Patrick McHardy wrote:
> Generally the logic seems inverted, you should return an error
> to conntrack if userspace wasn't notified of the error.

Indeed, thanks. Are you OK with this patch instead?