• Florian Westphal's avatar
    netfilter: nfnetlink: allow to detect if ctnetlink listeners exist · 2794cdb0
    Florian Westphal authored
    At this time, every new conntrack gets the 'event cache extension'
    enabled for it.
    
    This is because the 'net.netfilter.nf_conntrack_events' sysctl defaults
    to 1.
    
    Changing the default to 0 means that commands that rely on the event
    notification extension, e.g. 'conntrack -E' or conntrackd, stop working.
    
    We COULD detect if there is a listener by means of
    'nfnetlink_has_listeners()' and only add the extension if this is true.
    
    The downside is a dependency from conntrack module to nfnetlink module.
    
    This adds a different way: inc/dec a counter whenever a ctnetlink group
    is being (un)subscribed and toggle a flag in struct net.
    
    Next patches will take advantage of this and will only add the event
    extension if the flag is set.
    Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    2794cdb0
nfnetlink.c 18.6 KB