From 99579db1ef1da95d98245e5e9add8243040f68e3 Mon Sep 17 00:00:00 2001
From: xieping <xpinglsr@gmail.com>
Date: Mon, 5 Feb 2018 19:07:22 +0800
Subject: [PATCH] linux 2.6.36 netfilter conntrack: Fix conntrack table full error when low
 memory

net->ct.count will be increased at the beginning of nf_conntrack_alloc. For
nf_ct_zone = nf_ct_ext_add(ct, NF_CT_EXT_ZONE, GFP_ATOMIC) when in low memory,
 nf_ct_zone will be NULL and goto out_free . In this case, net->ct.count should
be decreased.

Signed-off-by: xieping <xpinglsr@gmail.com>
---
 net/netfilter/nf_conntrack_core.c |    1 +
 1 file changed, 1 insertion(+)
 mode change 100644 => 100755 net/netfilter/nf_conntrack_core.c

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
old mode 100644
new mode 100755
index a37a6b1..c16ee44
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -639,6 +639,7 @@ struct nf_conn *nf_conntrack_alloc(struct net *net, u16 zone,
 
 #ifdef CONFIG_NF_CONNTRACK_ZONES
 out_free:
+	atomic_dec(&net->ct.count);
 	kmem_cache_free(net->ct.nf_conntrack_cachep, ct);
 	return ERR_PTR(-ENOMEM);
 #endif
-- 
1.7.9.5