diff options
author | 2019-01-16 18:24:17 +0100 | |
---|---|---|
committer | 2019-01-18 15:02:34 +0100 | |
commit | ba3fbe663635ae7b33a2d972c5d2def036258e42 (patch) | |
tree | 7c50360b364dfa2ee6977c985474a1d54c467697 /Documentation | |
parent | netfilter: conntrack: remove nf_ct_l4proto_find_get (diff) | |
download | linux-dev-ba3fbe663635ae7b33a2d972c5d2def036258e42.tar.xz linux-dev-ba3fbe663635ae7b33a2d972c5d2def036258e42.zip |
netfilter: nf_conntrack: provide modparam to always register conntrack hooks
The connection tracking hooks can be optionally registered per netns
when conntrack is specifically invoked from the ruleset since
0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed
by ruleset"). Then, since 4d3a57f23dec ("netfilter: conntrack: do not
enable connection tracking unless needed"), the default behaviour is
changed to always register them on demand.
This patch provides a toggle that allows users to always register them.
Without this toggle, in order to use conntrack for statistics
collection, you need a dummy rule that refers to conntrack, eg.
iptables -I INPUT -m state --state NEW
This patch allows users to restore the original behaviour via modparam,
ie. always register connection tracking, eg.
modprobe nf_conntrack enable_hooks=1
Hence, no dummy rule is required.
Reported-by: Laura Garcia <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions