On Fri, Mar 03, 2023 at 10:58:56AM +0100, Florian Westphal wrote: > The xtables packet traverser performs an unconditional local_bh_disable(), > but the nf_tables evaluation loop does not. > > Functions that are called from either xtables or nftables must assume > that they can be called in process context. > > inet_twsk_deschedule_put() assumes that no softirq interrupt can occur. > If tproxy is used from nf_tables its possible that we'll deadlock > trying to aquire a lock already held in process context. > > Add a small helper that takes care of this and use it. Applied, thanks
