On Thu, Mar 24, 2016 at 10:00:02AM +0200, Nikolay Borisov wrote: > I've been running production kernels in production with those changes > and so far I haven't observed a single crash resulting from this. > Furthermore, I believe that all the call sites of synproxy_build_ip > should have the skb associated with a valid tcp socket, which must have > originated from a particular namespace. Please, always Cc: netfilter-devel@xxxxxxxxxxxxxxx for patches that modify netfilter code. Your change is buggy, we cannot assume skb->sk set on packets that are being forwarded, we could have detected this following this process. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
