diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 30ab7b6ab761..38f69532a029 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -195,6 +195,8 @@ static inline int ip_finish_output2(struct sk_buff *skb) nf_debug_ip_finish_output2(skb); #endif /*CONFIG_NETFILTER_DEBUG*/ + nf_reset(skb); + if (hh) { int hh_alen; diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 0c29ccf62a89..46ca45f74d85 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c @@ -431,13 +431,6 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum, const struct net_device *out, int (*okfn)(struct sk_buff *)) { -#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE) - /* Previously seen (loopback)? Ignore. Do this before - fragment check. */ - if ((*pskb)->nfct) - return NF_ACCEPT; -#endif - /* Gather fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { *pskb = ip_ct_gather_frags(*pskb,