diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index b0b06c7a9483..7508f11c5b39 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -335,7 +335,8 @@ begin: | |||
| 335 | h = __nf_conntrack_find(net, tuple); | 335 | h = __nf_conntrack_find(net, tuple); |
| 336 | if (h) { | 336 | if (h) { |
| 337 | ct = nf_ct_tuplehash_to_ctrack(h); | 337 | ct = nf_ct_tuplehash_to_ctrack(h); |
| 338 | if (unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) | 338 | if (unlikely(nf_ct_is_dying(ct) || |
| 339 | !atomic_inc_not_zero(&ct->ct_general.use))) | ||
| 339 | h = NULL; | 340 | h = NULL; |
| 340 | else { | 341 | else { |
| 341 | if (unlikely(!nf_ct_tuple_equal(tuple, &h->tuple))) { | 342 | if (unlikely(!nf_ct_tuple_equal(tuple, &h->tuple))) { |
| @@ -510,7 +511,8 @@ static noinline int early_drop(struct net *net, unsigned int hash) | |||
| 510 | cnt++; | 511 | cnt++; |
| 511 | } | 512 | } |
| 512 | 513 | ||
| 513 | if (ct && unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) | 514 | if (ct && unlikely(nf_ct_is_dying(ct) || |
| 515 | !atomic_inc_not_zero(&ct->ct_general.use))) | ||
| 514 | ct = NULL; | 516 | ct = NULL; |
| 515 | if (ct || cnt >= NF_CT_EVICTION_RANGE) | 517 | if (ct || cnt >= NF_CT_EVICTION_RANGE) |
| 516 | break; | 518 | break; |