On Tuesday 2009-06-30 21:06, David Miller wrote: >Adding appropriate lists and persons to CC: > >> On Tue, Jun 30, 2009 at 05:27:47PM +0100, Mark McLoughlin wrote: >>> >>> However, because nf_conntrack introduces an skb_orphan(), it is now >>> recommended that bridge-nf-call-iptables be disabled completely so as >>> to ensure features like TUNSETSNDBUF work as expected. >> >> Patrick, does conntrack ever make sense for bridging? Perhaps >> we should get rid of that completely? It makes sense absolutely. Consider: * packet enters bridge * NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, ...) is called by nr_netfilter.c * (connection tracking entry is set up) * let bridging decision be "local delivery" -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
