On Tue, Jun 12, 2018 at 08:04:56PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Jun 12, 2018 at 10:51:34AM -0700, Yi-Hung Wei wrote:
> > Currently, we use check_hlist() for garbage colleciton. However, we
> > use the ‘zone’ from the counted entry to query the existence of
> > existing entries in the hlist. This could be wrong when they are in
> > different zones, and this patch fixes this issue.
>
> Good catch, I was about to fix exactly this too. Thanks!
>
> Fixes: e59ea3df3fc2 ("netfilter: xt_connlimit: honor conntrack zone
> if available")
>
> Applied, thanks.
For the record, patch in nf.git will show up as:
netfilter: nf_connount: Fix garbage collection with zones
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
