Re: Easy network (config) breakage with 3.17-rc1: NETFILTER_XT_TARGET_LOG

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 22, 2014 at 08:01:12PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Aug 21, 2014 at 12:49:33PM +0200, Rafał Miłecki wrote:
> > Few days ago I updated my 3.16 to 3.17-rc1 (both self compiled) and I
> > was using it until I noticed my machine doesn't respond to pings. I
> > rebooted to 3.16 and it was working again.
> > 
> > I bisected between 3.16 and 3.17-rc1 but it has failed. After all I
> > got 3.16 not working anymore as well.
> > 
> > It took me few hours to find the one to blame:
> > CONFIG_NETFILTER_XT_TARGET_LOG. After moving my config from 3.16 to
> > 3.17-rc1 CONFIG_NETFILTER_XT_TARGET_LOG got disabled because of two
> > new dependencies: NF_LOG_IPV4 && NF_LOG_IPV6.
> > 
> > It would be nice if you could try to use "select" instead of "depends
> > on" in such cases in the future. I bet fix my problem would be trivial
> > since the beginning, but end-users may spent hours or days tracking
> > such things :(
> 
> Sorry for that Kconfig problem. Please, have a look at the attached
> patch and confirm that it fixes the problem. At quick glance I think
> it's safe to use select in this case.

I'm just looking at this again.

We cannot select NF_LOG_IPV6. This is going to break if IPV6 is not
enabled.

I can just relax this to avoid the dependency with NF_LOG_IPV4 and
NF_LOG_IPV6 so CONFIG_NETFILTER_XT_TARGET_LOG will be still selected
if not NF_LOG_IP* is set (see patch attached).

However, those new modules are really required to get this working, if
they are not present, iptables ... -j LOG will fail with -ENOENT since
the protocol logger won't be available.
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 05eb177..9b57bc0 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -747,7 +747,6 @@ config NETFILTER_XT_TARGET_LED
 
 config NETFILTER_XT_TARGET_LOG
 	tristate "LOG target support"
-	depends on NF_LOG_IPV4 && NF_LOG_IPV6
 	default m if NETFILTER_ADVANCED=n
 	help
 	  This option adds a `LOG' target, which allows you to create rules in

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux