|
|
|
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
Date: Wed, 31 Jan 2018 18:13:39 +0100
|
|
|
|
Subject: [PATCH] netfilter: flowtable infrastructure depends on
|
|
|
|
NETFILTER_INGRESS
|
|
|
|
|
|
|
|
config NF_FLOW_TABLE depends on NETFILTER_INGRESS. If users forget to
|
|
|
|
enable this toggle, flowtable registration fails with EOPNOTSUPP.
|
|
|
|
|
|
|
|
Moreover, turn 'select NF_FLOW_TABLE' in every flowtable family flavour
|
|
|
|
into dependency instead, otherwise this new dependency on
|
|
|
|
NETFILTER_INGRESS causes a warning. This also allows us to remove the
|
|
|
|
explicit dependency between family flowtables <-> NF_TABLES and
|
|
|
|
NF_CONNTRACK, given they depend on the NF_FLOW_TABLE core that already
|
|
|
|
expresses the general dependencies for this new infrastructure.
|
|
|
|
|
|
|
|
Moreover, NF_FLOW_TABLE_INET depends on NF_FLOW_TABLE_IPV4 and
|
|
|
|
NF_FLOWTABLE_IPV6, which already depends on NF_FLOW_TABLE. So we can get
|
|
|
|
rid of direct dependency with NF_FLOW_TABLE.
|
|
|
|
|
|
|
|
In general, let's avoid 'select', it just makes things more complicated.
|
|
|
|
|
|
|
|
Reported-by: John Crispin <john@phrozen.org>
|
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
---
|
|
|
|
|
|
|
|
--- a/net/ipv4/netfilter/Kconfig
|
|
|
|
+++ b/net/ipv4/netfilter/Kconfig
|
|
|
|
@@ -79,8 +79,7 @@ endif # NF_TABLES
|
|
|
|
|
|
|
|
config NF_FLOW_TABLE_IPV4
|
|
|
|
tristate "Netfilter flow table IPv4 module"
|
|
|
|
- depends on NF_CONNTRACK && NF_TABLES
|
|
|
|
- select NF_FLOW_TABLE
|
|
|
|
+ depends on NF_FLOW_TABLE
|
|
|
|
help
|
|
|
|
This option adds the flow table IPv4 support.
|
|
|
|
|
|
|
|
--- a/net/ipv6/netfilter/Kconfig
|
|
|
|
+++ b/net/ipv6/netfilter/Kconfig
|
|
|
|
@@ -101,8 +101,7 @@ endif # NF_TABLES
|
|
|
|
|
|
|
|
config NF_FLOW_TABLE_IPV6
|
|
|
|
tristate "Netfilter flow table IPv6 module"
|
|
|
|
- depends on NF_CONNTRACK && NF_TABLES
|
|
|
|
- select NF_FLOW_TABLE
|
|
|
|
+ depends on NF_FLOW_TABLE
|
|
|
|
help
|
|
|
|
This option adds the flow table IPv6 support.
|
|
|
|
|
|
|
|
--- a/net/netfilter/Kconfig
|
|
|
|
+++ b/net/netfilter/Kconfig
|
|
|
|
@@ -670,8 +670,8 @@ endif # NF_TABLES
|
|
|
|
|
|
|
|
config NF_FLOW_TABLE_INET
|
|
|
|
tristate "Netfilter flow table mixed IPv4/IPv6 module"
|
|
|
|
- depends on NF_FLOW_TABLE_IPV4 && NF_FLOW_TABLE_IPV6
|
|
|
|
- select NF_FLOW_TABLE
|
|
|
|
+ depends on NF_FLOW_TABLE_IPV4
|
|
|
|
+ depends on NF_FLOW_TABLE_IPV6
|
|
|
|
help
|
|
|
|
This option adds the flow table mixed IPv4/IPv6 support.
|
|
|
|
|
|
|
|
@@ -679,7 +679,9 @@ config NF_FLOW_TABLE_INET
|
|
|
|
|
|
|
|
config NF_FLOW_TABLE
|
|
|
|
tristate "Netfilter flow table module"
|
|
|
|
- depends on NF_CONNTRACK && NF_TABLES
|
|
|
|
+ depends on NETFILTER_INGRESS
|
|
|
|
+ depends on NF_CONNTRACK
|
|
|
|
+ depends on NF_TABLES
|
|
|
|
help
|
|
|
|
This option adds the flow table core infrastructure.
|
|
|
|
|