On Mon, Apr 28, 2014 at 09:07:31PM +0200, Florian Westphal wrote: > commit 0eba801b64cc8284d9024c7ece30415a2b981a72 tried to fix a race > where nat initialisation can happen after ctnetlink-created conntrack > has been created. > > However, it causes the nat module(s) to be loaded needlessly on > systems that are not using NAT. > > Fortunately, we do not have to create null bindings in that case. > > conntracks injected via ctnetlink always have the CONFIRMED bit set, > which prevents addition of the nat extension in nf_nat_ipv4/6_fn(). > > We only need to make sure that either no nat extension is added > or that we've created both src and dst manips. Thanks Florian, applied. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
