On Thu, 2014-09-04 at 09:20 +0200, Pablo Neira Ayuso wrote:
> We never had so far a way to enable/disable the xt_nat targets from
> Kconfig, before this patch that was controled by CONFIG_NF_NAT which
> is a global switch to enable/disable NAT.
>
> With that patch, the idea is that users still get the {S,D}NAT target
> if the IPv4/IPv6 iptables NAT tables are enabled (thus the two select
> statements) when jumping from old kernel config to new ones.
>
> I can introduce a new explicit switch for NETFILTER_XT_NAT in Kconfig
> for this if you consider that less confusing, it's something we didn't
> have so far though. Please, let me know if I'm overlooking something
> incorrect, thanks.
My point was that you probably need to add a Kconfig entry for
NETFILTER_XT_NAT. Because now, at least in next-21040903, the two select
statements are NOPs and xt_nat.o will never be build because
CONFIG_NETFILTER_XT_NAT will never be set:
$ git grep NETFILTER_XT_NAT next-20140903
next-20140903:net/ipv4/netfilter/Kconfig: select NETFILTER_XT_NAT
next-20140903:net/ipv6/netfilter/Kconfig: select NETFILTER_XT_NAT
next-20140903:net/netfilter/Makefile:obj-$(CONFIG_NETFILTER_XT_NAT) += xt_nat.o
Perhaps that Kconfig entry get dropped while resolving a merge conflict,
somewhere.
Paul Bolle
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
