[WireGuard] Is nf_conntrack really needed?
Baptiste Jonglez
baptiste at bitsofnetworks.org
Tue Nov 22 13:17:48 CET 2016
Hi,
I stumbled upon a build error on LEDE, which was caused by a missing
dependency to nf-conntrack (and possibly nf-conntrack6).
I see that NF_CONNTRACK is used only at one place in device.c, and it is
inconditionally required since 3106d632de ("build system: revamp building
and configuration").
Is the inconditional dependency really needed? nf-conntrack{,6}
introduces another 50 KB of dependencies on LEDE, which means a ~50%
increase in the amount of flash needed.
By the way, nf-conntrack is already required to do NAT, so this discussion
is only relevant for (hypothetical) people building their own LEDE images
without NAT support.
Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20161122/bf79fe4e/attachment.asc>
More information about the WireGuard
mailing list