[NETFILTER]: Clean NAT status bits on module unload

another patch which I think should go in 2.6.11, it fixes a crash
when unloading, then reloading iptable_nat.

ip_nat_core doesn't clear the status bits in struct ip_conntrack on
module unload, but zeroes out the nat area. When the module is loaded
again and a connection times out ip_nat_cleanup_conntrack tries to
list_del the zeroed list-head and crashes. There are probably more
conditions under which it can crash or cause other misbehaviour.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index af59256d9fe49cdae716f948940275abcb5def64..162ceacfc29a86f8f0f44886a5c5f9d4c4601f30 100644 (file)
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -543,6 +543,7 @@ int __init ip_nat_init(void)
 static int clean_nat(struct ip_conntrack *i, void *data)
 {
        memset(&i->nat, 0, sizeof(i->nat));
+       i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | IPS_SEQ_ADJUST);
        return 0;
 }