proto_gre.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -241,7 +241,7 @@ static int gre_packet(struct nf_conn *ct,
		nf_ct_refresh_acct(ct, ctinfo, skb,
		ct->proto.gre.stream_timeout);
		/* Also, more likely to be important, and not a probe. */
		set_bit(IPS_ASSURED_BIT, &ct->status);
		if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
		nf_conntrack_event_cache(IPCT_ASSURED, ct);
		} else
		nf_ct_refresh_acct(ct, ctinfo, skb,