On Sat, Jul 16, 2016 at 11:18:01AM +0200, Florian Westphal wrote: > Liping Zhang <zlpnobody@xxxxxxx> wrote: > > From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> > > > > We only get nf_connlabels if the user add ct label set expr successfully, > > but we will also put nf_connlabels if the user delete ct lable get expr. > > This is mismathced, and will cause ct label expr cannot work properly. > > > > Also, if we init something fail, we should put nf_connlabels back. > > Otherwise, we may waste to alloc the memory that will never be used. > > Acked-by: Florian Westphal <fw@xxxxxxxxx> > > Unrelated to your patch: > > I think its time to change conntrack labels to a pure 128 bit field: I think this is going to simplify this code a bit, so go ahead with this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
