Jan Engelhardt wrote: > On Tuesday 2010-04-13 18:32, Patrick McHardy wrote: > >>>>> +#ifdef WITH_CONNTRACK >>>>> + nf_conntrack_put(skb->nfct); >>>>> + skb->nfct = &tee_track.ct_general; >>>>> + skb->nfctinfo = IP_CT_NEW; >>>>> + nf_conntrack_get(skb->nfct); >>>>> +#endif >>>> Why do we still need this? I thought the reentrancy-counter should take >>>> care of this? >>> Did I really delete that commit... it's done so that conntrack >>> does not count the duplicated packets towards the original >>> connection. >> Simply untrack it perhaps? > > Well, that's what the four lines do, that's what NOTRACK does - > assigning to a fake nfct, isn't it? Yeah, but a different one from the untracked conntrack, which is already explicitly checked for where necessary. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
