[SRU,Xenial,1/1] Revert "netfilter: synproxy: fix conntrackd interaction"

Message ID 36a9cbc7a972dc233ebb3918c513030267057ac3.1502312354.git.joseph.salisbury@canonical.com
State New
Headers show

Commit Message

Joseph Salisbury Aug. 9, 2017, 9:05 p.m.
BugLink: http://bugs.launchpad.net/bugs/1709032

This reverts commit 2ad4caea651e1cc0fc86111ece9f9d74de825b78.
---
 net/netfilter/nf_conntrack_netlink.c | 4 ----
 1 file changed, 4 deletions(-)

Comments

Colin Ian King Aug. 9, 2017, 9:11 p.m. | #1
On 09/08/17 22:05, Joseph Salisbury wrote:
> BugLink: http://bugs.launchpad.net/bugs/1709032
> 
> This reverts commit 2ad4caea651e1cc0fc86111ece9f9d74de825b78.
> ---
>  net/netfilter/nf_conntrack_netlink.c | 4 ----
>  1 file changed, 4 deletions(-)
> 
> diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> index e565b2b..9f52729 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -45,8 +45,6 @@
>  #include <net/netfilter/nf_conntrack_zones.h>
>  #include <net/netfilter/nf_conntrack_timestamp.h>
>  #include <net/netfilter/nf_conntrack_labels.h>
> -#include <net/netfilter/nf_conntrack_seqadj.h>
> -#include <net/netfilter/nf_conntrack_synproxy.h>
>  #ifdef CONFIG_NF_NAT_NEEDED
>  #include <net/netfilter/nf_nat_core.h>
>  #include <net/netfilter/nf_nat_l4proto.h>
> @@ -1800,8 +1798,6 @@ ctnetlink_create_conntrack(struct net *net,
>  	nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
>  	nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
>  	nf_ct_labels_ext_add(ct);
> -	nfct_seqadj_ext_add(ct);
> -	nfct_synproxy_ext_add(ct);
>  
>  	/* we must add conntrack extensions before confirmation. */
>  	ct->status |= IPS_CONFIRMED;
> 

Seems reasonable revert to do to address this issue.

Acked-by: Colin Ian King <colin.king@canonical.com>
Kleber Souza Aug. 11, 2017, 10:44 a.m. | #2
Applied on xenial/master-next branch. Thanks.

Patch

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index e565b2b..9f52729 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -45,8 +45,6 @@ 
 #include <net/netfilter/nf_conntrack_zones.h>
 #include <net/netfilter/nf_conntrack_timestamp.h>
 #include <net/netfilter/nf_conntrack_labels.h>
-#include <net/netfilter/nf_conntrack_seqadj.h>
-#include <net/netfilter/nf_conntrack_synproxy.h>
 #ifdef CONFIG_NF_NAT_NEEDED
 #include <net/netfilter/nf_nat_core.h>
 #include <net/netfilter/nf_nat_l4proto.h>
@@ -1800,8 +1798,6 @@  ctnetlink_create_conntrack(struct net *net,
 	nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
 	nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
 	nf_ct_labels_ext_add(ct);
-	nfct_seqadj_ext_add(ct);
-	nfct_synproxy_ext_add(ct);
 
 	/* we must add conntrack extensions before confirmation. */
 	ct->status |= IPS_CONFIRMED;