Pablo Neira Ayuso b118509076 netfilter: remove nf_conntrack_helper sysctl and modparam toggles ... __nf_ct_try_assign_helper() remains in place but it now requires a template to configure the helper. A toggle to disable automatic helper assignment was added by: a9006892643a ("netfilter: nf_ct_helper: allow to disable automatic helper assignment") in 2012 to address the issues described in "Secure use of iptables and connection tracking helpers". Automatic conntrack helper assignment was disabled by: 3bb398d925ec ("netfilter: nf_ct_helper: disable automatic helper assignment") back in 2016. This patch removes the sysctl and modparam toggles, users now have to rely on explicit conntrack helper configuration via ruleset. Update tools/testing/selftests/netfilter/nft_conntrack_helper.sh to check that auto-assignment does not happen anymore. Acked-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2022-08-31 12:12:32 +02:00
..
ipv4
ipv6	netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1	2021-09-28 13:04:55 +02:00
br_netfilter.h
nf_conntrack_acct.h	netfilter: conntrack: remove extension register api	2022-02-04 06:30:28 +01:00
nf_conntrack_act_ct.h	net/sched: act_ct: Fill offloading tuple iifidx	2022-01-04 12:12:55 +00:00
nf_conntrack_bpf.h	net/netfilter: Add unstable CT lookup helpers for XDP and TC-BPF	2022-01-18 14:26:42 -08:00
nf_conntrack_bridge.h
nf_conntrack_core.h	net: netfilter: Add kfuncs to set and change CT status	2022-07-21 21:03:16 -07:00
nf_conntrack_count.h	netfilter: nf_conncount: reduce unnecessary GC	2022-05-16 13:05:40 +02:00
nf_conntrack_ecache.h	netfilter: prefer extension check to pointer check	2022-05-13 18:56:28 +02:00
nf_conntrack_expect.h
nf_conntrack_extend.h	netfilter: extensions: introduce extension genid count	2022-05-13 18:52:16 +02:00
nf_conntrack_helper.h	netfilter: conntrack: Add and use nf_ct_set_auto_assign_helper_warned()	2022-03-20 00:29:35 +01:00
nf_conntrack_l4proto.h
nf_conntrack_labels.h	netfilter: extensions: introduce extension genid count	2022-05-13 18:52:16 +02:00
nf_conntrack_seqadj.h	netfilter: conntrack: remove extension register api	2022-02-04 06:30:28 +01:00
nf_conntrack_synproxy.h
nf_conntrack_timeout.h	netfilter: nf_conntrack: add missing __rcu annotations	2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.h	netfilter: conntrack: remove extension register api	2022-02-04 06:30:28 +01:00
nf_conntrack_tuple.h
nf_conntrack_zones.h
nf_conntrack.h	netfilter: remove nf_conntrack_helper sysctl and modparam toggles	2022-08-31 12:12:32 +02:00
nf_dup_netdev.h
nf_flow_table.h	netfilter: flowtable: fix stuck flows on cleanup due to pending work	2022-08-24 07:43:21 +02:00
nf_hooks_lwtunnel.h	netfilter: add netfilter hooks to SRv6 data plane	2021-08-30 01:51:36 +02:00
nf_log.h
nf_nat_helper.h
nf_nat_masquerade.h
nf_nat_redirect.h
nf_nat.h	netfilter: nf_nat: in nf_nat_initialized(), use const struct nf_conn *	2022-07-14 00:24:06 +02:00
nf_queue.h	netfilter: nf_queue: fix possible use-after-free	2022-03-01 11:50:35 +01:00
nf_reject.h	netfilter: conntrack: skip verification of zero UDP checksum	2022-05-13 18:56:28 +02:00
nf_socket.h
nf_synproxy.h
nf_tables_core.h	netfilter: nf_tables: move nft_cmp_fast_mask to where its used	2022-07-11 16:40:46 +02:00
nf_tables_ipv4.h	netfilter: nf_tables: convert pktinfo->tprot_set to flags field	2021-11-01 09:30:20 +01:00
nf_tables_ipv6.h	netfilter: nf_tables: convert pktinfo->tprot_set to flags field	2021-11-01 09:30:20 +01:00
nf_tables_offload.h	netfilter: nf_tables: bail out early if hardware offload is not supported	2022-06-06 19:19:15 +02:00
nf_tables.h	netfilter: nf_tables: make table handle allocation per-netns friendly	2022-08-24 07:43:20 +02:00
nf_tproxy.h
nft_fib.h	netfilter: nft_fib: add reduce support	2022-03-20 00:29:47 +01:00
nft_meta.h	netfilter: nft_meta: extend reduce support to bridge family	2022-03-20 00:29:46 +01:00
nft_reject.h
xt_rateest.h	net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types	2021-10-18 12:54:41 +01:00