On Mon, Jun 18, 2018 at 03:12:51PM +0200, Máté Eckl wrote: > - NFT_SOCKET selected NF_SOCKET based on the wrong criterion. > IPV6 itself does not guarantee that ipv6 functionality is available in nft. > - NETFILTER_XT_MATCH_SOCKET now selects NF_SOCKET > NF_SOCKET is not good for anything alone, so dependency is inapproproiate. > > Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx> > --- > net/netfilter/Kconfig | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig > index dbd7d1fad277..8abcefb8b418 100644 > --- a/net/netfilter/Kconfig > +++ b/net/netfilter/Kconfig > @@ -626,7 +626,7 @@ config NFT_SOCKET > tristate "Netfilter nf_tables socket match support" > depends on IPV6 || IPV6=n > select NF_SOCKET_IPV4 > - select NF_SOCKET_IPV6 if IPV6 > + select NF_SOCKET_IPV6 if NF_TABLES_IPV6 Are you sure this is needed? I mean, I can see other spots in net/netfilter/Kconfig following the same approach. Can you find a .config combination that can really result in a real problem? I understand your motivation is clarify rather than actually fixing up anything. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
