These two patches address bugs added when I converted the nat bysource hash to rhashtable. First patch fixes object comparision, second patch converts nat bysource to the rhlist interface, we have to deal with identical source identities (distinct connections sharing same ip/port source pair). Unfortunately the rhashlist interface isn't available in 4.8, so the question is how to address patch #2 for -stable. One way would be to revert the rhashtable conversion, the other one would be to just set .insecure_elasticity in the rhashtable params. The latter should work fine, as we do NOT need to identify the individual duplicate keys. include/net/netfilter/nf_conntrack.h | 2 - net/netfilter/nf_nat_core.c | 49 +++++++++++++++++++++-------------- 2 files changed, 31 insertions(+), 20 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
