Revert "netfilter: nf_tables: prevent nf_skb_duplicated corruption"

This reverts commit ec98d49424.

net/ipv4/netfilter/nf_dup_ipv4.c

@@ -52,9 +52,8 @@ void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
 {
 	struct iphdr *iph;
 
-	local_bh_disable();
 	if (this_cpu_read(nf_skb_duplicated))
-		goto out;
+		return;
 	/*
 	 * Copy the skb, and route the copy. Will later return %XT_CONTINUE for
 	 * the original skb, which should continue on its way as if nothing has
@@ -62,7 +61,7 @@ void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
 	 */
 	skb = pskb_copy(skb, GFP_ATOMIC);
 	if (skb == NULL)
-		goto out;
+		return;
 
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
 	/* Avoid counting cloned packets towards the original connection. */
@@ -91,8 +90,6 @@ void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
 	} else {
 		kfree_skb(skb);
 	}
-out:
-	local_bh_enable();
 }
 EXPORT_SYMBOL_GPL(nf_dup_ipv4);
 

net/ipv6/netfilter/nf_dup_ipv6.c

@@ -47,12 +47,11 @@ static bool nf_dup_ipv6_route(struct net *net, struct sk_buff *skb,
 void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
 		 const struct in6_addr *gw, int oif)
 {
-	local_bh_disable();
 	if (this_cpu_read(nf_skb_duplicated))
-		goto out;
+		return;
 	skb = pskb_copy(skb, GFP_ATOMIC);
 	if (skb == NULL)
-		goto out;
+		return;
 
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
 	nf_reset_ct(skb);
@@ -70,8 +69,6 @@ void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
 	} else {
 		kfree_skb(skb);
 	}
-out:
-	local_bh_enable();
 }
 EXPORT_SYMBOL_GPL(nf_dup_ipv6);