Hello, 04.11.2010, 04:34, "Yasuyuki KOZAKAI" <yasuyuki.kozakai@xxxxxxxxxxxxx>: >>> Maybe I'm wrong, but the last line of icmp_error_message() from >>> net/ipv4/netfilter/nf_conntrack_proto_icmp.c seems illogical to me. >>> Should it be return NF_ACCEPT, instead of -NF_ACCEPT? > > -NF_ACCEPT should be returned. ICMP error is the special packet and > icmp_error_message() assigns IP_CT_RELATED to ctinfo itself. > nf_conntrack_in() is unnecessary to resolve ctinfo as normal packets, > so icmp_error_message() returns -NF_ACCEPT. > Yes, you're right. Overlooked this. Thanks for clarification! -- wbr, Oleg. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
