[PATCH] update raw patch in POM
Jozsef Kadlecsik
kadlec at blackhole.kfki.hu
Tue Jun 21 11:08:24 CEST 2005
On Tue, 21 Jun 2005, Pablo Neira wrote:
> Roberto Nibali wrote:
> >>Almost forgot: the nf_reset() patch should "fix" this bug. "Fix"
> >>because it doesn't really fix it but rather hides this issue
> >>for a later possible revival.
> >
> > I thought so, however is there a clean fix which does not involve rewriting the
> > raw patch? I mean the unconditional nf_reset() is rather intrusive. What about
> > other netfilter extensions, they could have the same refcnt problem, couldn't they?
>
> I've started thinking that a better way to fix this would require to
> review current untracked logic.
At the very beginning NOTRACK worked by using a flag in nfcache. However
that required ugly conditions both in the conntrack and nat core.
Best regards,
Jozsef
-
E-mail : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the netfilter-devel
mailing list