diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-16 18:24:17 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-18 15:02:34 +0100 |
| commit | ba3fbe663635ae7b33a2d972c5d2def036258e42 (patch) | |
| tree | 7c50360b364dfa2ee6977c985474a1d54c467697 /lib | |
| parent | netfilter: conntrack: remove nf_ct_l4proto_find_get (diff) | |
| download | linux-dev-ba3fbe663635ae7b33a2d972c5d2def036258e42.tar.xz linux-dev-ba3fbe663635ae7b33a2d972c5d2def036258e42.zip | |
netfilter: nf_conntrack: provide modparam to always register conntrack hooks
The connection tracking hooks can be optionally registered per netns
when conntrack is specifically invoked from the ruleset since
0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed
by ruleset"). Then, since 4d3a57f23dec ("netfilter: conntrack: do not
enable connection tracking unless needed"), the default behaviour is
changed to always register them on demand.
This patch provides a toggle that allows users to always register them.
Without this toggle, in order to use conntrack for statistics
collection, you need a dummy rule that refers to conntrack, eg.
iptables -I INPUT -m state --state NEW
This patch allows users to restore the original behaviour via modparam,
ie. always register connection tracking, eg.
modprobe nf_conntrack enable_hooks=1
Hence, no dummy rule is required.
Reported-by: Laura Garcia <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions