netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage
authorGao Feng <fgao@ikuai8.com>
Thu, 6 Apr 2017 01:45:22 +0000 (09:45 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 13 Apr 2017 21:21:40 +0000 (23:21 +0200)
Current codes invoke wrongly nf_ct_netns_get in the destroy routine,
it should use nf_ct_netns_put, not nf_ct_netns_get.
It could cause some modules could not be unloaded.

Fixes: ecb2421b5ddf ("netfilter: add and use nf_ct_netns_get/put")
Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/ipt_CLUSTERIP.c

index 52f26459efc345a8a0c00d356306fb5fd398547e..9b8841316e7b94e375cc52d0dfd7f9fe89205195 100644 (file)
@@ -461,7 +461,7 @@ static void clusterip_tg_destroy(const struct xt_tgdtor_param *par)
 
        clusterip_config_put(cipinfo->config);
 
-       nf_ct_netns_get(par->net, par->family);
+       nf_ct_netns_put(par->net, par->family);
 }
 
 #ifdef CONFIG_COMPAT