Re: [PATCH] [net:netfilter]: Keep conntrack reference until IPsecv6 policy checks are done

[Florian Westphal]

Madhu Koriginja <madhu.koriginja@xxxxxxx> wrote:
> Keep the conntrack reference until policy checks have been performed for
> IPsec V6 NAT support. The reference needs to be dropped before a packet is
> queued to avoid having the conntrack module unloadable.

Subject Line should be:

[PATCH net] net: netfilter: Keep conntrack reference until IPsecv6 policy checks are done
or
[PATCH net-next] net: netfilter: Keep ..

see below why net-next makes more sense to me.

> Signed-off-by: Madhu Koriginja <madhu.koriginja@xxxxxxx>
> 	V1-V2: added missing () in ip6_input.c in below condition
> 	if (!(ipprot->flags & INET6_PROTO_NOPOLICY))

This should appear before your signed-off-by, or 
> ---
>  net/dccp/ipv6.c      |  1 +

... here.

I think its fine to place it here because in this case
the mini-changelog doesn't provide any additional context
worth keeping in git.

Paolo, Jakub, David: This is a bug, but its not a regression
either.  I would suggest that Madhu resubmits this AFTER
net-next re-opens.

Madhu, if thats the agreed-upon procedure, you may include

Reviewed-by: Florian Westphal <fw@xxxxxxxxx>

when you resend this patch as-is.