]> git.baikalelectronics.ru Git - kernel.git/commit
netfilter: ctnetlink: don't add null bindings if no nat requested
authorFlorian Westphal <fw@strlen.de>
Mon, 28 Apr 2014 19:07:31 +0000 (21:07 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 29 Apr 2014 18:49:08 +0000 (20:49 +0200)
commit93623578ae2e14959b7b68f465413dd8bfa108f3
tree000b67f61cfbc42e61c378e9a51e5fb59b3026f8
parent46a9f6d91d6faa2db01f07443a6a19389de73180
netfilter: ctnetlink: don't add null bindings if no nat requested

commit 0b845986a6890051595eef8691b7fe545de93c82 tried to fix a race
where nat initialisation can happen after ctnetlink-created conntrack
has been created.

However, it causes the nat module(s) to be loaded needlessly on
systems that are not using NAT.

Fortunately, we do not have to create null bindings in that case.

conntracks injected via ctnetlink always have the CONFIRMED bit set,
which prevents addition of the nat extension in nf_nat_ipv4/6_fn().

We only need to make sure that either no nat extension is added
or that we've created both src and dst manips.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_netlink.c