summaryrefslogtreecommitdiff
path: root/net/netfilter/nft_flow_offload.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter/nft_flow_offload.c')
-rw-r--r--net/netfilter/nft_flow_offload.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index 187b8cb9a510..6f0b07fe648d 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -298,7 +298,8 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
case IPPROTO_TCP:
tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt),
sizeof(_tcph), &_tcph);
- if (unlikely(!tcph || tcph->fin || tcph->rst))
+ if (unlikely(!tcph || tcph->fin || tcph->rst ||
+ !nf_conntrack_tcp_established(ct)))
goto out;
break;
case IPPROTO_UDP:
generated by cgit (git 2.34.1) at 2024-05-07 13:02:27 +0000