834184b1f3
nf_defrag modules for ipv4 and ipv6 export an empty stub function. Any module that needs the defragmentation hooks registered simply 'calls' this empty function to create a phony module dependency -- modprobe will then load the defrag module too. This extends netfilter ipv4/ipv6 defragmentation modules to delay the hook registration until the functionality is requested within a network namespace instead of module load time for all namespaces. Hooks are only un-registered on module unload or when a namespace that used such defrag functionality exits. We have to use struct net for this as the register hooks can be called before netns initialization here from the ipv4/ipv6 conntrack module init path. There is no unregister functionality support, defrag will always be active once it was requested inside a net namespace. The reason is that defrag has impact on nft and iptables rulesets (without defrag we might see framents). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| conntrack.h | ||
| core.h | ||
| dccp.h | ||
| generic.h | ||
| hash.h | ||
| ieee802154_6lowpan.h | ||
| ipv4.h | ||
| ipv6.h | ||
| mib.h | ||
| mpls.h | ||
| netfilter.h | ||
| nftables.h | ||
| packet.h | ||
| sctp.h | ||
| unix.h | ||
| x_tables.h | ||
| xfrm.h | ||