xt_socket.c:(.init.text+0x13d2): undefined reference to `nf_defrag_ipv6_enable' xt_TPROXY.c:(.init.text+0x19b5): undefined reference to `nf_defrag_ipv6_enable' If DEFRAG_IPV6=m we cannot have SOCKET/TPROXY=y. Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- Technically this patch is bogus, but I couldn't figure out how to express the dependencies in kconfig. both already have select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES But its not enough; its possible to have CONFIG_NF_DEFRAG_IPV6=m CONFIG_IP6_NF_IPTABLES=m CONFIG_NETFILTER_XT_TARGET_TPROXY=y CONFIG_NETFILTER_XT_MATCH_SOCKET=y Which doesn't work as socket/tproxy references symbols from ipv6 defrag. cannot add depends on (NF_DEFRAG_IPV6 || NF_DEFRAG_IPV6=n) since thats a recursive dependency. Adding a dependency to have m/y depend on IP6_NF_IPTABLES status appears to do the right thing but its not correct because it also disallows DEFRAG=y, TPROXY=m (which is fine). AFAICS this dependency issue has always existed since ipv6 support was added to tproxy. diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index e9410d1..faca831 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -834,6 +834,7 @@ config NETFILTER_XT_TARGET_TPROXY depends on NETFILTER_XTABLES depends on NETFILTER_ADVANCED depends on IP_NF_MANGLE + depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) select NF_DEFRAG_IPV4 select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES help @@ -1325,6 +1326,7 @@ config NETFILTER_XT_MATCH_SOCKET depends on NETFILTER_XTABLES depends on NETFILTER_ADVANCED depends on !NF_CONNTRACK || NF_CONNTRACK + depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) depends on (IPV6 || IPV6=n) select NF_DEFRAG_IPV4 select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES -- 1.8.1.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
