On Thu, Jun 28, 2018 at 12:05:17PM +0200, Pablo Neira Ayuso wrote: > On Wed, Jun 27, 2018 at 11:58:29PM +0200, Florian Westphal wrote: > > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > On Mon, Jun 18, 2018 at 03:12:51PM +0200, Máté Eckl wrote: > > > > - NFT_SOCKET selected NF_SOCKET based on the wrong criterion. > > > > IPV6 itself does not guarantee that ipv6 functionality is available in nft. > > > > - NETFILTER_XT_MATCH_SOCKET now selects NF_SOCKET > > > > NF_SOCKET is not good for anything alone, so dependency is inapproproiate. > > Probably we can remove NF_SOCKET description too, so this is not > shown. I mean, now that we'll go for "select". Earlier someone said, that if there is no help message, it will not appear in menuconfig and other configuration tools. But it still does, it only says that there is no help for it. In this case, I would keep help text or really make this (and nf_tproxy_ipv4/6) disappear. > > > > Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx> > > > > --- > > > > net/netfilter/Kconfig | 6 +++--- > > > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > > > > > diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig > > > > index dbd7d1fad277..8abcefb8b418 100644 > > > > --- a/net/netfilter/Kconfig > > > > +++ b/net/netfilter/Kconfig > > > > @@ -626,7 +626,7 @@ config NFT_SOCKET > > > > tristate "Netfilter nf_tables socket match support" > > > > depends on IPV6 || IPV6=n > > > > select NF_SOCKET_IPV4 > > > > - select NF_SOCKET_IPV6 if IPV6 > > > > + select NF_SOCKET_IPV6 if NF_TABLES_IPV6 > > > > > > Are you sure this is needed? I mean, I can see other spots in > > > net/netfilter/Kconfig following the same approach. > > > > Its not needed but its a good idea. > > No point in autoselecting NF_SOCKET_IPV6 in case there is no ipv6 > > nftables support. > > Thanks for explaining. > > Then, we can probably switch other "if IPV6" dependencies in the > Kconfig file I think, in a single patch. > > Probably this can be done in two separated patches? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
