commit | 5c8ec910e789a92229978d8fd1fce7b62e8ac711 | [log] [tgz] |
---|---|---|
author | Patrick McHardy <kaber@trash.net> | Mon Jun 22 14:14:16 2009 +0200 |
committer | Patrick McHardy <kaber@trash.net> | Mon Jun 22 14:14:16 2009 +0200 |
tree | d24884793a0804bf2f96afac2248189b358b8ae2 | |
parent | 8cc20198cfccd06cef705c14fd50bde603e2e306 [diff] |
netfilter: nf_conntrack: fix confirmation race condition New connection tracking entries are inserted into the hash before they are fully set up, namely the CONFIRMED bit is not set and the timer not started yet. This can theoretically lead to a race with timer, which would set the timeout value to a relative value, most likely already in the past. Perform hash insertion as the final step to fix this. Signed-off-by: Patrick McHardy <kaber@trash.net>