[ovs-dev] [PATCH][v2] conntrack: Fix conntrack tw expiration
Li RongQing
lirongqing at baidu.com
Thu Jan 7 07:43:28 UTC 2021
a connection will enter timewait status when a reset packet
reached after a fin is received/sent, But the expiration
time is not updated, still is the previous expiration
time. this maybe causes connection table overflow due to long
expiration time
Fixes: a489b16854b59 ("conntrack: New userspace connection tracker.")
Signed-off-by: Li RongQing <lirongqing at baidu.com>
Co-authored-by: Mao YingMing <maoyingming at baidu.com>
Signed-off-by: Mao YingMing <maoyingming at baidu.com>
---
resend with maoyingming signature
lib/conntrack-tcp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/conntrack-tcp.c b/lib/conntrack-tcp.c
index 18a2aa7c7..f1595af7a 100644
--- a/lib/conntrack-tcp.c
+++ b/lib/conntrack-tcp.c
@@ -406,6 +406,7 @@ tcp_conn_update(struct conntrack *ct, struct conn *conn_,
if (tcp_flags & TCP_RST) {
src->state = dst->state = CT_DPIF_TCPS_TIME_WAIT;
+ conn_update_expiration(ct, &conn->up, CT_TM_TCP_CLOSED, now);
}
} else {
COVERAGE_INC(conntrack_tcp_seq_chk_failed);
--
2.17.3
More information about the dev
mailing list