On Tuesday 2010-04-13 18:09, Jan Engelhardt wrote: >> >>> +#ifdef WITH_CONNTRACK >>> + nf_conntrack_put(skb->nfct); >>> + skb->nfct = &tee_track.ct_general; >>> + skb->nfctinfo = IP_CT_NEW; >>> + nf_conntrack_get(skb->nfct); >>> +#endif >> >>Why do we still need this? I thought the reentrancy-counter should take >>care of this? > >Did I really delete that commit... it's done so that conntrack >does not count the duplicated packets towards the original >connection. While at that, would retaining the old skb's nfctinfo make any sense? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
