]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bd02232) | patch
netfilter: nf_tables: enable conntrack if NAT chain is registered
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 27 Mar 2018 09:53:08 +0000 (11:53 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 30 Mar 2018 09:29:19 +0000 (11:29 +0200)
commitbe1af7580f480a64734586c0854d77379ed4c417
treeec3310d2587f35c25d59d79ad4d1460ecc710d75tree | snapshot
parentbd02232d98b0f5be90e39dc969568df392a604bbcommit | diff
netfilter: nf_tables: enable conntrack if NAT chain is registered

Register conntrack hooks if the user adds NAT chains. Users get confused
with the existing behaviour since they will see no packets hitting this
chain until they add the first rule that refers to conntrack.

This patch adds new ->init() and ->free() indirections to chain types
that can be used by NAT chains to invoke the conntrack dependency.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h diff | blob | history
net/ipv4/netfilter/nft_chain_nat_ipv4.c diff | blob | history
net/ipv6/netfilter/nft_chain_nat_ipv6.c diff | blob | history
net/netfilter/nf_tables_api.c diff | blob | history
Linux Kernel Source Tree.