netfilter: nf_flow_table: conntrack picks up expired flows
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 9 Aug 2019 09:01:33 +0000 (11:01 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 9 Aug 2019 12:41:20 +0000 (14:41 +0200)
commit3e68db2f6422d711550a32cbc87abd97bb6efab3
tree78fcca8a248cf22ee4d0182f36eddce8ff9f919e
parent6a0a8d10a3661a036b55af695542a714c429ab7c
netfilter: nf_flow_table: conntrack picks up expired flows

Update conntrack entry to pick up expired flows, otherwise the conntrack
entry gets stuck with the internal offload timeout (one day). The TCP
state also needs to be adjusted to ESTABLISHED state and tracking is set
to liberal mode in order to give conntrack a chance to pick up the
expired flow.

Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_flow_table_core.c