On Fri, Aug 31, 2012 at 02:19:36AM +0200, Oliver wrote: > On Thursday 30 August 2012 20:39:50 Pablo Neira Ayuso wrote: > > Interesting, how are those assumptions fulfilled? > > Well, timing of course ;) - essentially, traffic paths are ensured longer than > the actual time for replication of conntrack state. I see. > > Agreed. But I don't come with any netfilter change that may result in > > that problem you're reporting. You'll have to debug this and get back > > to me with more information. > > You can disregard this, turned out to be due to the unfortunate fact that > net.ipv4.netfilter.ip_conntrack_tcp_be_liberal is of course replaced by > net.netfilter.nf_conntrack_tcp_be_liberal under 3.4 $ ls /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal Probably you forgot to set CONFIG_NF_CONNTRACK_PROC_COMPAT=y We haven't remove it yet, although it should be bad to schedule this for removal. > Please feel free to send me your latest rework of the patch and I will be > happy to test it out. Will do. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
