• Patrick McHardy's avatar
    [NETFILTER]: Fix connection tracking bug in 2.6.12 · 9666dae5
    Patrick McHardy authored
    In 2.6.12 we started dropping the conntrack reference when a packet
    leaves the IP layer. This broke connection tracking on a bridge,
    because bridge-netfilter defers calling some NF_IP_* hooks to the bridge
    layer for locally generated packets going out a bridge, where the
    conntrack reference is no longer available. This patch keeps the
    reference in this case as a temporary solution, long term we will
    remove the defered hook calling. No attempt is made to drop the
    reference in the bridge-code when it is no longer needed, tc actions
    could already have sent the packet anywhere.
    Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    9666dae5
ip_output.c 32.9 KB