projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 36ce998) | patch
netfilter: keep conntrack reference until IPsecv6 policy checks are done
authorMadhu Koriginja <madhu.koriginja@nxp.com>
Tue, 21 Mar 2023 15:58:44 +0000 (21:28 +0530)
committerFlorian Westphal <fw@strlen.de>
Wed, 22 Mar 2023 20:50:23 +0000 (21:50 +0100)
commitb0e214d212030fe497d4d150bb3474e50ad5d093
tree21c0b2358d1100e938e8b12f50a9d4be1860c779tree | snapshot
parent36ce9982ef2fb63fdf39996900866965d71f5a5ecommit | diff
netfilter: keep conntrack reference until IPsecv6 policy checks are done

Keep the conntrack reference until policy checks have been performed for
IPsec V6 NAT support, just like ipv4.

The reference needs to be dropped before a packet is
queued to avoid having the conntrack module unloadable.

Fixes: 58a317f1061c ("netfilter: ipv6: add IPv6 NAT support")
Signed-off-by: Madhu Koriginja <madhu.koriginja@nxp.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
net/dccp/ipv6.c diff | blob | blame | history
net/ipv6/ip6_input.c diff | blob | blame | history
net/ipv6/raw.c diff | blob | blame | history
net/ipv6/tcp_ipv6.c diff | blob | blame | history
net/ipv6/udp.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)