On Mon, May 14, 2018 at 07:30:56PM +0200, Pablo Neira Ayuso wrote: > On Mon, May 14, 2018 at 07:26:54PM +0200, Florian Westphal wrote: > > Pablo Neira Ayuso <[email protected]> wrote: > > > static int __init nf_nat_init(void) > > > diff --git a/net/netfilter/nfnetlink_queue.c > > > b/net/netfilter/nfnetlink_queue.c > > > index 74a04638ef03..28e4fae98f60 100644 > > > --- a/net/netfilter/nfnetlink_queue.c > > > +++ b/net/netfilter/nfnetlink_queue.c > > > @@ -227,6 +227,30 @@ find_dequeue_entry(struct nfqnl_instance *queue, > > > unsigned int id) > > > return entry; > > > } > > > > > > +static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int > > > verdict) > > > +{ > > > + enum ip_conntrack_info ctinfo; > > > + struct nf_ct_hook *ct_hook; > > > + struct nf_conn *ct; > > > + int err; > > > + > > > + ct = nf_ct_get(entry->skb, &ctinfo); > > > + if (ct && !nf_ct_is_confirmed(ct) && > > > + verdict != NF_STOLEN && verdict != NF_DROP) { > > > > Why not verdict == NF_ACCEPT? > > We also have to deal with NF_STOP, right?
Actually we could just to verdict == NF_ACCEPT || verdict == NF_STOP, for clarity. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
