Liping Zhang <[email protected]> wrote: > From: Liping Zhang <[email protected]> > > We cannot setup nat info if the ct has been confirmed already, else, > different cpu may race to handle the same ct.
Yes. > In extreme situation, > we may hit the "BUG_ON(nf_nat_initialized(ct, maniptype))" in the > nf_nat_setup_info. Right, before my change we did call nf_ct_nat_ext_add() unconditionally and that made us return NF_ACCEPT for confirmed conntracks without nat extension. So this fix looks correct to me, thanks Liping! Acked-by: Florian Westphal <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
