net: sched: act_connmark: don't zap skb->nfct

This action is meant to be passive, i.e. we should not alter
skb->nfct: If nfct is present just leave it alone.

Compile tested only.

Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c
index 8e472518f9f6856dcd5802c16373b6579f7284eb..295d14bd6c678c31b56219371df83d4ebe3b0a2c 100644 (file)
--- a/net/sched/act_connmark.c
+++ b/net/sched/act_connmark.c
@@ -63,7 +63,6 @@ static int tcf_connmark(struct sk_buff *skb, const struct tc_action *a,
                skb->mark = c->mark;
                /* using overlimits stats to count how many packets marked */
                ca->tcf_qstats.overlimits++;
-               nf_ct_put(c);
                goto out;
        }
 
@@ -82,7 +81,6 @@ static int tcf_connmark(struct sk_buff *skb, const struct tc_action *a,
        nf_ct_put(c);
 
 out:
-       skb->nfct = NULL;
        spin_unlock(&ca->tcf_lock);
        return ca->tcf_action;
 }