Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2017-02-02 | netfilter: reset netfilter state when duplicating packet | Florian Westphal | 2 | -2/+2 | |
We should also toss nf_bridge_info, if any -- packet is leaving via ip_local_out, also, this skb isn't bridged -- it is a locally generated copy. Also this avoids the need to touch this later when skb->nfct is replaced with 'unsigned long _nfct' in followup patch. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
2017-02-02 | netfilter: conntrack: no need to pass ctinfo to error handler | Florian Westphal | 8 | -20/+16 | |
It is never accessed for reading and the only places that write to it are the icmp(6) handlers, which also set skb->nfct (and skb->nfctinfo). The conntrack core specifically checks for attached skb->nfct after ->error() invocation and returns early in this case. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
2017-02-02 | netfilter: nf_tables: Eliminate duplicated code in nf_tables_table_enable() | Feng |