On 2018.08.21 02:26 Florian Westphal wrote:
... [snip] ...
> Fix this by clearing maxwin of existing tcp connections on register.
> While at it, lower timeout of existing entries when disabling to allow
> gc to reap entries more quickly.
>
> Reported-by: Doug Smythies <dsmythies@xxxxxxxxx>
> Fixes: 4d3a57f23dec59 ("netfilter: conntrack: do not enable connection tracking unless needed")
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> net/netfilter/nf_conntrack_proto.c | 61 ++++++++++++++++++++++++++++++++++++--
> 1 file changed, 59 insertions(+), 2 deletions(-)
... [snip] ...
I was not able to apply this patch on top of kernel 4.18, as it
seems to be on top of other patches since then.
I was able to apply it on top of the mainline kernel as of sometime
yesterday (head was at ad1d697)(somewhere between 4.18 and 4.19-rc1).
I verified that as of ad1d697 the issue was still present and then
tested ad1d697 + this patch and the issue is fixed.
Thank you.
... Doug
