On Friday 2010-02-12 13:24, Alexey Dobriyan wrote: >On Thu, Feb 11, 2010 at 8:04 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: >> On Thursday 2010-02-11 18:59, Patrick McHardy wrote: >>>Alexey Dobriyan wrote: >>>> This is netns NOTRACK fix we discussed earlier. >>>> >>>> The idea was to remove nf_conntrack_untracked and >>>> declare that ->nfct=NULL and ->nfctinfo=IP_CT_UNTRACKED are untracked >>>> connections. >> >> As invalid connections used nfct=NULL, how are they now >> checked for? > >Sorry? if ->nfct == NULL && ->nfctinfo == IP_CT_UNTRACKED, >then untracked, otherwise invalid. >Additional checks were inserted where necesary. I was under the impression that (before your commit), when ->nfct is NULL, then ->nfctinfo is undefined, but in fact, net/core/skbuff.c explicitly zeroes it, so invalid conncetions will have nfctinfo==IP_CT_ESTABLISHED in practice. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
