netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage

gfreewind · ummakynes · commit fe50543c194e · 2017-04-13T23:21:40.000+02:00
Current codes invoke wrongly nf_ct_netns_get in the destroy routine, it should use nf_ct_netns_put, not nf_ct_netns_get. It could cause some modules could not be unloaded. Fixes: ecb2421 ("netfilter: add and use nf_ct_netns_get/put") Signed-off-by: Gao Feng <fgao@ikuai8.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -461,7 +461,7 @@ static void clusterip_tg_destroy(const struct xt_tgdtor_param *par)
 
 	clusterip_config_put(cipinfo->config);
 
-	nf_ct_netns_get(par->net, par->family);
+	nf_ct_netns_put(par->net, par->family);
 }
 
 #ifdef CONFIG_COMPAT

Original file line number	Diff line number	Diff line change
`@@ -461,7 +461,7 @@ static void clusterip_tg_destroy(const struct xt_tgdtor_param *par)`
`461`	`461`
`462`	`462`	`clusterip_config_put(cipinfo->config);`
`463`	`463`
`464`		`- nf_ct_netns_get(par->net, par->family);`
	`464`	`+ nf_ct_netns_put(par->net, par->family);`
`465`	`465`	`}`
`466`	`466`
`467`	`467`	`#ifdef CONFIG_COMPAT`