Am 23.08.2011 15:25, schrieb Florian Westphal: > Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: >> parent ad146381889371c2d1b89b27d9dc70ae257fc1c8 (v3.1-rc2-2-gad14638) >> commit 51b33b93d4c2e6c63afb177158f660fd17daf47c >> Author: Jan Engelhardt <jengelh@xxxxxxxxxx> >> Date: Tue Aug 23 15:07:00 2011 +0200 >> >> netfilter: better wording for table-full message >> - "nf_conntrack: table full, dropping" >> - " packet.\n"); >> + "nf_conntrack: table full, no new " >> + "CT created, packet will have " >> + "classification INVALID.\n"); > > packets seem to be dropped after all; call chain is: > > nf_conntrack_in -> resolve_normal_ct -> init_conntrack -> __nf_conntrack_alloc. > > AFAICS, the -ENOMEM is propagated back to nf_conntrack_in, where ret > will be set to NF_DROP. Right, I was following the !ct path. > The important point is resolve_normal_ct() return value; > on NULL the packet would be untracked. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
