Gao Feng <f...@ikuai8.com> wrote:
> > [   23.465616] ------------[ cut here ]------------
> > [   23.466477] WARNING: CPU: 0 PID: 1225 at 
> > net/netfilter/nf_conntrack_seqadj.c:232
> > nf_ct_seq_offset+0x7a/0x9a
> > [   23.468458] Missing nfct_seqadj_ext_add() setup call
> >
> 
> It should be that nf_ct_add_synproxy failed and the seqadj extentision is
> not added.

Note that nfct_synproxy_ext_add always returns NULL if
CONFIG_NETFILTER_SYNPROXY=n

The warning should also be removed.

> When nf_ct_add_synproxy fails, the init_conntrack fails too and return
> ERR_PTR(-ENOMEM). In this case, the packet should be dropped directly, and
> should not be processed by the latter codes.

This means the commit breaks conntrack if SYNPROXY=n
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to