From 277bd7049121bc1eee46d36584681e072338eae7 Mon Sep 17 00:00:00 2001
From: Tom Wilkie <tomwilkie@users.noreply.github.com>
Date: Fri, 27 May 2016 11:25:42 +0100
Subject: [PATCH] Don't every store NEW conntrack flows (only every store
 updates). (#1541)

This closes a small window where we might produce reports which contain flows that are NEW but have never seen an UPDATE, which can potentially be invalid.
---
 probe/endpoint/conntrack.go | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/probe/endpoint/conntrack.go b/probe/endpoint/conntrack.go
index ab819e74c5..00e03daca9 100644
--- a/probe/endpoint/conntrack.go
+++ b/probe/endpoint/conntrack.go
@@ -305,8 +305,10 @@ func (c *conntrackWalker) handleFlow(f flow, forceAdd bool) {
 	c.Lock()
 	defer c.Unlock()
 
+	// Ignore flows for which we never saw an update; they are likely
+	// incomplete or wrong.  See #1462.
 	switch {
-	case forceAdd || f.Type == newType || f.Type == updateType:
+	case forceAdd || f.Type == updateType:
 		if f.Independent.State != timeWait {
 			c.activeFlows[f.Independent.ID] = f
 		} else if _, ok := c.activeFlows[f.Independent.ID]; ok {
@@ -316,11 +318,7 @@ func (c *conntrackWalker) handleFlow(f flow, forceAdd bool) {
 	case f.Type == destroyType:
 		if active, ok := c.activeFlows[f.Independent.ID]; ok {
 			delete(c.activeFlows, f.Independent.ID)
-			// Ignore flows for which we never saw an update; they are likely
-			// incomplete or wrong.  See #1462.
-			if active.Type == updateType {
-				c.bufferedFlows = append(c.bufferedFlows, active)
-			}
+			c.bufferedFlows = append(c.bufferedFlows, active)
 		}
 	}
 }