From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Randy Dunlap <rdunlap@xenotime.net>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
linux-next@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
netfilter-devel@vger.kernel.org
Subject: Re: linux-next: Tree for Sept 18 (netfilter)
Date: Tue, 18 Sep 2012 21:13:55 +0200 [thread overview]
Message-ID: <20120918191355.GA661@1984> (raw)
In-Reply-To: <5058A8A7.7000604@xenotime.net>
[-- Attachment #1: Type: text/plain, Size: 588 bytes --]
On Tue, Sep 18, 2012 at 10:00:23AM -0700, Randy Dunlap wrote:
> On 09/17/2012 11:37 PM, Stephen Rothwell wrote:
>
> > Hi all,
> >
> > Changes since 201209017:
> >
>
> on x86_64:
>
> ERROR: "ip6t_do_table" [net/ipv6/netfilter/ip6table_nat.ko] undefined!
> ERROR: "ip6t_register_table" [net/ipv6/netfilter/ip6table_nat.ko] undefined!
> ERROR: "ip6t_alloc_initial_table" [net/ipv6/netfilter/ip6table_nat.ko] undefined!
> ERROR: "ip6t_unregister_table" [net/ipv6/netfilter/ip6table_nat.ko] undefined!
>
>
> Full randconfig file is attached.
This should fix it. Thanks for the report.
[-- Attachment #2: 0001-netfilter-fix-IPv6-NAT-dependencies-in-Kconfig.patch --]
[-- Type: text/x-diff, Size: 5464 bytes --]
>From 78c2b7d8b8978e77fde5b11b3f27a0cd1031fe94 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 18 Sep 2012 21:03:39 +0200
Subject: [PATCH] netfilter: fix IPv6 NAT dependencies in Kconfig
* NF_NAT_IPV6 requires IP6_NF_IPTABLES
* IP6_NF_TARGET_MASQUERADE, IP6_NF_TARGET_NETMAP, IP6_NF_TARGET_REDIRECT
and IP6_NF_TARGET_NPT require NF_NAT_IPV6.
This change just mirrors what IPv4 does in Kconfig, for consistency.
Reported-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/ipv6/netfilter/Kconfig | 110 ++++++++++++++++++++++----------------------
1 file changed, 55 insertions(+), 55 deletions(-)
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 3b73254..d8f276b 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -25,18 +25,6 @@ config NF_CONNTRACK_IPV6
To compile it as a module, choose M here. If unsure, say N.
-config NF_NAT_IPV6
- tristate "IPv6 NAT"
- depends on NF_CONNTRACK_IPV6
- depends on NETFILTER_ADVANCED
- select NF_NAT
- help
- The IPv6 NAT option allows masquerading, port forwarding and other
- forms of full Network Address Port Translation. It is controlled by
- the `nat' table in ip6tables, see the man page for ip6tables(8).
-
- To compile it as a module, choose M here. If unsure, say N.
-
config IP6_NF_IPTABLES
tristate "IP6 tables support (required for filtering)"
depends on INET && IPV6
@@ -144,48 +132,6 @@ config IP6_NF_TARGET_HL
(e.g. when running oldconfig). It selects
CONFIG_NETFILTER_XT_TARGET_HL.
-config IP6_NF_TARGET_MASQUERADE
- tristate "MASQUERADE target support"
- depends on NF_NAT_IPV6
- help
- Masquerading is a special case of NAT: all outgoing connections are
- changed to seem to come from a particular interface's address, and
- if the interface goes down, those connections are lost. This is
- only useful for dialup accounts with dynamic IP address (ie. your IP
- address will be different on next dialup).
-
- To compile it as a module, choose M here. If unsure, say N.
-
-config IP6_NF_TARGET_NETMAP
- tristate "NETMAP target support"
- depends on NF_NAT_IPV6
- help
- NETMAP is an implementation of static 1:1 NAT mapping of network
- addresses. It maps the network address part, while keeping the host
- address part intact.
-
- To compile it as a module, choose M here. If unsure, say N.
-
-config IP6_NF_TARGET_REDIRECT
- tristate "REDIRECT target support"
- depends on NF_NAT_IPV6
- help
- REDIRECT is a special case of NAT: all incoming connections are
- mapped onto the incoming interface's address, causing the packets to
- come to the local machine instead of passing through. This is
- useful for transparent proxies.
-
- To compile it as a module, choose M here. If unsure, say N.
-
-config IP6_NF_TARGET_NPT
- tristate "NPT (Network Prefix translation) target support"
- depends on NETFILTER_ADVANCED
- help
- This option adds the `SNPT' and `DNPT' target, which perform
- stateless IPv6-to-IPv6 Network Prefix Translation per RFC 6296.
-
- To compile it as a module, choose M here. If unsure, say N.
-
config IP6_NF_FILTER
tristate "Packet filtering"
default m if NETFILTER_ADVANCED=n
@@ -235,9 +181,63 @@ config IP6_NF_SECURITY
help
This option adds a `security' table to iptables, for use
with Mandatory Access Control (MAC) policy.
-
+
If unsure, say N.
+config NF_NAT_IPV6
+ tristate "IPv6 NAT"
+ depends on NF_CONNTRACK_IPV6
+ depends on NETFILTER_ADVANCED
+ select NF_NAT
+ help
+ The IPv6 NAT option allows masquerading, port forwarding and other
+ forms of full Network Address Port Translation. It is controlled by
+ the `nat' table in ip6tables, see the man page for ip6tables(8).
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+if NF_NAT_IPV6
+
+config IP6_NF_TARGET_MASQUERADE
+ tristate "MASQUERADE target support"
+ help
+ Masquerading is a special case of NAT: all outgoing connections are
+ changed to seem to come from a particular interface's address, and
+ if the interface goes down, those connections are lost. This is
+ only useful for dialup accounts with dynamic IP address (ie. your IP
+ address will be different on next dialup).
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config IP6_NF_TARGET_NETMAP
+ tristate "NETMAP target support"
+ help
+ NETMAP is an implementation of static 1:1 NAT mapping of network
+ addresses. It maps the network address part, while keeping the host
+ address part intact.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config IP6_NF_TARGET_REDIRECT
+ tristate "REDIRECT target support"
+ help
+ REDIRECT is a special case of NAT: all incoming connections are
+ mapped onto the incoming interface's address, causing the packets to
+ come to the local machine instead of passing through. This is
+ useful for transparent proxies.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+config IP6_NF_TARGET_NPT
+ tristate "NPT (Network Prefix translation) target support"
+ help
+ This option adds the `SNPT' and `DNPT' target, which perform
+ stateless IPv6-to-IPv6 Network Prefix Translation per RFC 6296.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
+endif # NF_NAT_IPV6
+
endif # IP6_NF_IPTABLES
endmenu
--
1.7.10.4
prev parent reply other threads:[~2012-09-18 19:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20120918163755.0a5e6757d3ae75ecb43373a0@canb.auug.org.au>
2012-09-18 17:00 ` linux-next: Tree for Sept 18 (netfilter) Randy Dunlap
2012-09-18 19:13 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120918191355.GA661@1984 \
--to=pablo@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).