On 14.03.2011 07:50, Changli Gao wrote: > We use the reply tuples when limiting the connections by the destination > addresses, however, in SNAT scenario, the final reply tuples won't be > ready until SNAT is done in POSTROUING or INPUT chain, and the following > nf_conntrack_find_get() in count_tem() will get nothing, so connlimit > can't work as expected. > > In this patch, the original tuples are always used, and an additional > member addr is appended to save the address in either end. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
