Re: 2.6.12: connection tracking broken?

From: Patrick McHardy
Date: Mon Jun 20 2005 - 07:17:45 EST

Bart De Schuymer wrote:
> Op ma, 20-06-2005 te 04:45 +0200, schreef Patrick McHardy:
>> Bart, can you explain why the hooks are defered please?
> This is done so that iptables knows which bridge port the output device
> is, using the iptables physdev match.

In which cases is this necessary? AFAICT the output device is determined
in br_handle_frame_finish() for a normally bridged packet.

> Can't you release the conntrack reference with a function registered on
> the POSTROUTING hook with a prio higher than nat POSTROUTING (or
> something like that)?

We would have to hold the reference while the packet is queued at the
device for the bridge case, which we want to avoid.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at