On Fri, May 29, 2015 at 08:19:35AM +0200, Jan Engelhardt wrote: > On Friday 2015-05-29 01:44, Pablo Neira Ayuso wrote: > > >Useful to compile-test all options. > > > >--- a/net/netfilter/Kconfig > >+++ b/net/netfilter/Kconfig > >@@ -3,6 +3,7 @@ menu "Core Netfilter Configuration" > > > > config NETFILTER_INGRESS > > bool "Netfilter ingress support" > >+ default y > > select NET_INGRESS > > help > > This allows you to classify packets from ingress using the Netfilter > > Careful with default y. I seem to remember that someone higher up > (perhaps Linus himself) was against "default y" for features deemed > not essential (especially hardware drivers), as no driver is any > more important than another. If "compile-test" is your reason for the > patch, it might fall into the same category. This config option is hiding behind the global CONFIG_NETFILTER switch that, if enabled, gets the very basic hook infrastructure, and this ingress hook falls into that category. I agree this makes sense for hardware drivers, but this is not the case. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
