Re: [PATCH nf-next v4] netfilter: nf_defrag: Skip defrag if NOTRACK is set

On Wed, Jan 10, 2018 at 08:51:57PM -0700, Subash Abhinov Kasiviswanathan wrote: > conntrack defrag is needed only if some module like CONNTRACK or NAT > explicitly requests it. For plain forwarding scenarios, defrag is > not needed and can be skipped if NOTRACK is set in a rule. > > Since

[PATCH nf-next v4] netfilter: nf_defrag: Skip defrag if NOTRACK is set

conntrack defrag is needed only if some module like CONNTRACK or NAT explicitly requests it. For plain forwarding scenarios, defrag is not needed and can be skipped if NOTRACK is set in a rule. Since conntrack defrag is currently higher priority than raw table, setting NOTRACK is not sufficient.