diff mbox series

[conntrack-tools] conntrackd: do not include conntrack ID in hashtable cmp

Message ID 20211108113758.112916-1-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [conntrack-tools] conntrackd: do not include conntrack ID in hashtable cmp | expand

Commit Message

Pablo Neira Ayuso Nov. 8, 2021, 11:37 a.m. UTC 
Depending on your conntrackd configuration, events might get lost,
leaving stuck entries in the cache forever. Skip checking the conntrack
ID to allow for lazy cleanup by when a new entry that represented by the
same tuple.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/cache-ct.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)
diff mbox series

Patch

diff --git a/src/cache-ct.c b/src/cache-ct.c
index fe01e165516c..f56e450e6cf2 100644
--- a/src/cache-ct.c
+++ b/src/cache-ct.c
@@ -90,21 +90,12 @@  cache_ct_hash(const void *data, const struct hashtable *table)
 	return ret;
 }
 
-/* master conntrack of expectations have no ID */
-static inline int
-cache_ct_cmp_id(const struct nf_conntrack *ct1, const struct nf_conntrack *ct2)
-{
-	return nfct_attr_is_set(ct2, ATTR_ID) ?
-	       nfct_get_attr_u32(ct1, ATTR_ID) == nfct_get_attr_u32(ct2, ATTR_ID) : 1;
-}
-
 static int cache_ct_cmp(const void *data1, const void *data2)
 {
 	const struct cache_object *obj = data1;
 	const struct nf_conntrack *ct = data2;
 
-	return nfct_cmp(obj->ptr, ct, NFCT_CMP_ORIG) &&
-	       cache_ct_cmp_id(obj->ptr, ct);
+	return nfct_cmp(obj->ptr, ct, NFCT_CMP_ORIG);
 }
 
 static void *cache_ct_alloc(void)