Paul Blakey wrote:
> Like if conntrack has just timed it out (or conntrack flushed), and skb
> holds the last ref?
Yes, thats very unlikely but its possible.
On 7/7/2019 3:04 PM, Florian Westphal wrote:
> Paul Blakey wrote:
>> +/* Determine whether skb->_nfct is equal to the result of conntrack lookup.
>> */
>> +static bool tcf_ct_skb_nfct_cached(struct net *net, struct sk_buff *skb,
>> + u16 zone_id, bool force)
>> +{
>
Paul Blakey wrote:
> +/* Determine whether skb->_nfct is equal to the result of conntrack lookup.
> */
> +static bool tcf_ct_skb_nfct_cached(struct net *net, struct sk_buff *skb,
> +u16 zone_id, bool force)
> +{
> + enum ip_conntrack_info ctinfo;
> + struct
Allow sending a packet to conntrack module for connection tracking.
The packet will be marked with conntrack connection's state, and
any metadata such as conntrack mark and label. This state metadata
can later be matched against with tc classifers, for example with the
flower classifier as below.
