SRU request for LP#239215

Colin Ian King colin.king at
Mon Sep 22 18:20:38 UTC 2008

SRU justification:

Impact: Kernel panics when using 8.0.4 server for a pair of redundant
firewalls with keepalived and conntrackd. Specifically, running
conntrack -c the kernel oops and panics.

Fix: Backport of upstream commits:

 - [NETFILTER]: nf_conntrack: fix ct_extend ->move operation
 - [NETFILTER]: nf_conntrack: replace horrible hack with ksize()
 - netfilter: nf_conntrack: fix ctnetlink related crash in
 - netfilter: nf_nat: fix RCU races


Patch tested in my PPA by Rainer Sabelka:

Attached: The patch

Note: This patch modifies include/net/netfilter/nf_conntrack_extend.h
and is an ABI bumper.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-UBUNTU-netfilter-fix-kernel-panic-from-conntrackd.patch
Type: text/x-patch
Size: 5304 bytes
Desc: not available
URL: <>

More information about the kernel-team mailing list