On Fri, Aug 22, 2014 at 08:01:12PM +0200, Pablo Neira Ayuso wrote: > On Thu, Aug 21, 2014 at 12:49:33PM +0200, Rafał Miłecki wrote: > > Few days ago I updated my 3.16 to 3.17-rc1 (both self compiled) and I > > was using it until I noticed my machine doesn't respond to pings. I > > rebooted to 3.16 and it was working again. > > > > I bisected between 3.16 and 3.17-rc1 but it has failed. After all I > > got 3.16 not working anymore as well. > > > > It took me few hours to find the one to blame: > > CONFIG_NETFILTER_XT_TARGET_LOG. After moving my config from 3.16 to > > 3.17-rc1 CONFIG_NETFILTER_XT_TARGET_LOG got disabled because of two > > new dependencies: NF_LOG_IPV4 && NF_LOG_IPV6. > > > > It would be nice if you could try to use "select" instead of "depends > > on" in such cases in the future. I bet fix my problem would be trivial > > since the beginning, but end-users may spent hours or days tracking > > such things :( > > Sorry for that Kconfig problem. Please, have a look at the attached > patch and confirm that it fixes the problem. At quick glance I think > it's safe to use select in this case. I'm just looking at this again. We cannot select NF_LOG_IPV6. This is going to break if IPV6 is not enabled. I can just relax this to avoid the dependency with NF_LOG_IPV4 and NF_LOG_IPV6 so CONFIG_NETFILTER_XT_TARGET_LOG will be still selected if not NF_LOG_IP* is set (see patch attached). However, those new modules are really required to get this working, if they are not present, iptables ... -j LOG will fail with -ENOENT since the protocol logger won't be available.
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 05eb177..9b57bc0 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -747,7 +747,6 @@ config NETFILTER_XT_TARGET_LED config NETFILTER_XT_TARGET_LOG tristate "LOG target support" - depends on NF_LOG_IPV4 && NF_LOG_IPV6 default m if NETFILTER_ADVANCED=n help This option adds a `LOG' target, which allows you to create rules in
