ACK/Cmnt: [focal:linux-bluefield][PATCH 0/1] Change CONFIG_NF_CONNTRACK to y
Moshe Shemesh
moshe at nvidia.com
Sun Jun 20 04:31:17 UTC 2021
On 6/18/2021 5:24 PM, Jesse Sung wrote:
> + Moshe at NVIDIA to the thread for more details.
>
> On Wed, Jun 16, 2021 at 7:49 PM Tim Gardner <tim.gardner at canonical.com> wrote:
>> Acked-by: Tim Gardner <tim.gardner at canonical.com>
>>
>> Does this change behavior in any way ? The conntrack module isn't
>> normally loaded until user space is initialized, which is as soon as
>> iptables rules can be set anyways.
We are adding a new BPF helper for conntrack.
BPF helpers can only access builtin symbols, not modules symbols.
>> On 6/15/21 10:53 PM, Wen-chien Jesse Sung wrote:
>>> BugLink: https://launchpad.net/bugs/1932042
>>>
>>> == Impact ==
>>> NVIDIA would like to have CONFIG_NF_CONNTRACK as y instead of m.
>>>
>>> == Fix ==
>>> CONFIG_NF_CONNTRACK=y
>>> The feature is already enabled as a module. Since it would always get
>>> loaded because they would enable firewall by default, changing it to
>>> builtin shouldn't make any harm.
>>>
>>> == Risk of Regression ==
>>> Low. This is already enabled as a module.
>>>
>>>
>>> Wen-chien Jesse Sung (1):
>>> UBUNTU: [Config] CONFIG_NF_CONNTRACK=y
>>>
>>> debian.bluefield/config/config.common.ubuntu | 6 +++---
>>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>>
>> --
>> -----------
>> Tim Gardner
>> Canonical, Inc
More information about the kernel-team
mailing list