diff options
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 81e2aa4ca1f..7b48035826e 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -636,8 +636,12 @@ static noinline int early_drop(struct net *net, unsigned int hash) | |||
| 636 | 636 | ||
| 637 | if (del_timer(&ct->timeout)) { | 637 | if (del_timer(&ct->timeout)) { |
| 638 | death_by_timeout((unsigned long)ct); | 638 | death_by_timeout((unsigned long)ct); |
| 639 | dropped = 1; | 639 | /* Check if we indeed killed this entry. Reliable event |
| 640 | NF_CT_STAT_INC_ATOMIC(net, early_drop); | 640 | delivery may have inserted it into the dying list. */ |
| 641 | if (test_bit(IPS_DYING_BIT, &ct->status)) { | ||
| 642 | dropped = 1; | ||
| 643 | NF_CT_STAT_INC_ATOMIC(net, early_drop); | ||
| 644 | } | ||
| 641 | } | 645 | } |
| 642 | nf_ct_put(ct); | 646 | nf_ct_put(ct); |
| 643 | return dropped; | 647 | return dropped; |