# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2005/03/28 22:23:34+02:00 kernel@linuxace.com 
#   [NETFILTER]: Drop conntrack reference when packet leaves IP
#   
#   In the event a raw socket is created for sending purposes only, the creator
#   never bothers to check the socket's receive queue.  But we continue to
#   add skbs to its queue until it fills up.
#   
#   Unfortunately, if ip_conntrack is loaded on the box, each skb we add to the
#   queue potentially holds a reference to a conntrack.  If the user attempts
#   to unload ip_conntrack, we will spin around forever since the queued skbs
#   are pinned.
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/ipv4/netfilter/ip_conntrack_standalone.c
#   2005/03/28 22:23:25+02:00 kernel@linuxace.com +0 -7
#   [NETFILTER]: Drop conntrack reference when packet leaves IP
#   
#   In the event a raw socket is created for sending purposes only, the creator
#   never bothers to check the socket's receive queue.  But we continue to
#   add skbs to its queue until it fills up.
#   
#   Unfortunately, if ip_conntrack is loaded on the box, each skb we add to the
#   queue potentially holds a reference to a conntrack.  If the user attempts
#   to unload ip_conntrack, we will spin around forever since the queued skbs
#   are pinned.
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/ipv4/ip_output.c
#   2005/03/28 22:23:25+02:00 kernel@linuxace.com +2 -0
#   [NETFILTER]: Drop conntrack reference when packet leaves IP
#   
#   In the event a raw socket is created for sending purposes only, the creator
#   never bothers to check the socket's receive queue.  But we continue to
#   add skbs to its queue until it fills up.
#   
#   Unfortunately, if ip_conntrack is loaded on the box, each skb we add to the
#   queue potentially holds a reference to a conntrack.  If the user attempts
#   to unload ip_conntrack, we will spin around forever since the queued skbs
#   are pinned.
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
diff -Nru a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
--- a/net/ipv4/ip_output.c	2005-04-18 04:00:03 +02:00
+++ b/net/ipv4/ip_output.c	2005-04-18 04:00:03 +02:00
@@ -195,6 +195,8 @@
 	nf_debug_ip_finish_output2(skb);
 #endif /*CONFIG_NETFILTER_DEBUG*/
 
+	nf_reset(skb);
+
 	if (hh) {
 		int hh_alen;
 
diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-04-18 04:00:03 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-04-18 04:00:03 +02:00
@@ -423,13 +423,6 @@
 				        const struct net_device *out,
 				        int (*okfn)(struct sk_buff *))
 {
-#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE)
-	/* Previously seen (loopback)?  Ignore.  Do this before
-           fragment check. */
-	if ((*pskb)->nfct)
-		return NF_ACCEPT;
-#endif
-
 	/* Gather fragments. */
 	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
 		*pskb = ip_ct_gather_frags(*pskb,