4 files changed, 4 insertions, 4 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_core.h b/include/linux/netfilter_ipv4/ip_conntrack_core.h
index 907d4f5ca5dc..e3a6df07aa4b 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_core.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_core.h
@@ -45,7 +45,7 @@ static inline int ip_conntrack_confirm(struct sk_buff **pskb)
        int ret = NF_ACCEPT;
        if (ct) {
-                if (!is_confirmed(ct))
+                if (!is_confirmed(ct) && !is_dying(ct))
                        ret = __ip_conntrack_confirm(pskb);
                ip_ct_deliver_cached_events(ct);
        }
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 7fdc72c01356..85634e1865c3 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -64,7 +64,7 @@ static inline int nf_conntrack_confirm(struct sk_buff **pskb)
        int ret = NF_ACCEPT;
        if (ct) {
-                if (!nf_ct_is_confirmed(ct))
+                if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
                        ret = __nf_conntrack_confirm(pskb);
                nf_ct_deliver_cached_events(ct);
        }
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 07ba1dd136b5..23b99ae2cc37 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1254,7 +1254,7 @@ get_next_corpse(int (*iter)(struct ip_conntrack *i, void *data),
        list_for_each_entry(h, &unconfirmed, list) {
                ct = tuplehash_to_ctrack(h);
                if (iter(ct, data))
-                        goto found;
+                        set_bit(IPS_DYING_BIT, &ct->status);
        }
        write_unlock_bh(&ip_conntrack_lock);
        return NULL;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 32891ebc9e68..4fdf4849baf8 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1070,7 +1070,7 @@ get_next_corpse(int (*iter)(struct nf_conn *i, void *data),
        list_for_each_entry(h, &unconfirmed, list) {
                ct = nf_ct_tuplehash_to_ctrack(h);
                if (iter(ct, data))
-                        goto found;
+                        set_bit(IPS_DYING_BIT, &ct->status);
        }
        write_unlock_bh(&nf_conntrack_lock);
        return NULL;

diff --git a/include/linux/netfilter_ipv4/ip_conntrack_core.h b/include/linux/netfilter_ipv4/ip_conntrack_core.h index 907d4f5ca5dc..e3a6df07aa4b 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_core.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_core.h
@@ -45,7 +45,7 @@ static inline int ip_conntrack_confirm(struct sk_buff **pskb)
45	int ret = NF_ACCEPT;	45	int ret = NF_ACCEPT;
46		46
47	if (ct) {	47	if (ct) {
48	if (!is_confirmed(ct))	48	if (!is_confirmed(ct) && !is_dying(ct))
49	ret = __ip_conntrack_confirm(pskb);	49	ret = __ip_conntrack_confirm(pskb);
50	ip_ct_deliver_cached_events(ct);	50	ip_ct_deliver_cached_events(ct);
51	}	51	}


diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 7fdc72c01356..85634e1865c3 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h
@@ -64,7 +64,7 @@ static inline int nf_conntrack_confirm(struct sk_buff **pskb)
64	int ret = NF_ACCEPT;	64	int ret = NF_ACCEPT;
65		65
66	if (ct) {	66	if (ct) {
67	if (!nf_ct_is_confirmed(ct))	67	if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
68	ret = __nf_conntrack_confirm(pskb);	68	ret = __nf_conntrack_confirm(pskb);
69	nf_ct_deliver_cached_events(ct);	69	nf_ct_deliver_cached_events(ct);
70	}	70	}


diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 07ba1dd136b5..23b99ae2cc37 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1254,7 +1254,7 @@ get_next_corpse(int (iter)(struct ip_conntrack i, void *data),
1254	list_for_each_entry(h, &unconfirmed, list) {	1254	list_for_each_entry(h, &unconfirmed, list) {
1255	ct = tuplehash_to_ctrack(h);	1255	ct = tuplehash_to_ctrack(h);
1256	if (iter(ct, data))	1256	if (iter(ct, data))
1257	goto found;	1257	set_bit(IPS_DYING_BIT, &ct->status);
1258	}	1258	}
1259	write_unlock_bh(&ip_conntrack_lock);	1259	write_unlock_bh(&ip_conntrack_lock);
1260	return NULL;	1260	return NULL;


diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 32891ebc9e68..4fdf4849baf8 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c
@@ -1070,7 +1070,7 @@ get_next_corpse(int (iter)(struct nf_conn i, void *data),
1070	list_for_each_entry(h, &unconfirmed, list) {	1070	list_for_each_entry(h, &unconfirmed, list) {
1071	ct = nf_ct_tuplehash_to_ctrack(h);	1071	ct = nf_ct_tuplehash_to_ctrack(h);
1072	if (iter(ct, data))	1072	if (iter(ct, data))
1073	goto found;	1073	set_bit(IPS_DYING_BIT, &ct->status);
1074	}	1074	}
1075	write_unlock_bh(&nf_conntrack_lock);	1075	write_unlock_bh(&nf_conntrack_lock);
1076	return NULL;	1076	return NULL;