diff options
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index e61511929c66..84f4fcc5884b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -942,8 +942,15 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum, | |||
942 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) | 942 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) |
943 | nf_conntrack_event_cache(IPCT_REPLY, ct); | 943 | nf_conntrack_event_cache(IPCT_REPLY, ct); |
944 | out: | 944 | out: |
945 | if (tmpl) | 945 | if (tmpl) { |
946 | nf_ct_put(tmpl); | 946 | /* Special case: we have to repeat this hook, assign the |
947 | * template again to this packet. We assume that this packet | ||
948 | * has no conntrack assigned. This is used by nf_ct_tcp. */ | ||
949 | if (ret == NF_REPEAT) | ||
950 | skb->nfct = (struct nf_conntrack *)tmpl; | ||
951 | else | ||
952 | nf_ct_put(tmpl); | ||
953 | } | ||
947 | 954 | ||
948 | return ret; | 955 | return ret; |
949 | } | 956 | } |