On Tue, Nov 20, 2018 at 10:44:36AM +0100, Pablo Neira Ayuso wrote: > On Tue, Nov 20, 2018 at 08:48:39AM +0100, Greg KH wrote: > > On Mon, Nov 19, 2018 at 10:17:38PM +0000, Alakesh Haloi wrote: > > > An iptable rule like the following on a multicore systems will result in > [...] > > > This fix adds an additional field to track such pending connections > > > and prevent them from being deleted by another execution thread on > > > a different core and returns correct count. > [...] > > What is the git commit id of this patch in Linus's tree? > > There is no upstream commit upstream yet. > > @Alakesh: You have to submit your patch to > netfilter-devel@xxxxxxxxxxxxxxx first for review, then patch may be > integrated upstream via nf.git tree. This patch will be passed to > upstream maintainer David S. Miller via pull request, so it will > propagate to the net.git, and then David will pass it up to Linus > again via pull request. > > Telling all this because by when patch shows in Linus git tree, then > we can request inclusion for -stable, not sooner. > > Thanks. Thanks Greg and Pablo for your suggestions! We found this issue on 4.14 stable kernel and hence the fix is based on 4.14. The xt_connlimit module source seemed to have been refactored. At one point I tested 4.18-rc1 and the issue was still present. However I have not tested the most recent one. I will follow your suggestions and try to reproduce the issue in master branch of nf.git tree and in linus's tree and if i cannot reproduce it then I will go ahead and pick the relevant patches for backporting. This patch fixes the issue without bringing in any refactor patches. But that is probably not the right way to go for it. Thanks --Alakesh
