On Wed, Apr 29, 2015 at 02:53:58PM -0700, Cong Wang wrote: > On Wed, Apr 29, 2015 at 11:53 AM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > diff --git a/net/sched/Kconfig b/net/sched/Kconfig > > index 2274e72..23b57da 100644 > > --- a/net/sched/Kconfig > > +++ b/net/sched/Kconfig > > @@ -312,6 +312,7 @@ config NET_SCH_PIE > > config NET_SCH_INGRESS > > tristate "Ingress Qdisc" > > depends on NET_CLS_ACT > > + select NETFILTER_INGRESS > > ---help--- > > Say Y here if you want to use classifiers for incoming packets. > > If unsure, say Y. > > > So now it impossible to compile ingress Qdics without netfilters... > > (I know you moved them into net/core/, but still they are netfilter API's.) This is only one single file that only contains the very basic hook infrastructure, this does not depend on the layer 3. > Why do we have to mix different layers? IOW, why not just keep TC at L2 > and netfilters at L3 even just w.r.t. API? I think that used to be true in the iptables days... The nftables infrastructure is flexible and extensible enough to satisfy the needs of other network layers. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
