From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751957AbdAXBJ6 (ORCPT ); Mon, 23 Jan 2017 20:09:58 -0500 Received: from mail-ot0-f194.google.com ([74.125.82.194]:32911 "EHLO mail-ot0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751113AbdAXBJ4 (ORCPT ); Mon, 23 Jan 2017 20:09:56 -0500 MIME-Version: 1.0 In-Reply-To: References: From: Linus Torvalds Date: Mon, 23 Jan 2017 17:09:55 -0800 X-Google-Sender-Auth: MeIENSwvNWaAPmV82LHaWhZSfos Message-ID: Subject: Re: [RFC PATCH 0/2] restore original default of nf_conntrack_helper sysctl To: Jiri Kosina Cc: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , NetFilter , coreteam@netfilter.org, Linux Kernel Mailing List , info@jablonka.cz Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 23, 2017 at 4:06 PM, Jiri Kosina wrote: > > Considering this being really close to the "userspace breakage" > borderline, I'm CCing Linus as well. For all I know, there may be some security reason why we really don't want the automatic helpers, even if they can be convenient. Also, you can just enable them with a kernel command line or a sysctl, so it's not like you can't get the old behavior back. Do networking people have any comments? Was there a reason to actually switch the default? Because the commit messages aren't all that helpful. Linus