Madhu Koriginja <madhu.koriginja@xxxxxxx> wrote: > Keep the conntrack reference until policy checks have been performed for > IPsec V6 NAT support. The reference needs to be dropped before a packet is > queued to avoid having the conntrack module unloadable. Subject Line should be: [PATCH net] net: netfilter: Keep conntrack reference until IPsecv6 policy checks are done or [PATCH net-next] net: netfilter: Keep .. see below why net-next makes more sense to me. > Signed-off-by: Madhu Koriginja <madhu.koriginja@xxxxxxx> > V1-V2: added missing () in ip6_input.c in below condition > if (!(ipprot->flags & INET6_PROTO_NOPOLICY)) This should appear before your signed-off-by, or > --- > net/dccp/ipv6.c | 1 + ... here. I think its fine to place it here because in this case the mini-changelog doesn't provide any additional context worth keeping in git. Paolo, Jakub, David: This is a bug, but its not a regression either. I would suggest that Madhu resubmits this AFTER net-next re-opens. Madhu, if thats the agreed-upon procedure, you may include Reviewed-by: Florian Westphal <fw@xxxxxxxxx> when you resend this patch as-is.
