On Thu, Mar 1, 2018 at 12:07 AM, Florian Westphal <fw@xxxxxxxxx> wrote: >> 2. Move nf_ct_netns_get/put() to the user of nf_conncount. >> Since nf_conncount now supports general keys, if the key is not related >> to a particular NFPROTO_*, then it is not necessary to do >> nf_ct_netns_get/put() in nf_conncount. > > I wonder if this is correct. > > conncount relies on all entries being backed by a conntrack entry so > it can expire those that are no longer around. Thanks for the comment. You are right. I will drop the second part of this patch in v2. Thanks, -Yi-Hung -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
