From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: Bernhard Thaler <bernhard.thaler@wvnet.at>,
kadlec@blackhole.kfki.hu, netfilter-devel@vger.kernel.org
Subject: Re: [RFC PATCH nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n
Date: Wed, 15 Jul 2015 19:47:02 +0200 [thread overview]
Message-ID: <20150715174702.GA7407@salvia> (raw)
In-Reply-To: <20150706214113.GG16864@breakpoint.cc>
On Mon, Jul 06, 2015 at 11:41:13PM +0200, Florian Westphal wrote:
> Bernhard Thaler <bernhard.thaler@wvnet.at> wrote:
[...]
> > > Might also make sense to not create the sysctl and sysfs entry in the
> > > first place if no ip6tables is available.
> >
> > Totally agree, it would be the best solution.
> >
> > My idea was that I do not know how admins and their existing scripts
> > react if sysctl and sysfs entry are gone entirely...and if everybody
> > assumes the default is 0 if these entry do not exist.
> >
> > But scripts that do not check the return code of their write operations
> > on the sysctl and sysfs may not check for the existance of these entries
> > either...
>
> Yes, thats the problem, a script checking the errors would break as
> well.
>
> Fortunately its not really important since this only affects custom
> kernel builds.
Right. I think it would be good to have that patch to disable the
/proc interface when CONFIG_IPV6 is not built.
Would you please send us that patch Bernhard?
> > A message in dmesg log explaining that ip6tables sysctl and sysfs
> > entries are not exposed due to CONFIG_IPV6=n (and/or IP6_NF_IPTABLES)
> > may be more helpful to understand what is going on.
>
> Hmm, not sure if there is any point in doing that.
> We don't do that in other cases either, the assumotion is that if you
> build your own kernels you better know what you're doing (also, in this
> case ip6tables doesn't work either which is hopefully the right clue...)
Agreed.
next prev parent reply other threads:[~2015-07-15 17:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-05 21:15 [RFC PATCH nf] netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n Bernhard Thaler
2015-07-05 21:53 ` Florian Westphal
2015-07-06 21:00 ` Bernhard Thaler
2015-07-06 21:41 ` Florian Westphal
2015-07-15 17:47 ` Pablo Neira Ayuso [this message]
2015-07-16 0:34 ` [PATCHv2 " Bernhard Thaler
2015-07-16 11:17 ` Pablo Neira Ayuso
2015-07-17 23:37 ` Bernhard Thaler
2015-07-20 13:18 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150715174702.GA7407@salvia \
--to=pablo@netfilter.org \
--cc=bernhard.thaler@wvnet.at \
--cc=fw@strlen.de \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.