On Mon, Apr 28, 2014 at 06:25:22PM +0400, Vasily Averin wrote: > >> Therefore I believe that my patch is still correct, however now I think we also need > >> to remove #if IS_ENABLED(CONFIG_NF_CONNTRACK_IPV4) in br_nf_dev_queue_xmit(). > > > > I don't think so, DEFRAG_IPV4 is dependency glue, so it shouldn't be > > possible to build kernel with CONNTRACK_IPV4=n and DEFRAG_IPV4=(m|y). > > Could you please explain, why this #ifdef is required? > > I'm going to remove this #ifdef because it was added together with nfct check. > > Also I believe you are wrong with dependencies: > NF_CONNTRACK_IPV4 forces NF_DEFRAG_IPV4, not vice versa That's fine. Basically nf_conntrack *always* requires defragmentation. But defragmentation is also required by tproxy, which doesn't force you to have nf_conntrack. > net/ipv4/netfilter/Kconfig > config NF_DEFRAG_IPV4 > tristate > default n > > config NF_CONNTRACK_IPV4 > tristate "IPv4 connection tracking support (required for NAT)" > depends on NF_CONNTRACK > default m if NETFILTER_ADVANCED=n > select NF_DEFRAG_IPV4 > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
