On Tue, Mar 08, 2022 at 11:16:20PM +0100, Pablo Neira Ayuso wrote:
> Since cd5135377ac4 ("conntrackd: cthelper: Set up userspace helpers when
> daemon starts"), userspace conntrack helpers do not depend on a previous
> invocation of nfct to set up the userspace helpers.
>
> Move helper definitions to nfct-extensions/helper.c since existing
> deployments might still invoke nfct, even if not required anymore.
>
> This patch was motivated by the removal of the lazy binding.
>
> Phil Sutter says:
>
> "For security purposes, distributions might want to pass -Wl,-z,now
> linker flags to all builds, thereby disabling lazy binding globally.
>
> In the past, nfct relied upon lazy binding: It uses the helper objects'
> parsing functions without but doesn't provide all symbols the objects
> use."
>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Acked-by: Phil Sutter <phil@xxxxxx>
Thanks!
