Pablo Neira Ayuso wrote: > Patrick McHardy wrote: >>>> I think you could avoid this mess by using a struct nf_conntrack >>>> for the untracked conntrack instead of struct nf_conn. It shouldn't >>>> make any difference since its ignored anyways. >>> Ewww, can I? >> I hope so :) A different possiblity suggest by Pablo some time ago >> would be to mark untracked packets in skb->nfctinfo and not >> attach a conntrack at all. > > Indeed, I remember that :). I left that patch of the table time ago [1]. > There's a nf_reset call missing as Patrick said at that time. I can > recover it if you like the idea. I think that would be a good idea. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
