linuxludo@xxxxxxx <linuxludo@xxxxxxx> wrote: > I would provide you a small patch in order to fix a BUG when GRE over IPv6 is used with netfilter/conntrack module. > > This is my first contribution, not knowing the procedure well, thank you for being aware of this request. See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst In short, the patch should pass 'scripts/checkpatch.pl' and should apply cleanly with 'git am'. > Regarding the proposed patch, here is a description of the encountered bug. > Indeed, when an ip6tables rule dropping traffic due to an invalid packet (aka w/ conntrack module) is placed before a GRE protocol permit rule, the latter is never reached ; the packet is discarded via the previous rule. > > The proposed patch takes into account both IPv4 and IPv6 in conntrack module for GRE protocol. > You will find this one at the end of this email. > > I personally tested this, successfully. If the GRE tracker works fine with ipv6 its best to just remove the if-clause entirely, we only support ipv4 and ipv6 anyway.