On Thursday 30 August 2012 20:39:50 Pablo Neira Ayuso wrote: > Interesting, how are those assumptions fulfilled? Well, timing of course ;) - essentially, traffic paths are ensured longer than the actual time for replication of conntrack state. > Agreed. But I don't come with any netfilter change that may result in > that problem you're reporting. You'll have to debug this and get back > to me with more information. You can disregard this, turned out to be due to the unfortunate fact that net.ipv4.netfilter.ip_conntrack_tcp_be_liberal is of course replaced by net.netfilter.nf_conntrack_tcp_be_liberal under 3.4 Please feel free to send me your latest rework of the patch and I will be happy to test it out. Kind Regards, Oliver -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
