3 files changed, 8 insertions, 13 deletions
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index bd9272eeccb5..de30e08d58f2 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -322,8 +322,6 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state,
                        if (ret == 0)
                                ret = -EPERM;
                        return ret;
-                case NF_REPEAT:
-                        continue;
                case NF_QUEUE:
                        ret = nf_queue(skb, state, &entry, verdict);
                        if (ret == 1 && entry)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index df2f5a3901df..de4b8a75f30b 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1305,7 +1305,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
                if (skb->nfct)
                        goto out;
        }
+repeat:
        ct = resolve_normal_ct(net, tmpl, skb, dataoff, pf, protonum,
                               l3proto, l4proto, &set_reply, &ctinfo);
        if (!ct) {
@@ -1345,11 +1345,12 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
                nf_conntrack_event_cache(IPCT_REPLY, ct);
 out:
        if (tmpl) {
-                /* Special case: we have to repeat this hook, assign the
+                /* Special case: TCP tracker reports an attempt to reopen a
-                 * template again to this packet. We assume that this packet
+                 * closed/aborted connection. We have to go back and create a
-                 * has no conntrack assigned. This is used by nf_ct_tcp. */
+                 * fresh conntrack.
+                 */
                if (ret == NF_REPEAT)
-                        skb->nfct = (struct nf_conntrack *)tmpl;
+                        goto repeat;
                else
                        nf_ct_put(tmpl);
        }
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 31045ef44a82..9b8a028b7dad 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -725,12 +725,8 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
                        skb->nfctinfo = IP_CT_NEW;
                }
-                /* Repeat if requested, see nf_iterate(). */
+                err = nf_conntrack_in(net, info->family,
-                do {
+                                      NF_INET_PRE_ROUTING, skb);
-                        err = nf_conntrack_in(net, info->family,
-                                              NF_INET_PRE_ROUTING, skb);
-                } while (err == NF_REPEAT);
                if (err != NF_ACCEPT)
                        return -ENOENT;

diff --git a/net/netfilter/core.c b/net/netfilter/core.c index bd9272eeccb5..de30e08d58f2 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c
@@ -322,8 +322,6 @@ int nf_hook_slow(struct sk_buff skb, struct nf_hook_state state,
322	if (ret == 0)	322	if (ret == 0)
323	ret = -EPERM;	323	ret = -EPERM;
324	return ret;	324	return ret;
325	case NF_REPEAT:
326	continue;
327	case NF_QUEUE:	325	case NF_QUEUE:
328	ret = nf_queue(skb, state, &entry, verdict);	326	ret = nf_queue(skb, state, &entry, verdict);
329	if (ret == 1 && entry)	327	if (ret == 1 && entry)


diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index df2f5a3901df..de4b8a75f30b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c
@@ -1305,7 +1305,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
1305	if (skb->nfct)	1305	if (skb->nfct)
1306	goto out;	1306	goto out;
1307	}	1307	}
1308		1308	repeat:
1309	ct = resolve_normal_ct(net, tmpl, skb, dataoff, pf, protonum,	1309	ct = resolve_normal_ct(net, tmpl, skb, dataoff, pf, protonum,
1310	l3proto, l4proto, &set_reply, &ctinfo);	1310	l3proto, l4proto, &set_reply, &ctinfo);
1311	if (!ct) {	1311	if (!ct) {
@@ -1345,11 +1345,12 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
1345	nf_conntrack_event_cache(IPCT_REPLY, ct);	1345	nf_conntrack_event_cache(IPCT_REPLY, ct);
1346	out:	1346	out:
1347	if (tmpl) {	1347	if (tmpl) {
1348	/* Special case: we have to repeat this hook, assign the	1348	/* Special case: TCP tracker reports an attempt to reopen a
1349	* template again to this packet. We assume that this packet	1349	* closed/aborted connection. We have to go back and create a
1350	* has no conntrack assigned. This is used by nf_ct_tcp. */	1350	* fresh conntrack.
		1351	*/
1351	if (ret == NF_REPEAT)	1352	if (ret == NF_REPEAT)
1352	skb->nfct = (struct nf_conntrack *)tmpl;	1353	goto repeat;
1353	else	1354	else
1354	nf_ct_put(tmpl);	1355	nf_ct_put(tmpl);
1355	}	1356	}


diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 31045ef44a82..9b8a028b7dad 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c
@@ -725,12 +725,8 @@ static int __ovs_ct_lookup(struct net net, struct sw_flow_key key,
725	skb->nfctinfo = IP_CT_NEW;	725	skb->nfctinfo = IP_CT_NEW;
726	}	726	}
727		727
728	/* Repeat if requested, see nf_iterate(). */	728	err = nf_conntrack_in(net, info->family,
729	do {	729	NF_INET_PRE_ROUTING, skb);
730	err = nf_conntrack_in(net, info->family,
731	NF_INET_PRE_ROUTING, skb);
732	} while (err == NF_REPEAT);
733
734	if (err != NF_ACCEPT)	730	if (err != NF_ACCEPT)
735	return -ENOENT;	731	return -ENOENT;
736		732