[ovs-dev] [patch v2 2/6] conntrack: Enforce conn_type in conntrack_flush_tuple().

Darrell Ball dlu998 at gmail.com
Wed Sep 5 05:14:46 UTC 2018


The user should only reference a conntrack entry by the forward
direction context, as per 'conntrack_flush()', enforce this by
checking for 'default' conn_type.  Needs backporting to 2.9.

Fixes: 271e48a0e244 ("conntrack: Support conntrack flush by ct 5-tuple")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
---
 lib/conntrack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 15984d2..4b53e82 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2574,7 +2574,7 @@ conntrack_flush_tuple(struct conntrack *ct, const struct ct_dpif_tuple *tuple,
 
     ct_lock_lock(&ct->buckets[bucket].lock);
     conn_key_lookup(&ct->buckets[bucket], &ctx, time_msec());
-    if (ctx.conn) {
+    if (ctx.conn && ctx.conn->conn_type == CT_CONN_TYPE_DEFAULT) {
         conn_clean(ct, ctx.conn, &ct->buckets[bucket]);
     } else {
         error = ENOENT;
-- 
1.9.1



More information about the dev mailing list