linux-image-3.2.0-4-686-pae and nf_conntrack

To: debian-kernel@lists.debian.org
Subject: linux-image-3.2.0-4-686-pae and nf_conntrack
From: Jan van den Berg <jan.vandenberg@isp.solcon.nl>
Date: Mon, 30 Sep 2013 22:49:36 +0200
Message-id: <[🔎] 20130930224936.113428dd966e84476defc7cc@isp.solcon.nl>

Hi,

from /lib/modules/3.2.0-4-686-pae/modules.dep I gather that somewhere it was decided that the nf_conntrack and ipvs module are dependant on one another:

kernel/net/netfilter/ipvs/ip_vs.ko: kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko

This is also what "modinfo ip_vs" tells me.

But what if I specifically dont want to use connection tracking?

We run high traffic loadbalancers and in the past connection tracking has been (more than once) a problem. So better safe than sorry (and we disable it always).

But whats the reasoning for the dependency: I havent noticed this in (2.6) squeeze kernels?
Is it really necessary? I cant see what's changed between Squeeze en Wheezy for this to occur.

-- 
Cheers,

Jan van den Berg

Reply to:

Prev by Date: Re: patchset to enable user namespaces
Previous by thread: Bug#692957: Can confirm this "bug"
Index(es):
- Date
- Thread