Pablo Neira Ayuso wrote: > Patrick McHardy wrote: >>>> I think you could avoid this mess by using a struct nf_conntrack >>>> for the untracked conntrack instead of struct nf_conn. It shouldn't >>>> make any difference since its ignored anyways. >>> Ewww, can I? >> I hope so :) A different possiblity suggest by Pablo some time ago >> would be to mark untracked packets in skb->nfctinfo and not >> attach a conntrack at all. > > Indeed, I remember that :). I left that patch of the table time ago [1]. > There's a nf_reset call missing as Patrick said at that time. I can > recover it if you like the idea.
I think that would be a good idea. _______________________________________________ Containers mailing list [EMAIL PROTECTED] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
