Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > parent ad146381889371c2d1b89b27d9dc70ae257fc1c8 (v3.1-rc2-2-gad14638) > commit 51b33b93d4c2e6c63afb177158f660fd17daf47c > Author: Jan Engelhardt <jengelh@xxxxxxxxxx> > Date: Tue Aug 23 15:07:00 2011 +0200 > > netfilter: better wording for table-full message > - "nf_conntrack: table full, dropping" > - " packet.\n"); > + "nf_conntrack: table full, no new " > + "CT created, packet will have " > + "classification INVALID.\n"); packets seem to be dropped after all; call chain is: nf_conntrack_in -> resolve_normal_ct -> init_conntrack -> __nf_conntrack_alloc. AFAICS, the -ENOMEM is propagated back to nf_conntrack_in, where ret will be set to NF_DROP. The important point is resolve_normal_ct() return value; on NULL the packet would be untracked. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
