Liping Zhang <zlpnobody@xxxxxxx> wrote: > From: Liping Zhang <zlpnobody@xxxxxxxxx> > > We cannot setup nat info if the ct has been confirmed already, else, > different cpu may race to handle the same ct. Yes. > In extreme situation, > we may hit the "BUG_ON(nf_nat_initialized(ct, maniptype))" in the > nf_nat_setup_info. Right, before my change we did call nf_ct_nat_ext_add() unconditionally and that made us return NF_ACCEPT for confirmed conntracks without nat extension. So this fix looks correct to me, thanks Liping! Acked-by: Florian Westphal <fw@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
