Pablo Neira Ayuso wrote: > Patrick McHardy wrote: >>>> Pablo, please let me know whether you want me to apply this. >>> ctnetlink_change_helper() also calls nf_ct_ext_add() for conntracks that >>> are confirmed (in case of a helper update for an existing conntrack). >>> That would also trigger the assertion. If we want to support helper >>> assignation via ctnetlink for existing conntracks, we will need to add >>> locking to the conntrack extension infrastructure to avoid races. >>> >>> I don't see a clear solution for this yet. >> I see, this is indeed a problem. Since the helper is known at the >> first event, we could restrict this to only allow manual assignment >> for newly created conntracks. Most helpers probably can't properly >> cope with connections not seen from the beginning anyways. > > Indeed, changing the helper in the middle of the road doesn't make too > much sense to me either. I can send you a patch for this along today, > I'll find some spare time to do it. Great, thanks Pablo. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
