netfilter: nf_conntrack: fix event flooding in GRE protocol tracker

GRE connections cause ctnetlink event flood because the ASSURED event is set for every packet received. Reported-by: N Denys Fedoryshchenko <denys@visp.net.lb> Tested-by: N Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: N Florian Westphal <fw@strlen.de> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_conntrack: fix event flooding in GRE protocol tracker
GRE connections cause ctnetlink event flood because the ASSURED event is set for every packet received. Reported-by: N Denys Fedoryshchenko <denys@visp.net.lb> Tested-by: N Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: N Florian Westphal <fw@strlen.de> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
98d9ae84 · Florian Westphal · Pablo Neira Ayuso · b582ad8e · 98d9ae84
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

net/netfilter/nf_conntrack_proto_gre.c net/netfilter/nf_conntrack_proto_gre.c +2 -2

未找到文件。
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -241,8 +241,8 @@ static int gre_packet(struct nf_conn *ct,
 		nf_ct_refresh_acct(ct, ctinfo, skb,
 				   ct->proto.gre.stream_timeout);
 		/* Also, more likely to be important, and not a probe. */
-		set_bit(IPS_ASSURED_BIT, &ct->status);
-		nf_conntrack_event_cache(IPCT_ASSURED, ct);
+		if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
+			nf_conntrack_event_cache(IPCT_ASSURED, ct);
 	} else
 		nf_ct_refresh_acct(ct, ctinfo, skb,
 				   ct->proto.gre.timeout);