On Thursday 2010-10-07 14:27, Sven-Ola Tuecke wrote: > >> No oopses should happen. It's just that conntrack will record two >> different connections for what is one, and the states thus don't work >> reliably. > >Thanks for the estimation - but untested stuff tends to trigger mem leaks and >whatnot. Well since it has to record twice the connections it will use twice as much memory, yes. It is probably best to tag every packet that is going to be MAP66'd with -j NOTRACK anyway (when you don't use raw/rawpost), to avoid wasting conntrack resources on something it won't do. >I leave the warning there. While I'm here: I wasn't aware that sme. >has written a complete book on writing NF modules as well as maintaining a >compat framework as well. Next time I'd try google first, then start hacking, >Promised ;-) You should come to NFWS in Sevilla later this month. ;) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
