From: Patrick McHardy <kaber@trash.net>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: KOVACS Krisztian <hidden@balabit.hu>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
Balazs Scheidler <bazsi@balabit.hu>,
David Miller <davem@davemloft.net>
Subject: Re: [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a separate module
Date: Mon, 25 Oct 2010 22:42:48 +0200 [thread overview]
Message-ID: <4CC5EBC8.9000701@trash.net> (raw)
In-Reply-To: <1288001640.2826.96.camel@edumazet-laptop>
Am 25.10.2010 12:14, schrieb Eric Dumazet:
> Le lundi 25 octobre 2010 à 11:38 +0200, KOVACS Krisztian a écrit :
>> Hi,
>>
>> On Fri, 2010-10-22 at 00:19 +0200, Eric Dumazet wrote:
>>> Le jeudi 21 octobre 2010 à 16:04 +0200, Patrick McHardy a écrit :
>>>> Am 21.10.2010 13:43, schrieb KOVACS Krisztian:
>>>>> tproxy: split off ipv6 defragmentation to a separate module
>>>>>
>>>>> Like with IPv4, TProxy needs IPv6 defragmentation but does not
>>>>> require connection tracking. Since defragmentation was coupled
>>>>> with conntrack, I split off the two, creating an nf_defrag_ipv6 module,
>>>>> similar to the already existing nf_defrag_ipv4.
>>>>
>>>> Applied, thanks.
>>>
>>> Hmm...
>>>
>>> CONFIG_IPV6=m
>>> CONFIG_NETFILTER_TPROXY=m
>>>
>>>
>>> MODPOST 201 modules
>>> ERROR: "nf_defrag_ipv6_enable" [net/netfilter/xt_TPROXY.ko] undefined!
>>> ERROR: "ipv6_find_hdr" [net/netfilter/xt_TPROXY.ko] undefined!
>>>
>>> Sorry, it's late here, I wont fix this ;)
>>
>> Oops, I guess this is because you do have IPv6 support but don't have
>> ip6tables enabled in your config. Does the patch below fix the issue for
>> you? (For me it now compiles with and without IPv6 conntrack, ip6tables
>> and IPv6 support, too.)
>>
>>
>
> I had ip6tables enabled, but not CONFIG_NF_CONNTRACK_IPV6 ;)
>
>>
>> netfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and xt_TPROXY
>>
>> One of the previous tproxy related patches split IPv6 defragmentation and
>> connection tracking, but did not correctly add Kconfig stanzas to handle the
>> new dependencies correctly. This patch fixes that by making the config options
>> mirror the setup we have for IPv4: a distinct config option for defragmentation
>> that is automatically selected by both connection tracking and
>> xt_TPROXY/xt_socket.
>>
>> The patch also changes the #ifdefs enclosing IPv6 specific code in xt_socket
>> and xt_TPROXY: we only compile these in case we have ip6tables support enabled.
>>
>> Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
>
> Reported-and-tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Dave, please apply directly. Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-10-25 20:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-21 10:47 [PATCH v2 0/9] tproxy: add IPv6 support KOVACS Krisztian
2010-10-21 10:47 ` [PATCH v2 2/9] tproxy: added const specifiers to udp lookup functions KOVACS Krisztian
2010-10-21 14:05 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 5/9] tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled KOVACS Krisztian
2010-10-21 14:11 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a separate module KOVACS Krisztian
2010-10-21 11:30 ` Patrick McHardy
2010-10-21 11:43 ` KOVACS Krisztian
2010-10-21 14:04 ` Patrick McHardy
2010-10-21 22:19 ` Eric Dumazet
2010-10-25 9:38 ` KOVACS Krisztian
2010-10-25 10:14 ` Eric Dumazet
2010-10-25 20:42 ` Patrick McHardy [this message]
2010-10-25 20:54 ` David Miller
2010-10-21 10:47 ` [PATCH v2 3/9] tproxy: added udp6_lib_lookup function KOVACS Krisztian
2010-10-21 14:06 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 4/9] tproxy: added tproxy sockopt interface in the IPV6 layer KOVACS Krisztian
2010-10-21 14:09 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 6/9] tproxy: added IPv6 socket lookup function to nf_tproxy_core KOVACS Krisztian
2010-10-21 14:12 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 7/9] tproxy: added IPv6 support to the TPROXY target KOVACS Krisztian
2010-10-21 14:17 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 8/9] tproxy: added IPv6 support to the socket match KOVACS Krisztian
2010-10-21 14:20 ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 9/9] tproxy: use the interface primary IP address as a default value for --on-ip KOVACS Krisztian
2010-10-21 14:21 ` Patrick McHardy
2010-10-21 14:26 ` Amos Jeffries
2010-10-21 14:48 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CC5EBC8.9000701@trash.net \
--to=kaber@trash.net \
--cc=bazsi@balabit.hu \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=hidden@balabit.hu \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.