search for: ip_confim

...d state, and the arrival of another packet with the same tuple. If a second packet arrives before the first is confirmed, it is assigned a new connection tracking context instead of joining that of the first unconfirmed packet. When the second packet is finally handled by ip_refrag(), the call to ip_confim() finds that there is already a confirmed entry in the table, and returns NF_DROP. >From the comments in __ip_contrack_confirm(), we infer that this is to deal with duplicated datagrams and some REJECT case, but it's the wrong thing in this case because the subsequent packets are neither dup...