Alexey Dobriyan wrote: > On Thu, Feb 11, 2010 at 7:59 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote: >> Alexey Dobriyan wrote: >>> --- a/net/bridge/br_netfilter.c >>> +++ b/net/bridge/br_netfilter.c >>> @@ -792,9 +792,11 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb, >>> } >>> >>> #if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE) >>> +#include <net/netfilter/nf_conntrack.h> >>> + >>> static int br_nf_dev_queue_xmit(struct sk_buff *skb) >>> { >>> - if (skb->nfct != NULL && >>> + if ((skb->nfct != NULL || nf_ct_is_untracked(skb)) && >> Seems unnecessary since nfct should be NULL when the conntrack >> is untracked. > > Before untracked connections would pass the test, so additional check required. Actually they are supposed to pass this test since they are also defragmented. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html