Hi Dave!

This is the 5th of my 2.6 merge of recent bugfixes (all tested against
2.6.0-test7).  You might need to apply them incrementally (didn't test
it in a different order).

Author: Adrian Bunk <bunk@fs.tum.de>, Harald Welte <laforge@netfilter.org>

Add the missing Configure.help entry for ipt_recent

Please apply,

diff -Nru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' --exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude '*.mod.c' --exclude '*~' linux-2.6.0-test1-nftest4/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.0-test1-nftest5/net/ipv4/netfilter/ip_conntrack_core.c
--- linux-2.6.0-test1-nftest4/net/ipv4/netfilter/ip_conntrack_core.c	2003-07-14 05:28:52.000000000 +0200
+++ linux-2.6.0-test1-nftest5/net/ipv4/netfilter/ip_conntrack_core.c	2003-07-19 16:36:58.000000000 +0200
@@ -251,7 +251,7 @@
 }
 
 /* delete all unconfirmed expectations for this conntrack */
-static void remove_expectations(struct ip_conntrack *ct)
+static void remove_expectations(struct ip_conntrack *ct, int drop_refcount)
 {
 	struct list_head *exp_entry, *next;
 	struct ip_conntrack_expect *exp;
@@ -266,8 +266,11 @@
 		 * the un-established ones only */
 		if (exp->sibling) {
 			DEBUGP("remove_expectations: skipping established %p of %p\n", exp->sibling, ct);
-			/* Indicate that this expectations parent is dead */
-			exp->expectant = NULL;
+			if (drop_refcount) {
+				/* Indicate that this expectations parent is dead */
+				ip_conntrack_put(exp->expectant);
+				exp->expectant = NULL;
+			}
 			continue;
 		}
 
@@ -292,7 +295,7 @@
 		    &ct->tuplehash[IP_CT_DIR_REPLY]);
 
 	/* Destroy all un-established, pending expectations */
-	remove_expectations(ct);
+	remove_expectations(ct, 1);
 }
 
 static void
@@ -1117,7 +1120,7 @@
 {
 	if (i->ctrack->helper == me) {
 		/* Get rid of any expected. */
-		remove_expectations(i->ctrack);
+		remove_expectations(i->ctrack, 0);
 		/* And *then* set helper to NULL */
 		i->ctrack->helper = NULL;
 	}

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie