ACK: [SRU][Xenial][PATCH 1/1] Revert "netfilter: synproxy: fix conntrackd interaction"
Colin Ian King
colin.king at canonical.com
Wed Aug 9 21:11:25 UTC 2017
On 09/08/17 22:05, Joseph Salisbury wrote:
> BugLink: http://bugs.launchpad.net/bugs/1709032
>
> This reverts commit 2ad4caea651e1cc0fc86111ece9f9d74de825b78.
> ---
> net/netfilter/nf_conntrack_netlink.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> index e565b2b..9f52729 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -45,8 +45,6 @@
> #include <net/netfilter/nf_conntrack_zones.h>
> #include <net/netfilter/nf_conntrack_timestamp.h>
> #include <net/netfilter/nf_conntrack_labels.h>
> -#include <net/netfilter/nf_conntrack_seqadj.h>
> -#include <net/netfilter/nf_conntrack_synproxy.h>
> #ifdef CONFIG_NF_NAT_NEEDED
> #include <net/netfilter/nf_nat_core.h>
> #include <net/netfilter/nf_nat_l4proto.h>
> @@ -1800,8 +1798,6 @@ ctnetlink_create_conntrack(struct net *net,
> nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
> nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
> nf_ct_labels_ext_add(ct);
> - nfct_seqadj_ext_add(ct);
> - nfct_synproxy_ext_add(ct);
>
> /* we must add conntrack extensions before confirmation. */
> ct->status |= IPS_CONFIRMED;
>
Seems reasonable revert to do to address this issue.
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list