Commit c921ffe8 authored by Paul Blakey's avatar Paul Blakey Committed by Pablo Neira Ayuso
Browse files

netfilter: flowtable: Fix flushing of offloaded flows on free 



Freeing a flowtable with offloaded flows, the flow are deleted from
hardware but are not deleted from the flow table, leaking them,
and leaving their offload bit on.

Add a second pass of the disabled gc to delete the these flows from
the flow table before freeing it.

Fixes: c29f74e0 ("netfilter: nf_flow_table: hardware offload support")
Signed-off-by: default avatarPaul Blakey <paulb@mellanox.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 41e9ec5a

net/netfilter/nf_flow_table_core.c

+3 −0
Original line number Diff line number Diff line
@@ -554,6 +554,9 @@ void nf_flow_table_free(struct nf_flowtable *flow_table) 
	nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL);

	nf_flow_table_iterate(flow_table, nf_flow_offload_gc_step, flow_table);

	nf_flow_table_offload_flush(flow_table);

	if (nf_flowtable_hw_offload(flow_table))

		nf_flow_table_iterate(flow_table, nf_flow_offload_gc_step,

				      flow_table);

	rhashtable_destroy(&flow_table->rhashtable);

}

EXPORT_SYMBOL_GPL(nf_flow_table_free);

CRA Git | Maintained and supported by SUSTech CRA and CCSE