于 2011年11月17日 16:07, Jozsef Kadlecsik 写道:
> No, the connection entry won't be destroyed by nf_ct_kill. Why do you
> think so?
>
Thanks Jozsef Kadlecsik.
nf_ct will be destroy when tcp_packet return -NF_REPEAT to nf_conntrack_in.
nf_conntrack_in will call nf_conntrack_put to destroy nf_conn
nf_conntrack_in:
ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
if (ret <= 0) {
/* Invalid: inverse of the return code tells
* the netfilter core what to do */
pr_debug("nf_conntrack_in: Can't track with proto module\n");
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
NF_CT_STAT_INC_ATOMIC(net, invalid);
if (ret == -NF_DROP)
NF_CT_STAT_INC_ATOMIC(net, drop);
return -ret;
}
I am wrong?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
