iptables and ip6tables don't need this because iptables is AF_INET, ip6tables AF_INET6, etc. But tools that can change af in-between such as nftables will then may then find to find such module. One example is conntrack, it offsers NFPROTO_IPV4 and NFPROTO_IPV6. When first loading with NFPROTO_IPV6, the IPV4 would be discarded. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- libxtables/xtables.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libxtables/xtables.c b/libxtables/xtables.c index c5e86f389d47..f3966f15617a 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -933,9 +933,6 @@ void xtables_register_match(struct xtables_match *me) if (me->extra_opts != NULL) xtables_check_options(me->name, me->extra_opts); - /* ignore not interested match */ - if (me->family != afinfo->family && me->family != AF_UNSPEC) - return; /* place on linked list of matches pending full registration */ me->next = xtables_pending_matches; -- 2.16.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
