On Wed, Nov 21, 2018 at 01:51:31AM +0100, Florian Westphal wrote:
Alakesh Haloi alakeshh@amazon.com wrote:
Thanks Greg and Pablo for your suggestions! We found this issue on 4.14 stable kernel and hence the fix is based on 4.14. The xt_connlimit module source seemed to have been refactored. At one point I tested 4.18-rc1 and the issue was still present. However I have not tested the most recent one. I will follow your suggestions and try to reproduce the issue in master branch of nf.git tree and in linus's tree and if i cannot reproduce it then I will go ahead and pick the relevant patches for backporting. This patch fixes the issue without bringing in any refactor patches. But that is probably not the right way to go for it.
Actually it might be needed, the changes in upstream are pretty invasive.
So, in case you can reproduce this with nf.git or linus tree it would be great if you could send a fix for nf.git.
But In case you can't reproduce, its possible your patch is still needed for stable.
Thanks Florian! I have tested linus's tree and i do not see the issue happening there. I have not been able to test nf.git yet. Do you suggest that I should start working on backporting relevant patches from mainline or it should be possible to apply this patch to stable branches directly?