Pablo Neira Ayuso <[email protected]> wrote: > On Mon, Jan 23, 2017 at 01:28:48PM +0100, Florian Westphal wrote: > > diff --git a/net/netfilter/core.c b/net/netfilter/core.c > > index 0c629fdf90e1..ce6adfae521a 100644 > > --- a/net/netfilter/core.c > > +++ b/net/netfilter/core.c > > @@ -375,7 +375,7 @@ void nf_ct_attach(struct sk_buff *new, const struct > > sk_buff *skb) > > { > > void (*attach)(struct sk_buff *, const struct sk_buff *); > > > > - if (skb_nfct(skb)) { > > + if (skb->nfct) { > > I guess this slipped through accidentally. No need to resent, I can > amend it here.
Hmm, let me review this. I thin the skb_nfct() conversion is erroneous. (Q: If original is UNTRRACKED, should the reply packet that is being attached be UNTRACKED or INVALID?) I think its "UNTRACKED", and then this needs testing of skb->_nfct . (at least once the untracked object gets removed). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
