diff options
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index e61511929c66..84f4fcc5884b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -942,8 +942,15 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum, | |||
| 942 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) | 942 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) |
| 943 | nf_conntrack_event_cache(IPCT_REPLY, ct); | 943 | nf_conntrack_event_cache(IPCT_REPLY, ct); |
| 944 | out: | 944 | out: |
| 945 | if (tmpl) | 945 | if (tmpl) { |
| 946 | nf_ct_put(tmpl); | 946 | /* Special case: we have to repeat this hook, assign the |
| 947 | * template again to this packet. We assume that this packet | ||
| 948 | * has no conntrack assigned. This is used by nf_ct_tcp. */ | ||
| 949 | if (ret == NF_REPEAT) | ||
| 950 | skb->nfct = (struct nf_conntrack *)tmpl; | ||
| 951 | else | ||
| 952 | nf_ct_put(tmpl); | ||
| 953 | } | ||
| 947 | 954 | ||
| 948 | return ret; | 955 | return ret; |
| 949 | } | 956 | } |