On Fri, May 14, 2010 at 08:42:43PM +0200, Patrick McHardy wrote: > > Should this be NF_DROP? As I understand it skb_linearize only failes > > if it runs out of memory, which probably means dropping is OK. But > > passing a packet that might need rewriting could be harmful.. > > We so far also didn't rewrite the packet. But agreed, its > a corner case and dropping it is the safer choice. I was just thinking that, say, a request goes out, gets rewritten but the reply comes back and does not get rewritten = bad. Better to drop. Looks OK to me.. Jason -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
