On Thursday 2011-04-21 14:51, Florian Westphal wrote:
>The commit a2361c8735e07322023aedc36e4938b35af31eb0
>("netfilter: xt_conntrack: warn about use in raw table")
>disallows use of -m conntrack in the raw table:
>"nfct happens to run after the raw table only".
>
>Thats correct, but when the packet was sent from the local machine the
>skb already has ->nfct attached, and -m conntrack seems to do
>the right thing.
Hm, I did not consider that. In this case, the patch should be backed
out.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
