I think 71d8c47fc653711c4(netfilter: conntrack: introduce clash resolution on insertion race) is doing the same logic for resolving conntrack clashing.
The first packet who win the race should handle the NAT stuff on the conntrack right? Pablo Neira Ayuso <[email protected]> 於 2019年1月28日 週一 下午9:50寫道: > > On Mon, Jan 28, 2019 at 02:39:40PM +0100, Florian Westphal wrote: > > Chieh-Min Wang <[email protected]> wrote: > > > I think this is the same issue as this one. > > > > > > http://patchwork.ozlabs.org/patch/995825/ > > > > Yes, likely. > > I see. > > I don't think letting the packet go through is a good idea. Not sure > NAT will work fine, packets would go through being unmangled? I think > we should still drop the packet until we fix this.
