Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > +static int
> > +cmp_exp_timeout(const struct nf_expect *exp1, const struct nf_expect *exp2,
> > + unsigned int flags)
> > +{
> > + return exp1->timeout == exp2->timeout;
> > +}
>
> The timeout comparison needs to implement the __NFCT_CMP_TIMEOUT
> logic, similar to nfct_cmp. Otherwise nfexp_cmp will break in
> conntrackd with expect sync mode.
You're right of course. I'll implement this and send a v2 of this
patch.
Thanks for catching this!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
