The user should only reference a conntrack entry by the forward
direction context, as per 'conntrack_flush()', enforce this by
checking for 'default' conn_type. Needs backporting to 2.9.
Fixes: 271e48a0e244 ("conntrack: Support conntrack flush by ct 5-tuple")
Signed-off-by: Darrell Ball <dlu...@gmail.com>
---
lib/conntrack.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 15984d2..4b53e82 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -2574,7 +2574,7 @@ conntrack_flush_tuple(struct conntrack *ct, const struct
ct_dpif_tuple *tuple,
ct_lock_lock(&ct->buckets[bucket].lock);
conn_key_lookup(&ct->buckets[bucket], &ctx, time_msec());
- if (ctx.conn) {
+ if (ctx.conn && ctx.conn->conn_type == CT_CONN_TYPE_DEFAULT) {
conn_clean(ct, ctx.conn, &ct->buckets[bucket]);
} else {
error = ENOENT;
--
1.9.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
