From: Jakub Kicinski <kuba@kernel.org>
To: Breno Leitao <leitao@debian.org>
Cc: fw@strlen.de, davem@davemloft.net, edumazet@google.com,
pabeni@redhat.com, rbc@meta.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH nf-next v2 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable
Date: Sat, 24 Aug 2024 10:37:56 -0700 [thread overview]
Message-ID: <20240824103756.4fb39abc@kernel.org> (raw)
In-Reply-To: <20240823174855.3052334-1-leitao@debian.org>
On Fri, 23 Aug 2024 10:48:51 -0700 Breno Leitao wrote:
> These two patches make IP_NF_IPTABLES_LEGACY and IP6_NF_IPTABLES_LEGACY
> Kconfigs user selectable, avoiding creating an extra dependency by
> enabling some other config that would select IP{6}_NF_IPTABLES_LEGACY.
Resulting config in CI still differs quite a bit:
--- config.1 2024-08-23 14:19:10.000000000 -0700
+++ config 2024-08-24 05:18:52.000000000 -0700
@@ -1246,7 +1246,7 @@ CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
# CONFIG_NETFILTER_XT_TARGET_CT is not set
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
-CONFIG_NETFILTER_XT_TARGET_HL=m
+# CONFIG_NETFILTER_XT_TARGET_HL is not set
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
# CONFIG_NETFILTER_XT_TARGET_LED is not set
@@ -1333,22 +1333,21 @@ CONFIG_NF_TABLES_IPV4=y
# CONFIG_NF_DUP_IPV4 is not set
CONFIG_NF_LOG_ARP=m
CONFIG_NF_LOG_IPV4=m
-CONFIG_NF_REJECT_IPV4=y
+CONFIG_NF_REJECT_IPV4=m
CONFIG_IP_NF_IPTABLES=m
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_ECN is not set
CONFIG_IP_NF_MATCH_RPFILTER=m
# CONFIG_IP_NF_MATCH_TTL is not set
-CONFIG_IP_NF_FILTER=m
-CONFIG_IP_NF_TARGET_REJECT=m
+# CONFIG_IP_NF_FILTER is not set
+# CONFIG_IP_NF_TARGET_REJECT is not set
# CONFIG_IP_NF_TARGET_SYNPROXY is not set
CONFIG_IP_NF_NAT=m
-CONFIG_IP_NF_TARGET_MASQUERADE=m
+# CONFIG_IP_NF_TARGET_MASQUERADE is not set
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_REDIRECT is not set
-CONFIG_IP_NF_MANGLE=m
+# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_TARGET_ECN is not set
-CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
# CONFIG_IP_NF_ARPFILTER is not set
# end of IP: Netfilter Configuration
@@ -1363,7 +1362,7 @@ CONFIG_NF_TABLES_IPV6=y
# CONFIG_NFT_DUP_IPV6 is not set
# CONFIG_NFT_FIB_IPV6 is not set
# CONFIG_NF_DUP_IPV6 is not set
-CONFIG_NF_REJECT_IPV6=y
+CONFIG_NF_REJECT_IPV6=m
CONFIG_NF_LOG_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
# CONFIG_IP6_NF_MATCH_AH is not set
@@ -1376,11 +1375,10 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_RPFILTER=m
# CONFIG_IP6_NF_MATCH_RT is not set
# CONFIG_IP6_NF_MATCH_SRH is not set
-# CONFIG_IP6_NF_TARGET_HL is not set
-CONFIG_IP6_NF_FILTER=m
-CONFIG_IP6_NF_TARGET_REJECT=m
+# CONFIG_IP6_NF_FILTER is not set
+# CONFIG_IP6_NF_TARGET_REJECT is not set
# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
-CONFIG_IP6_NF_MANGLE=m
+# CONFIG_IP6_NF_MANGLE is not set
CONFIG_IP6_NF_RAW=m
CONFIG_IP6_NF_NAT=m
# CONFIG_IP6_NF_TARGET_MASQUERADE is not set
--
pw-bot: cr
next prev parent reply other threads:[~2024-08-24 17:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-23 17:48 [PATCH nf-next v2 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable Breno Leitao
2024-08-23 17:48 ` [PATCH nf-next v2 1/2] " Breno Leitao
2024-08-23 17:48 ` [PATCH nf-next v2 2/2] netfilter: Make IP6_NF_IPTABLES_LEGACY selectable Breno Leitao
2024-08-24 17:37 ` Jakub Kicinski [this message]
2024-08-27 14:31 ` [PATCH nf-next v2 0/2] netfilter: Make IP_NF_IPTABLES_LEGACY selectable Breno Leitao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240824103756.4fb39abc@kernel.org \
--to=kuba@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=leitao@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=rbc@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.