netfilter: conntrack: don't deliver events for racy packets
This patch skips the delivery of conntrack events if the packet was drop due to a race condition in the conntrack insertion. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
325fb5b4d2
commit
b1e93a68ca
|
@ -62,7 +62,8 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
|
|||
if (ct && ct != &nf_conntrack_untracked) {
|
||||
if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
|
||||
ret = __nf_conntrack_confirm(skb);
|
||||
nf_ct_deliver_cached_events(ct);
|
||||
if (likely(ret == NF_ACCEPT))
|
||||
nf_ct_deliver_cached_events(ct);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue