On Tuesday 2011-03-15 02:30, Changli Gao wrote: >On Tue, Mar 15, 2011 at 9:16 AM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: >> >> >> The original tuple may not be updated, but the reply tuple is. >> And we are taking the reply tuple in >> >> Â Â Â Âtuple_ptr = &ct->tuplehash[IP_CT_DIR_REPLY].tuple; >> >> which is subsequently copied to conn->tuple on the first invocation. >> >> Afterwards, SNAT will update ct->tuplehash[reply].tuple, and so >> conn->tuple is outdated. Calling nf_conntrack_find_get(conn->tuple) >> in count_them would then fail, would it not? >> > >After my patch, tuple is only used to look up the corresponding >conntrack. Ok, the patch may be applied. Somehow I was under the impression addr was extracted from tuple_ptr, but it is, in fact, not. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
