netfilter: ctnetlink: don't add null bindings if no nat requested - openslx/kernel-qcow2-linux.git

diff options

author	Florian Westphal	2014-04-28 21:07:31 +0200
committer	Pablo Neira Ayuso	2014-04-29 20:49:08 +0200
commit	fe337ac2839521b360f828b3ebd992d597b1ad16 (patch)
tree	000b67f61cfbc42e61c378e9a51e5fb59b3026f8 /net/ipv4/netfilter
parent	net: bonding: Fix format string mismatch in bond_sysfs.c (diff)
download	kernel-qcow2-linux-fe337ac2839521b360f828b3ebd992d597b1ad16.tar.gz kernel-qcow2-linux-fe337ac2839521b360f828b3ebd992d597b1ad16.tar.xz kernel-qcow2-linux-fe337ac2839521b360f828b3ebd992d597b1ad16.zip

netfilter: ctnetlink: don't add null bindings if no nat requested

commit 0eba801b64cc8284d9024c7ece30415a2b981a72 tried to fix a race where nat initialisation can happen after ctnetlink-created conntrack has been created. However, it causes the nat module(s) to be loaded needlessly on systems that are not using NAT. Fortunately, we do not have to create null bindings in that case. conntracks injected via ctnetlink always have the CONFIRMED bit set, which prevents addition of the nat extension in nf_nat_ipv4/6_fn(). We only need to make sure that either no nat extension is added or that we've created both src and dst manips. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/ipv4/netfilter')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: