Merge tag 'v4.4.157' into linux-linaro-lsk-v4.4

This is the 4.4.157 stable release
author: Mark Brown <broonie@kernel.org> 2018-09-20 08:35:34 -0700
committer: Mark Brown <broonie@kernel.org> 2018-09-20 08:35:34 -0700
commit: f4150b38acaa292e9efa1e0d82a3d8bdfdbec658 (patch)
tree: 672578a0f65a3315ad6e5354fecbf916fad108db /net/netfilter/ipvs/ip_vs_core.c
parent: ff05cdd619ab422b5380f56d19603bc51aca97a5 (diff)
parent: d9560919689d588beccf719452086b5cdf6d6c22 (diff)
1 files changed, 11 insertions, 4 deletions
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index dd1649caa2b2..ac212542a217 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1809,13 +1809,20 @@ ip_vs_in(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb, int
 	if (cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) {
 		/* the destination server is not available */
 
-		if (sysctl_expire_nodest_conn(ipvs)) {
+		__u32 flags = cp->flags;
+
+		/* when timer already started, silently drop the packet.*/
+		if (timer_pending(&cp->timer))
+			__ip_vs_conn_put(cp);
+		else
+			ip_vs_conn_put(cp);
+
+		if (sysctl_expire_nodest_conn(ipvs) &&
+		    !(flags & IP_VS_CONN_F_ONE_PACKET)) {
 			/* try to expire the connection immediately */
 			ip_vs_conn_expire_now(cp);
 		}
-		/* don't restart its timer, and silently
-		   drop the packet. */
-		__ip_vs_conn_put(cp);
+
 		return NF_DROP;
 	}
author	Mark Brown <broonie@kernel.org>	2018-09-20 08:35:34 -0700
committer	Mark Brown <broonie@kernel.org>	2018-09-20 08:35:34 -0700
commit	f4150b38acaa292e9efa1e0d82a3d8bdfdbec658 (patch)
tree	672578a0f65a3315ad6e5354fecbf916fad108db /net/netfilter/ipvs/ip_vs_core.c
parent	ff05cdd619ab422b5380f56d19603bc51aca97a5 (diff)
parent	d9560919689d588beccf719452086b5cdf6d6c22 (diff)