2 files changed, 10 insertions, 0 deletions

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 08cdc71d8e87..016d95ead930 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1526,6 +1526,7 @@ err_extend:
  */
 #define UNCONFIRMED_NULLS_VAL   ((1<<30)+0)
 #define DYING_NULLS_VAL         ((1<<30)+1)
+#define TEMPLATE_NULLS_VAL      ((1<<30)+2)
 
 static int nf_conntrack_init_net(struct net *net)
 {
@@ -1534,6 +1535,7 @@ static int nf_conntrack_init_net(struct net *net)
         atomic_set(&net->ct.count, 0);
         INIT_HLIST_NULLS_HEAD(&net->ct.unconfirmed, UNCONFIRMED_NULLS_VAL);
         INIT_HLIST_NULLS_HEAD(&net->ct.dying, DYING_NULLS_VAL);
+        INIT_HLIST_NULLS_HEAD(&net->ct.tmpl, TEMPLATE_NULLS_VAL);
         net->ct.stat = alloc_percpu(struct ip_conntrack_stat);
         if (!net->ct.stat) {
                 ret = -ENOMEM;
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index ae7f5daeee43..1668f41acc6e 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -149,6 +149,10 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
 
         __set_bit(IPS_TEMPLATE_BIT, &ct->status);
         __set_bit(IPS_CONFIRMED_BIT, &ct->status);
+
+        /* Overload tuple linked list to put us in template list. */
+        hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode,
+                                 &par->net->ct.tmpl);
 out:
         info->ct = ct;
         return 0;
@@ -289,6 +293,10 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
 
         __set_bit(IPS_TEMPLATE_BIT, &ct->status);
         __set_bit(IPS_CONFIRMED_BIT, &ct->status);
+
+        /* Overload tuple linked list to put us in template list. */
+        hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode,
+                                 &par->net->ct.tmpl);
 out:
         info->ct = ct;
         return 0;