Commit 77966845 authored May 21, 2015 by Marcelo Ricardo Leitner Committed by Pablo Neira Ayuso Jun 12, 2015

netfilter: conntrack: warn the user if there is a better helper to use



After db29a950 ("netfilter: conntrack: disable generic tracking for
known protocols"), if the specific helper is built but not loaded
(a standard for most distributions) systems with a restrictive firewall
but weak configuration regarding netfilter modules to load, will
silently stop working.

This patch then puts a warning message so the sysadmin knows where to
start looking into. It's a pr_warn_once regardless of protocol itself
but it should be enough to give a hint on where to look.

Cc: Florian Westphal <fw@strlen.de>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent c63264de

net/netfilter/nf_conntrack_proto_generic.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -90,7 +90,13 @@ static int generic_packet(struct nf_conn *ct,
		static bool generic_new(struct nf_conn ct, const struct sk_buff skb,
		unsigned int dataoff, unsigned int *timeouts)
		{
		return nf_generic_should_process(nf_ct_protonum(ct));
		bool ret;

		ret = nf_generic_should_process(nf_ct_protonum(ct));
		if (!ret)
		pr_warn_once("conntrack: generic helper won't handle protocol %d. Please consider loading the specific helper module.\n",
		nf_ct_protonum(ct));
		return ret;
		}

		#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)