GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-28 01:21:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[NETFILTER]: Keep conntrack reference until IPsec policy checks are done

Browse source 
Keep the conntrack reference until policy checks have been performed for
IPsec NAT support. The reference needs to be dropped before a packet is
queued to avoid having the conntrack module unloadable.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2006-01-06 23:06:10 -08:00 committed by David S. Miller
parent 5c901daaea
commit b59c270104
6 changed files with 12 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
net/sctp/input.c
View file

@ -225,6 +225,7 @@ int sctp_rcv(struct sk_buff *skb)
if (!xfrm_policy_check(sk, XFRM_POLICY_IN, skb, family))
goto discard_release;
nf_reset(skb);
ret = sk_filter(sk, skb, 1);
if (ret)