Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Mon, Jul 29, 2013 at 03:41:55PM +0200, Florian Westphal wrote: > > Let nf_ct_delete handle delivery of the DESTROY event. > > > > This means we now also no longer send such events for conntracks that > > are still unconfirmed. > > Not sure why this happens by looking at the patch. Are you refering to > conntrack with IPS_CONFIRMED unset? Doh. You are right of course. get_next_corpse also iterates over the unconfirmed list, and ivokes iter() for those (and iter is kill_report() which calls nf_conntrack_event_report()). But nf_conntrack_event_report() just returns in !IPS_CONFIRMED case. Thanks for pointing it out. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
