On Wed, Sep 11, 2019 at 01:24:26AM +0200, Pablo Neira Ayuso wrote: > Hi Michal, > > On Wed, Sep 04, 2019 at 02:16:51PM +0200, Michal Kubecek wrote: > > This seems to have fallen through the cracks. I tried to do the revert > > but it's not completely straightforward as bridge conntrack has been > > introduced in between and I'm not sure I got the bridge part right. > > Could someone more familiar with the code take a look? > > I'm exploring a different path, see attached patch (still untested). > > I'm trying to avoid this large revert from Florian. The idea with this > patch is to invoke the conntrack confirmation path from the > nf_reinject() path, which is what it is missing. Thank you for looking into it. I'll take a look at your patch. > I'm at a conference right now, I'll try scratch time to sort out this > asap. Most likely we'll have to request a patch to be included in > -stable in the next release I'm afraid. As the regression didn't happen in this cycle but in 5.1-rc1, there are already two releases affected so that it's IMHO more important to get it right than to catch 5.3 at any cost. Michal
