From: Gao Feng <fgao@ikuai8.com>
Date: Thu, 6 Apr 2017 01:45:22 +0000 (+0800)
Subject: netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage
X-Git-Tag: v6.6-pxa1908~16892^2^2
X-Git-Url: https://git.dujemihanovic.xyz/?a=commitdiff_plain;h=fe50543c194e2e1aee2f3eba41fcafd187b3dbde;p=linux.git

netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage

Current codes invoke wrongly nf_ct_netns_get in the destroy routine,
it should use nf_ct_netns_put, not nf_ct_netns_get.
It could cause some modules could not be unloaded.

Fixes: ecb2421b5ddf ("netfilter: add and use nf_ct_netns_get/put")
Signed-off-by: Gao Feng <fgao@ikuai8.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 52f26459efc3..9b8841316e7b 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -461,7 +461,7 @@ static void clusterip_tg_destroy(const struct xt_tgdtor_param *par)
 
 	clusterip_config_put(cipinfo->config);
 
-	nf_ct_netns_get(par->net, par->family);
+	nf_ct_netns_put(par->net, par->family);
 }
 
 #ifdef CONFIG_COMPAT