Re: [PATCH net-next] netfilter: conntrack: add a new NF_CT_EXT_EXPAND extension

From: Pablo Neira Ayuso
Date: Mon Jun 26 2017 - 12:52:33 EST


On Mon, Jun 26, 2017 at 02:10:46PM +0800, Lin Zhang wrote:
> In the current conntrack extend code, if we want to add a new
> extension, we must be add a new extension id and recompile kernel.

Yes, this is designed in this way on purpose.

Because we do not want to endorse proliferation of out-of-tree kernel
modules.

Sorry, we cannot take this.