On Mon, Jul 06, 2015 at 11:41:13PM +0200, Florian Westphal wrote: > Bernhard Thaler <bernhard.thaler@xxxxxxxx> wrote: [...] > > > Might also make sense to not create the sysctl and sysfs entry in the > > > first place if no ip6tables is available. > > > > Totally agree, it would be the best solution. > > > > My idea was that I do not know how admins and their existing scripts > > react if sysctl and sysfs entry are gone entirely...and if everybody > > assumes the default is 0 if these entry do not exist. > > > > But scripts that do not check the return code of their write operations > > on the sysctl and sysfs may not check for the existance of these entries > > either... > > Yes, thats the problem, a script checking the errors would break as > well. > > Fortunately its not really important since this only affects custom > kernel builds. Right. I think it would be good to have that patch to disable the /proc interface when CONFIG_IPV6 is not built. Would you please send us that patch Bernhard? > > A message in dmesg log explaining that ip6tables sysctl and sysfs > > entries are not exposed due to CONFIG_IPV6=n (and/or IP6_NF_IPTABLES) > > may be more helpful to understand what is going on. > > Hmm, not sure if there is any point in doing that. > We don't do that in other cases either, the assumotion is that if you > build your own kernels you better know what you're doing (also, in this > case ip6tables doesn't work either which is hopefully the right clue...) Agreed. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
