On Sat, Apr 15, 2017 at 07:26:10PM +0200, Florian Westphal wrote: > By default the kernel emits all ctnetlink events for a connection. > This allows to select the types of events to generate. > > This can be used to e.g. only send DESTROY events but no NEW/UPDATE ones > and will work even if sysctl net.netfilter.nf_conntrack_events is set to 0. > > This was already possible via iptables' CT target, but the nft version has > the advantage that it can also be used with already-established conntracks. > > The added nf_ct_is_template() check isn't a bug fix as we only support > mark and labels (and unlike ecache the conntrack core doesn't copy those). applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
