From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 2 Sep 2019 17:37:43 +0000 (+0200)
Subject: netfilter: nf_flow_table: set default timeout after successful insertion
X-Git-Tag: v5.2.17~120
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=7902ff2b8c97277e242229af2c5bd794283c15ec;p=users%2Fdwmw2%2Flinux.git

netfilter: nf_flow_table: set default timeout after successful insertion

commit 110e48725db6262f260f10727d0fb2d3d25895e4 upstream.

Set up the default timeout for this new entry otherwise the garbage
collector might quickly remove it right after the flowtable insertion.

Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 49248fe5847a1..55106bebf2b58 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -218,7 +218,7 @@ int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
 		return err;
 	}
 
-	flow->timeout = (u32)jiffies;
+	flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT;
 	return 0;
 }
 EXPORT_SYMBOL_GPL(flow_offload_add);