[PATCH] netfilter: conntrack: fix cloned skb __nf_conntrack_confirm race

From: Chieh-Min Wang For bridge or multicast packets, they could cloned skb with unconfirmed conntrack which break the rule unconfirmed skb->nfct is never shared. With nfqueue running on my system, the race can be easily reproduced with following warning calltrace: [13257.707525] CPU: 0

[PATCH] netfilter: conntrack: fix cloned skb __nf_conntrack_confirm race

From: Chieh-Min Wang For bridge or multicast packets, they could cloned skb with unconfirmed conntrack which break the rule unconfirmed skb->nfct is never shared. With nfqueue running on my system, the race can be easily reproduced with following warning calltrace: [13257.707525] CPU: 0