Florian Westphal 0c66dc1ea3 netfilter: conntrack: register hooks in netns when needed by ruleset ... This makes use of nf_ct_netns_get/put added in previous patch. We add get/put functions to nf_conntrack_l3proto structure, ipv4 and ipv6 then implement use-count to track how many users (nft or xtables modules) have a dependency on ipv4 and/or ipv6 connection tracking functionality. When count reaches zero, the hooks are unregistered. This delays activation of connection tracking inside a namespace until stateful firewall rule or nat rule gets added. This patch breaks backwards compatibility in the sense that connection tracking won't be active anymore when the protocol tracker module is loaded. This breaks e.g. setups that ctnetlink for flow accounting and the like, without any '-m conntrack' packet filter rules. Followup patch restores old behavour and makes new delayed scheme optional via sysctl. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2016-12-04 21:17:24 +01:00
..
acpi	Merge branches 'acpica-fixes', 'acpi-cppc-fixes' and 'acpi-tools-fixes'	2016-11-18 21:34:42 +01:00
asm-generic	default exported asm symbols to zero	2016-12-02 08:51:22 -08:00
clocksource
crypto
drm	drm: Don't force all planes to be added to the state due to zpos	2016-10-26 18:48:05 +02:00
dt-bindings	dt-bindings: net: add EEE capability constants	2016-11-29 19:38:31 -05:00
keys
kvm
linux	netfilter: conntrack: built-in support for DCCP	2016-12-04 20:53:15 +01:00
math-emu
media
memory
misc
net	netfilter: conntrack: register hooks in netns when needed by ruleset	2016-12-04 21:17:24 +01:00
pcmcia
ras
rdma
rxrpc
scsi
soc
sound
target	target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE	2016-10-19 21:22:32 -07:00
trace	net/phy: add trace events for mdio accesses	2016-11-24 11:55:43 -05:00
uapi	netfilter: nf_conntrack_tuple_common.h: fix #include	2016-12-04 20:49:18 +01:00
video
xen
Kbuild