This series stops ipt_CLUSTERIP from registering arp mangling hook unconditionally. Hook gets installed/removed from checkentry/destroy callbacks. Before this, modprobe ipt_CLUSTERIP would add a hook in each netns. While at it, also get rid of x_tables.h/xt storage space in struct net, there is no need for this. Florian Westphal (3): netfilter: ipt_CLUSTERIP: only add arp mangle hook when required netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning netfilter: remove xt pernet data include/net/net_namespace.h | 2 -- include/net/netns/x_tables.h | 12 ------- net/ipv4/netfilter/ipt_CLUSTERIP.c | 56 ++++++++++++++++++++---------- net/netfilter/xt_CT.c | 11 ------ 4 files changed, 37 insertions(+), 44 deletions(-) delete mode 100644 include/net/netns/x_tables.h -- 2.31.1
