Merge branch 'upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/linville...

[linux-2.6] / net / netfilter / nf_conntrack_core.c

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 62bb509f05d4fc4bf32a7b0eb9db0ff0c8e972c5..d622ddf08bb05d2cc23a2f6c5672d66edadb23aa 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -188,7 +188,7 @@ extern struct nf_conntrack_protocol nf_conntrack_generic_protocol;
 struct nf_conntrack_protocol *
 __nf_ct_proto_find(u_int16_t l3proto, u_int8_t protocol)
 {
-       if (unlikely(nf_ct_protos[l3proto] == NULL))
+       if (unlikely(l3proto >= AF_MAX || nf_ct_protos[l3proto] == NULL))
                return &nf_conntrack_generic_protocol;
 
        return nf_ct_protos[l3proto][protocol];
@@ -1556,6 +1556,8 @@ void nf_conntrack_cleanup(void)
 {
        int i;
 
+       ip_ct_attach = NULL;
+
        /* This makes sure all current packets have passed through
           netfilter framework.  Roll on, two-stage module
           delete... */
@@ -1715,6 +1717,9 @@ int __init nf_conntrack_init(void)
                nf_ct_l3protos[i] = &nf_conntrack_generic_l3proto;
         write_unlock_bh(&nf_conntrack_lock);
 
+       /* For use by REJECT target */
+       ip_ct_attach = __nf_conntrack_attach;
+
        /* Set up fake conntrack:
            - to never be deleted, not in any hashes */
        atomic_set(&nf_conntrack_untracked.ct_general.use, 1);