* [WireGuard] Is nf_conntrack really needed?
@ 2016-11-22 12:17 Baptiste Jonglez
2016-11-22 16:08 ` Jason A. Donenfeld
0 siblings, 1 reply; 2+ messages in thread
From: Baptiste Jonglez @ 2016-11-22 12:17 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 656 bytes --]
Hi,
I stumbled upon a build error on LEDE, which was caused by a missing
dependency to nf-conntrack (and possibly nf-conntrack6).
I see that NF_CONNTRACK is used only at one place in device.c, and it is
inconditionally required since 3106d632de ("build system: revamp building
and configuration").
Is the inconditional dependency really needed? nf-conntrack{,6}
introduces another 50 KB of dependencies on LEDE, which means a ~50%
increase in the amount of flash needed.
By the way, nf-conntrack is already required to do NAT, so this discussion
is only relevant for (hypothetical) people building their own LEDE images
without NAT support.
Baptiste
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-11-22 16:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-22 12:17 [WireGuard] Is nf_conntrack really needed? Baptiste Jonglez
2016-11-22 16:08 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).