From 3797412e6a2b65e9c9b832cce8cb32500b920d1d Mon Sep 17 00:00:00 2001
From: Liang Mancang <liangmc1@chinatelecom.cn>
Date: Tue, 21 Feb 2023 17:19:01 +0800
Subject: conntrack: Fix conntrack_clean may access the same exp_list each
 time.

when a exp_list contains more than the clean_end's number of nodes,
and these nodes will not expire immediately. Then, every times we
call conntrack_clean, it use the same next_sweep to get exp_list.

Actually, we should add i every times after we call ct_sweep.

Fixes: 3d9c1b855a5f ("conntrack: Replace timeout based expiration lists with rculists.")
Acked-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Liang Mancang <liangmc1@chinatelecom.cn>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
 lib/conntrack.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/conntrack.c b/lib/conntrack.c
index 33ea419a7..8e101c50e 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -1512,12 +1512,12 @@ conntrack_clean(struct conntrack *ct, long long now)
     clean_end = n_conn_limit / 64;
 
     for (i = ct->next_sweep; i < N_EXP_LISTS; i++) {
-        count += ct_sweep(ct, &ct->exp_lists[i], now);
-
         if (count > clean_end) {
             next_wakeup = 0;
             break;
         }
+
+        count += ct_sweep(ct, &ct->exp_lists[i], now);
     }
 
     ct->next_sweep = (i < N_EXP_LISTS) ? i : 0;
-- 
cgit v1.2.1