On Thu, Feb 11, 2010 at 7:59 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote:
> Alexey Dobriyan wrote:
>> --- a/net/bridge/br_netfilter.c
>> +++ b/net/bridge/br_netfilter.c
>> @@ -792,9 +792,11 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
>> }
>>
>> #if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE)
>> +#include <net/netfilter/nf_conntrack.h>
>> +
>> static int br_nf_dev_queue_xmit(struct sk_buff *skb)
>> {
>> - if (skb->nfct != NULL &&
>> + if ((skb->nfct != NULL || nf_ct_is_untracked(skb)) &&
>
> Seems unnecessary since nfct should be NULL when the conntrack
> is untracked.
Before untracked connections would pass the test, so additional check required.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
