On Fri, Jul 20, 2018 at 11:13:37PM +0200, Harsha Sharma wrote:
> On Fri, Jul 20, 2018 at 3:21 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > On Thu, Jul 19, 2018 at 03:10:14PM +0200, Harsha Sharma wrote:
> >> On Thu, Jul 19, 2018 at 2:33 AM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > [...]
> >> >> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> >> >> index 3f211e1025c1..c1cf24b6db96 100644
> >> >> --- a/net/netfilter/nf_tables_api.c
> >> >> +++ b/net/netfilter/nf_tables_api.c
> >> >> @@ -7152,6 +7152,10 @@ static int __net_init nf_tables_init_net(struct net *net)
> >> >> {
> >> >> INIT_LIST_HEAD(&net->nft.tables);
> >> >> INIT_LIST_HEAD(&net->nft.commit_list);
> >> >> +
> >> >> +#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
> >> >
> >> > Probably better:
> >> >
> >> > #if IS_ENABLED(CONFIG_NF_CONNTRACK_TIMEOUT)
> >>
> >> CONFIG_NF_CT_NETLINK_TIMEOUT is required for struct
> >> nf_conntrack_l4proto to have a member struct ctnl_timeout.
> >
> > No. A structure definition doesn't create a dependency that would
> > break things.
> >
> > You just have to include the header file and use it, that's all.
>
> With CONFIG_NF_CT_NETLINK_TIMEOUT = n and CONFIG_NF_CONNTRACK_TIMEOUT
> = y, it doesn't compile properly if I change it to
> IS_ENABLED(CONFIG_NF_CONNTRACK_TIMEOUT) in nft_ct.c with error "‘const
> struct nf_conntrack_l4proto’ has no member named ‘ctnl_timeout’".
> Do you still want me to change it here ?
Leave it as it is, we can revisit this later.
Address other feedback in this patch. Specifically, you have to add
net->nft.cttimeout_list, that's an important change. Otherwise, we'll
have problems mixing iptables with nftables.
Thanks Harsha.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
