Re: [PATCH net-next 10/32] netfilter: flowtable: remove ipv4/ipv6 modules

[Geert Uytterhoeven <geert@xxxxxxxxxxxxxx>]

	Hi Pablo, Florian,

On Mon, 10 Jan 2022, Pablo Neira Ayuso wrote:
> From: Florian Westphal <fw@xxxxxxxxx>
>
> Just place the structs and registration in the inet module.
> nf_flow_table_ipv6, nf_flow_table_ipv4 and nf_flow_table_inet share
> same module dependencies: nf_flow_table, nf_tables.
>
> before:
>   text	   data	    bss	    dec	    hex	filename
>   2278	   1480	      0	   3758	    eae	nf_flow_table_inet.ko
>   1159	   1352	      0	   2511	    9cf	nf_flow_table_ipv6.ko
>   1154	   1352	      0	   2506	    9ca	nf_flow_table_ipv4.ko
>
> after:
>   2369	   1672	      0	   4041	    fc9	nf_flow_table_inet.ko
>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

Thanks for your patch, which is now commit c42ba4290b2147aa
("netfilter: flowtable: remove ipv4/ipv6 modules") upstream.

> --- a/net/ipv4/netfilter/Kconfig
> +++ b/net/ipv4/netfilter/Kconfig
> @@ -59,12 +59,8 @@ config NF_TABLES_ARP
> endif # NF_TABLES
>
> config NF_FLOW_TABLE_IPV4
> -	tristate "Netfilter flow table IPv4 module"
> -	depends on NF_FLOW_TABLE
> -	help
> -	  This option adds the flow table IPv4 support.
> -
> -	  To compile it as a module, choose M here.
> +	tristate
> +	select NF_FLOW_TABLE_INET

What is the point in keeping this symbol? It is invisble, selected
by nothing (so it can no longer be enabled), and its last user is
removed below.
Is there a mistake, or should this symbol just be removed?

> config NF_DUP_IPV4
> 	tristate "Netfilter IPv4 packet duplication to alternate destination"

> --- a/net/ipv4/netfilter/Makefile
> +++ b/net/ipv4/netfilter/Makefile
> @@ -24,9 +24,6 @@ obj-$(CONFIG_NFT_REJECT_IPV4) += nft_reject_ipv4.o
>  obj-$(CONFIG_NFT_FIB_IPV4) += nft_fib_ipv4.o
>  obj-$(CONFIG_NFT_DUP_IPV4) += nft_dup_ipv4.o
>
> -# flow table support
> -obj-$(CONFIG_NF_FLOW_TABLE_IPV4) += nf_flow_table_ipv4.o
> -
>  # generic IP tables
>  obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o

> --- a/net/ipv6/netfilter/Kconfig
> +++ b/net/ipv6/netfilter/Kconfig
> @@ -48,12 +48,8 @@ endif # NF_TABLES_IPV6
> endif # NF_TABLES
>
> config NF_FLOW_TABLE_IPV6
> -	tristate "Netfilter flow table IPv6 module"
> -	depends on NF_FLOW_TABLE
> -	help
> -	  This option adds the flow table IPv6 support.
> -
> -	  To compile it as a module, choose M here.
> +	tristate
> +	select NF_FLOW_TABLE_INET

Likewise, except that its last user was not removed:

    net/ipv6/netfilter/Makefile:obj-$(CONFIG_NF_FLOW_TABLE_IPV6) += nf_flow_table_ipv6.o

> config NF_DUP_IPV6
> 	tristate "Netfilter IPv6 packet duplication to alternate destination"

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds