Am 30.06.2011 13:34, schrieb Eric Dumazet: > Le jeudi 30 juin 2011 à 11:36 +0400, Kuzin Andrey a écrit : > >> Every day netfilter code become more and more difficult to understand. >> IPQ mechanism don't have >> this problems, migration to NFQUEUE by simply modifications of function >> names in original program >> code led to these problems. I think it very hard to find this error in >> netfilter code and may be sometimes >> NFQUEUE will be rewritten from scratch to NGQUEUE (next generation queue) ;) >> I wrote this patch as simply as possible (one-hour solution) to solve >> the problem for the our paid services. >> Early no one netfilter developer did not pay any attention to messages >> about this problem. >> > > Wow wow wow... > > Maybe these netfilter guys you blame had some paid job to do at the time > you sent your bug report ? Or only you have real paid services ? > > For the record, I also used NFQUEUE and never hit a single problem. > > Maybe I was just lucky, I dont know. > > Instead of trying to hide the bug, please be constructive and find a way > to pinpoint the bug, so that we can fix it for good. Thanks Eric, I agree. Give us data and we'll fix it if really is a bug. The fact that the timeout patch apparently helps indicates that some packets don't receive verdicts. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
