Antonio Ojea <antonio.ojea.garcia@xxxxxxxxx> wrote: > > Antonio could also try this hack: > > > > diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c > > --- a/net/netfilter/nfnetlink_queue.c > > +++ b/net/netfilter/nfnetlink_queue.c > > @@ -379,7 +379,7 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) > > unsigned int ct_verdict = verdict; > > > > rcu_read_lock(); > > - ct_hook = rcu_dereference(nf_ct_hook); > > + ct_hook = NULL; > > if (ct_hook) > > ct_verdict = ct_hook->update(entry->state.net, entry->skb); > > rcu_read_unlock(); > > > > which defers this to the clash resolution logic. > > The ct_hook->update infra predates this, I'm not sure we need > > it anymore. > > Awesome, it works perfectly Great, I'll send a formal patch.
