search for: ips_seen_reply

...gt;status); conntrack->master =3D expected; expected->sibling =3D conntrack; LIST_DELETE(&ip_conntrack_expect_list, expected); @@ -768,11 +766,11 @@ *set_reply =3D 1; } else { /* Once we've had two way comms, always ESTABLISHED. */ - if (h->ctrack->status & IPS_SEEN_REPLY) { + if (test_bit(IPS_SEEN_REPLY_BIT, &h->ctrack->status)) { DEBUGP("ip_conntrack_in: normal packet for %p\n", h->ctrack); *ctinfo =3D IP_CT_ESTABLISHED; - } else if (h->ctrack->status & IPS_EXPECTED) { + } else if (test_bit(IPS_EXPECTED...

...list_del() now zeros prev and next pointer of list_head, which circumvents is_confirmed() test. This didn't cause troubles to most conntrack entries which disappear by timing out. But as our cache was bypassing some of the connections, the machine was seeing only one way stream of packets (!IPS_SEEN_REPLY). And when the originating host terminates a bypassed connection by sending out RST packets, the corresponding entry is repeatedly removed from hash with death_by_tiemout() and soon confirmed again adding jiffies to expire time every time. Applying the following patch solved the problem. As I...

...*/ 75 .symbols = { 76 SYMBOL("expected", IPS_EXPECTED), 77 SYMBOL("seen-reply", IPS_SEEN_REPLY), 78 SYMBOL("assured", IPS_ASSURED), 79 SYMBOL("confirmed", IPS_CONFIRMED), 80 SYMBOL("snat", IPS_SRC_NAT), 81...