netfilter: nf_conntrack: provide modparam to always register conntrack hooks - pm24.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-01-16 18:24:17 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-01-18 15:02:34 +0100
commit	ba3fbe663635ae7b33a2d972c5d2def036258e42 (patch)
tree	7c50360b364dfa2ee6977c985474a1d54c467697 /lib/mpi/mpi-cmp.c
parent	4a60dc748d121b52533a2956567df4f87a3835b1 (diff)

netfilter: nf_conntrack: provide modparam to always register conntrack hooks

The connection tracking hooks can be optionally registered per netns when conntrack is specifically invoked from the ruleset since 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset"). Then, since 4d3a57f23dec ("netfilter: conntrack: do not enable connection tracking unless needed"), the default behaviour is changed to always register them on demand. This patch provides a toggle that allows users to always register them. Without this toggle, in order to use conntrack for statistics collection, you need a dummy rule that refers to conntrack, eg. iptables -I INPUT -m state --state NEW This patch allows users to restore the original behaviour via modparam, ie. always register connection tracking, eg. modprobe nf_conntrack enable_hooks=1 Hence, no dummy rule is required. Reported-by: Laura Garcia <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'lib/mpi/mpi-cmp.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: