Do conntrack cleanup in netns which messenger netdevice came from.
Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
---
net/ipv4/netfilter/ipt_MASQUERADE.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -120,16 +120,13 @@ static int masq_device_event(struct notifier_block *this,
{
const struct net_device *dev = ptr;
- if (!net_eq(dev_net(dev), &init_net))
- return NOTIFY_DONE;
-
if (event == NETDEV_DOWN) {
/* Device was downed. Search entire table for
conntracks which were associated with that device,
and forget them. */
NF_CT_ASSERT(dev->ifindex != 0);
- nf_ct_iterate_cleanup(&init_net, device_cmp, (void *)(long)dev->ifindex);
+ nf_ct_iterate_cleanup(dev_net(dev), device_cmp, (void *)(long)dev->ifindex);
}
return NOTIFY_DONE;
--
1.5.4.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
