Re: [PATCH v2] netfilter: nf_ct_helper: warn when not applying default helper assignment

On Wed, 1 Feb 2017, Pablo Neira Ayuso wrote: > > +{ > > + struct nf_conntrack_helper *ret; > > + > > + if (!net->ct.sysctl_auto_assign_helper) { > > + if (net->ct.auto_assign_helper_warned) > > + return NULL; > > + if (!find_auto_helper(ct)) > > This

Re: [PATCH v2] netfilter: nf_ct_helper: warn when not applying default helper assignment

On Wed, 2017-01-25 at 21:43 +0100, Jiri Kosina wrote: > Rewrite the code a little bit as suggested by Linus, so that we avoid > spaghettiing the code even more -- namely the whole decision making > process regarding helper selection (either automatic or not) is being > separated, so that the whole

Re: [PATCH v2] netfilter: nf_ct_helper: warn when not applying default helper assignment

On Tue, Jan 24, 2017 at 2:17 AM, Jiri Kosina wrote: > + if (!helper) { > + if (unlikely(!net->ct.sysctl_auto_assign_helper && > + !net->ct.auto_assign_helper_warned && > + >

[PATCH v2] netfilter: nf_ct_helper: warn when not applying default helper assignment

From: Jiri Kosina Commit 3bb398d925 ("netfilter: nf_ct_helper: disable automatic helper assignment") is causing behavior regressions in firewalls, as traffic handled by conntrack helpers is now by default not passed through even though it was before due to missing CT targets