[NETFILTER]: Drop conntrack reference in ip_call_ra_chain()/ip_mr_input()
Drop reference before handing the packets to raw_rcv()
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 2b7485e..af2ec88 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -184,6 +184,7 @@
raw_rcv(last, skb2);
}
last = sk;
+ nf_reset(skb);
}
}
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index e21c049..e4f809a 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1350,6 +1350,7 @@
*/
read_lock(&mrt_lock);
if (mroute_socket) {
+ nf_reset(skb);
raw_rcv(mroute_socket, skb);
read_unlock(&mrt_lock);
return 0;