Re: CONFIG_NETFILTER

To:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: CONFIG_NETFILTER_DEBUG spew
From:	Patrick McHardy <kaber@xxxxxxxxx>
Date:	Mon, 02 May 2005 18:12:47 +0200
Cc:	netfilter-devel@xxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, Andrew Morton <akpm@xxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>
In-reply-to:	<20050501111507.GA2133@xxxxxxxxxxxxxxxxxxx>
References:	<20050501032809.3d0b4cda.akpm@xxxxxxxx> <20050501111507.GA2133@xxxxxxxxxxxxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2

Herbert Xu wrote:
> BTW, should we do nf_reset in ip_dev_loopback_xmit as well?

I think we should, tc actions could do something unexpected with
the packet.

Regards
Patrick

[NETFILTER]: Drop conntrack reference in ip_dev_loopback_xmit()

Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

---
commit c4644e58c8b52dca9699e8ee0e975f5f13eb4d2c
tree 35d8915a3fd6fa39a46d9b2e8e1fd272e82ea3af
parent a91b6fa8bc4b1626d413d58c21cfcfecabbb4a61
author Patrick McHardy <kaber@xxxxxxxxx> 1115049922 +0200
committer Patrick McHardy <kaber@xxxxxxxxx> 1115049922 +0200

Index: net/core/netfilter.c
===================================================================
--- 9544bb88b28c2e3ca4b0a66fedfa2bb540ec06e2/net/core/netfilter.c  (mode:100644 
sha1:92c51824797dd15018e579eb5753cc372e04fd3d)
+++ 35d8915a3fd6fa39a46d9b2e8e1fd272e82ea3af/net/core/netfilter.c  (mode:100644 
sha1:22a8f127c4aad9821e5f3294aa518807165ee8b7)
@@ -236,8 +236,6 @@
                debug_print_hooks_ip(newskb->nf_debug);
                nf_dump_skb(PF_INET, newskb);
        }
-       /* Clear to avoid confusing input check */
-       newskb->nf_debug = 0;
 }
 
 void nf_debug_ip_finish_output2(struct sk_buff *skb)
Index: net/ipv4/ip_output.c
===================================================================
--- 9544bb88b28c2e3ca4b0a66fedfa2bb540ec06e2/net/ipv4/ip_output.c  (mode:100644 
sha1:38f69532a029e5ff1ddbdbd665afcff46e94abb5)
+++ 35d8915a3fd6fa39a46d9b2e8e1fd272e82ea3af/net/ipv4/ip_output.c  (mode:100644 
sha1:24fe3e00b42b0bb673be5a6d8ceb15defb192974)
@@ -111,6 +111,7 @@
 #ifdef CONFIG_NETFILTER_DEBUG
        nf_debug_ip_loopback_xmit(newskb);
 #endif
+       nf_reset(newskb);
        netif_rx(newskb);
        return 0;
 }

<Prev in Thread]	Current Thread	[Next in Thread>
CONFIG_NETFILTER_DEBUG spew, Andrew Morton Re: CONFIG_NETFILTER_DEBUG spew, Herbert Xu Re: CONFIG_NETFILTER_DEBUG spew, Patrick McHardy Re: CONFIG_NETFILTER_DEBUG spew, David S. Miller Re: CONFIG_NETFILTER_DEBUG spew, Harald Welte Re: CONFIG_NETFILTER_DEBUG spew, Patrick McHardy Re: CONFIG_NETFILTER_DEBUG spew, Patrick McHardy <= Re: CONFIG_NETFILTER_DEBUG spew, Herbert Xu Re: CONFIG_NETFILTER_DEBUG spew, David S. Miller

Previous by Date:	Re: patch: Action repeat, Thomas Graf
Next by Date:	RE: Re-routing packets via netfilter (ip_rt_bug), Yair Itzhaki
Previous by Thread:	Re: CONFIG_NETFILTER_DEBUG spew, Patrick McHardy
Next by Thread:	Re: CONFIG_NETFILTER_DEBUG spew, Herbert Xu
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: CONFIG_NETFILTER_DEBUG spew