On Fri, Sep 9, 2016 at 2:37 PM, Joe Stringer wrote:
> On 8 September 2016 at 08:49, Jesse Gross wrote:
>> On Wed, Sep 7, 2016 at 5:18 PM, Joe Stringer wrote:
>>> On 1 September 2016 at 18:08, Jesse Gross wrote:
On Thu, Sep 1,
On 8 September 2016 at 08:49, Jesse Gross wrote:
> On Wed, Sep 7, 2016 at 5:18 PM, Joe Stringer wrote:
>> On 1 September 2016 at 18:08, Jesse Gross wrote:
>>> On Thu, Sep 1, 2016 at 5:01 PM, Joe Stringer wrote:
The upstream
On Wed, Sep 7, 2016 at 5:18 PM, Joe Stringer wrote:
> On 1 September 2016 at 18:08, Jesse Gross wrote:
>> On Thu, Sep 1, 2016 at 5:01 PM, Joe Stringer wrote:
>>> The upstream code uses NF_INET_PRE_ROUTING hook for the nf_conntrack_in()
>>> call,
On 1 September 2016 at 18:08, Jesse Gross wrote:
> On Thu, Sep 1, 2016 at 5:01 PM, Joe Stringer wrote:
>> The upstream code uses NF_INET_PRE_ROUTING hook for the nf_conntrack_in()
>> call, which does deeper (eg l4proto) validation. It was previously
>> thought
On Thu, Sep 1, 2016 at 5:01 PM, Joe Stringer wrote:
> The upstream code uses NF_INET_PRE_ROUTING hook for the nf_conntrack_in()
> call, which does deeper (eg l4proto) validation. It was previously
> thought that using the NF_INET_ROUTING hook for this function on older
> kernels
The upstream code uses NF_INET_PRE_ROUTING hook for the nf_conntrack_in()
call, which does deeper (eg l4proto) validation. It was previously
thought that using the NF_INET_ROUTING hook for this function on older
kernels would trigger kernel panics due to a dependency on the
unpopulated skb->dev,