On Sun, 13 Dec 2015, Jan Engelhardt wrote:
> On Sunday 2015-12-13 01:32, Dâniel Fraga wrote:
>
> >On Sun, 13 Dec 2015 01:30:17 +0100 (CET)
> >Jan Engelhardt <jengelh@xxxxxxx> wrote:
> >
> >> nf_conntrack_ipv4 is indeed autoloaded (provided modprobe can do it)
> >> when you cause instantiation of a xt_conntrack (or xt_state) rule
> >> object through ip(4)tables. And if modprobe cannot satisfy the
> >> request, that feeds back through the kernel and to iptables, which
> >> may then report it to stderr.
> >
> > No, I mean selected in the "make menuconfig" ;) If the user
> >chooses to compile state module, menuconfig won't select automatically
> >nf_conntrack_ipv4 (and it should, since it depends on it).
>
> There is nothing to add to Kconfig, because there is no build-time
> dependency here. In addition, some people might get grumpy if the
> CONFIG_NETFILTER_XT_MATCH_CONNTRACK gained a dependency on something it
> does not depend on at runtime in 100% of cases.
But the reversed dependency is what seems to be missing, something like
this:
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index a355841..a1dfd23 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -12,6 +12,7 @@ config NF_DEFRAG_IPV4
config NF_CONNTRACK_IPV4
tristate "IPv4 connection tracking support (required for NAT)"
depends on NF_CONNTRACK
+ default NETFILTER_XT_MATCH_CONNTRACK
default m if NETFILTER_ADVANCED=n
select NF_DEFRAG_IPV4
---help---
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
