On Tue, Nov 07, 2017 at 11:58:40AM -0700, Subash Abhinov Kasiviswanathan wrote: > >This breaks connection tracking for packets coming in via such > >interfaces. > > > >Nowadays we only enable defrag in a network namespace if the ip/nftables > >ruleset requires it, so this setting would be counter-productive. [...] > This usecase is run on an Android based device, so there will be only > the init namespace. While the specific rmnet interfaces for wifi calling do > not require conntrack / iptables, some other scenarios like NAT on other > interfaces may trigger the load of the defrag module. Hence, we needed > this interface specific way of preventing defrag. We can probably skip defrag if explicit notrack is requested via rule. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
