On Thu, Oct 25, 2012 at 05:34:45PM +0200, Ulrich Weber wrote: > ICMP tuples have id in src and type/code in dst. > So comparing src.u.all with dst.u.all will always fail here > and ip_xfrm_me_harder() is called for every ICMP packet, > even if there was no NAT... Tracking the history, this seems to be there since really long time ago. I'll pass a backport of this to -stable. Applied, thanks Ulrich. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
