git.baikalelectronics.ru Git - kernel.git/commit

author	Eric Leblond <eric@regit.org>
	Wed, 18 Apr 2012 09:20:41 +0000 (11:20 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 8 May 2012 17:35:18 +0000 (19:35 +0200)
commit	5a666eb26fa37fe08a2122259f1e775930c22aa6
tree	de5ba86bb36d05cd859bffb2370a9a3b462722d9	tree \| snapshot
parent	a535b91bbfc5c1ef15574fc283922a2a3c92b91e	commit \| diff

netfilter: nf_ct_helper: allow to disable automatic helper assignment

This patch allows you to disable automatic conntrack helper
lookup based on TCP/UDP ports, eg.

echo 0 > /proc/sys/net/netfilter/nf_conntrack_helper

[ Note: flows that already got a helper will keep using it even
if automatic helper assignment has been disabled ]

Once this behaviour has been disabled, you have to explicitly
use the iptables CT target to attach helper to flows.

There are good reasons to stop supporting automatic helper
assignment, for further information, please read:

http://www.netfilter.org/news.html#2012-04-03

This patch also adds one message to inform that automatic helper
assignment is deprecated and it will be removed soon (this is
spotted only once, with the first flow that gets a helper attached
to make it as less annoying as possible).

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_helper.h		diff \| blob \| history
include/net/netns/conntrack.h		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_helper.c		diff \| blob \| history