Skip to content
Commit 9ec9a975 authored by Florian Westphal's avatar Florian Westphal Committed by Greg Kroah-Hartman
Browse files

netfilter: nf_nat_masquerade: defer conntrack walk to work queue



[ Upstream commit 7970a19b ]

The ipv4 and device notifiers are called with RTNL mutex held.
The table walk can take some time, better not block other RTNL users.

'ip a' has been reported to block for up to 20 seconds when conntrack table
has many entries and device down events are frequent (e.g., PPP).

Reported-and-tested-by: default avatarMartin Zaharinov <micron10@gmail.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 5182d6db
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment