On Friday 2010-05-14 21:26, Patrick McHardy wrote: >>> Should this be NF_DROP? As I understand it skb_linearize only failes >>> if it runs out of memory, which probably means dropping is OK. But >>> passing a packet that might need rewriting could be harmful.. >> >> We so far also didn't rewrite the packet. But agreed, its >> a corner case and dropping it is the safer choice. > >This is what I've added to my tree. Tested with asterisk and TSO >enabled NIC, which fails without this patch. > [..patch..] Shouldn't we do this for the other nf_conntrack_xyz too? That would mean getting rid of the size-limited locked packet buffer. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
