On Wed, Jul 31, 2013 at 10:43:59PM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Mon, Jul 29, 2013 at 03:41:55PM +0200, Florian Westphal wrote: > > > Let nf_ct_delete handle delivery of the DESTROY event. > > > > > > This means we now also no longer send such events for conntracks that > > > are still unconfirmed. > > > > Not sure why this happens by looking at the patch. Are you refering to > > conntrack with IPS_CONFIRMED unset? > > Doh. You are right of course. > > get_next_corpse also iterates over the unconfirmed list, and ivokes > iter() for those (and iter is kill_report() which calls > nf_conntrack_event_report()). > > But nf_conntrack_event_report() just returns in !IPS_CONFIRMED case. > > Thanks for pointing it out. Removed that line from the description and applied this patch. Thanks Florian. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
