Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> +static void nft_flow_offload_eval(const struct nft_expr *expr,
> + struct nft_regs *regs,
> + const struct nft_pktinfo *pkt)
> +{
[..]
> + if (test_bit(IPS_HELPER_BIT, &ct->status))
> + goto out;
> +
> + if (ctinfo == IP_CT_NEW ||
> + ctinfo == IP_CT_RELATED)
> + goto out;
Would it make sense to delay offload decision until l4 tracker has
set ASSURED bit?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
