]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 64ac74f) | patch
netfilter: keep conntrack reference until IPsecv6 policy checks are done
authorMadhu Koriginja <madhu.koriginja@nxp.com>
Tue, 21 Mar 2023 15:58:44 +0000 (21:28 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 11 May 2023 14:03:18 +0000 (23:03 +0900)
commit763d1460098b9f7b7a0d9b3cf100f3989bd896aa
treec3dd53a60384530d8d0efb961f9737d6f1d3b09dtree | snapshot
parent64ac74ffdea5483829349f04acac951fedd7e8c0commit | diff
netfilter: keep conntrack reference until IPsecv6 policy checks are done

[ Upstream commit b0e214d212030fe497d4d150bb3474e50ad5d093 ]

Keep the conntrack reference until policy checks have been performed for
IPsec V6 NAT support, just like ipv4.

The reference needs to be dropped before a packet is
queued to avoid having the conntrack module unloadable.

Fixes: 94b04de38f2a ("netfilter: ipv6: add IPv6 NAT support")
Signed-off-by: Madhu Koriginja <madhu.koriginja@nxp.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/dccp/ipv6.c diff | blob | history
net/ipv6/ip6_input.c diff | blob | history
net/ipv6/raw.c diff | blob | history
net/ipv6/tcp_ipv6.c diff | blob | history
net/ipv6/udp.c diff | blob | history
Linux Kernel Source Tree.