diff options
Diffstat (limited to 'target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch')
| -rw-r--r-- | target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch b/target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch new file mode 100644 index 0000000000..bb8c2d3e5a --- /dev/null +++ b/target/linux/generic/backport-4.19/346-v4.16-netfilter-flowtable-infrastructure-depends-on-NETFIL.patch @@ -0,0 +1,73 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Wed, 31 Jan 2018 18:13:39 +0100 +Subject: [PATCH] netfilter: flowtable infrastructure depends on + NETFILTER_INGRESS + +config NF_FLOW_TABLE depends on NETFILTER_INGRESS. If users forget to +enable this toggle, flowtable registration fails with EOPNOTSUPP. + +Moreover, turn 'select NF_FLOW_TABLE' in every flowtable family flavour +into dependency instead, otherwise this new dependency on +NETFILTER_INGRESS causes a warning. This also allows us to remove the +explicit dependency between family flowtables <-> NF_TABLES and +NF_CONNTRACK, given they depend on the NF_FLOW_TABLE core that already +expresses the general dependencies for this new infrastructure. + +Moreover, NF_FLOW_TABLE_INET depends on NF_FLOW_TABLE_IPV4 and +NF_FLOWTABLE_IPV6, which already depends on NF_FLOW_TABLE. So we can get +rid of direct dependency with NF_FLOW_TABLE. + +In general, let's avoid 'select', it just makes things more complicated. + +Reported-by: John Crispin <john@phrozen.org> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -80,8 +80,7 @@ endif # NF_TABLES + + config NF_FLOW_TABLE_IPV4 + tristate "Netfilter flow table IPv4 module" +- depends on NF_CONNTRACK && NF_TABLES +- select NF_FLOW_TABLE ++ depends on NF_FLOW_TABLE + help + This option adds the flow table IPv4 support. + +--- a/net/ipv6/netfilter/Kconfig ++++ b/net/ipv6/netfilter/Kconfig +@@ -101,8 +101,7 @@ endif # NF_TABLES + + config NF_FLOW_TABLE_IPV6 + tristate "Netfilter flow table IPv6 module" +- depends on NF_CONNTRACK && NF_TABLES +- select NF_FLOW_TABLE ++ depends on NF_FLOW_TABLE + help + This option adds the flow table IPv6 support. + +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -676,8 +676,8 @@ endif # NF_TABLES + + config NF_FLOW_TABLE_INET + tristate "Netfilter flow table mixed IPv4/IPv6 module" +- depends on NF_FLOW_TABLE_IPV4 && NF_FLOW_TABLE_IPV6 +- select NF_FLOW_TABLE ++ depends on NF_FLOW_TABLE_IPV4 ++ depends on NF_FLOW_TABLE_IPV6 + help + This option adds the flow table mixed IPv4/IPv6 support. + +@@ -685,7 +685,9 @@ config NF_FLOW_TABLE_INET + + config NF_FLOW_TABLE + tristate "Netfilter flow table module" +- depends on NF_CONNTRACK && NF_TABLES ++ depends on NETFILTER_INGRESS ++ depends on NF_CONNTRACK ++ depends on NF_TABLES + help + This option adds the flow table core infrastructure. + |