[PATCH 4/7] add missing module_alias_subsys
Patrick McHardy
kaber at trash.net
Sat Nov 5 08:31:08 CET 2005
Pablo Neira wrote:
> Add missing module alias. This is a must to load ctnetlink on demand.
> For example, the conntrack tool will fail if the module isn't loaded.
I don't think this is a good idea currently. Capability checking is
done after module autoloading, so any user can load ctnetlink,
ip_conntrack and all related modules. Please make sure to move
capability checking in nfnetlink before module loading first.
BTW: The same applies to ip_tables and ipt_ULOG through netlink
autoloading.
More information about the netfilter-devel
mailing list