| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Jun 2016 08:16:53 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: samuel.gauthier@...nd.com
Cc: pshelar@...ira.com, netdev@...r.kernel.org, dev@...nvswitch.org,
netfilter-devel@...r.kernel.org, joestringer@...ira.com,
jpettit@...ira.com, azhou@...ira.com, tgraf@...g.ch
Subject: Re: [PATCH net v2] openvswitch: fix conntrack netlink event
delivery
From: Samuel Gauthier <samuel.gauthier@...nd.com>
Date: Tue, 28 Jun 2016 17:22:26 +0200
> Only the first and last netlink message for a particular conntrack are
> actually sent. The first message is sent through nf_conntrack_confirm when
> the conntrack is committed. The last one is sent when the conntrack is
> destroyed on timeout. The other conntrack state change messages are not
> advertised.
>
> When the conntrack subsystem is used from netfilter, nf_conntrack_confirm
> is called for each packet, from the postrouting hook, which in turn calls
> nf_ct_deliver_cached_events to send the state change netlink messages.
>
> This commit fixes the problem by calling nf_ct_deliver_cached_events in the
> non-commit case as well.
>
> Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action")
> CC: Joe Stringer <joestringer@...ira.com>
> CC: Justin Pettit <jpettit@...ira.com>
> CC: Andy Zhou <azhou@...ira.com>
> CC: Thomas Graf <tgraf@...g.ch>
> Signed-off-by: Samuel Gauthier <samuel.gauthier@...nd.com>
Applied.
Powered by blists - more mailing lists