Sebastian Gottschall <s.gottschall@xxxxxxxxxx> wrote:
> your patch is not clean
Please stop top-posting.
> patching file net/netfilter/nf_nat_core.c
> Hunk #7 succeeded at 550 (offset 6 lines).
> Hunk #8 FAILED at 672.
> Hunk #9 succeeded at 819 (offset 10 lines).
> Hunk #10 succeeded at 852 (offset 10 lines).
> Hunk #11 succeeded at 872 (offset 10 lines).
>
> nf_nat_cleanup_conntrack is wrong
>
> your patch
>
> @@ -672,9 +645,11 @@ EXPORT_SYMBOL_GPL(nf_nat_l3proto_unregister);
> /* No one using conntrack by the time this called. */
> static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
> {
> - if (ct->status & IPS_SRC_NAT_DONE)
> - rhltable_remove(&nf_nat_bysource_table, &ct->nat_bysource,
> - nf_nat_bysource_params);
> + if (ct->status & IPS_SRC_NAT_DONE) {
> + spin_lock_bh(&nf_nat_lock);
> + hlist_del_rcu(&ct->nat_bysource);
> + spin_unlock_bh(&nf_nat_lock);
> + }
> }
It assumes
git cherry-pick 6e699867f84c0f358fed233fe6162173aca28e04
to get the IPS_SRC_NAT_DONE test.