[HELP] netfilter Kconfig dependency nightmare

From: Harald Welte
Date: Sat Sep 17 2005 - 03:07:54 EST

Next message: Christoph Hellwig: "Re: I request inclusion of reiser4 in the mainline kernel"
Previous message: Alexey Dobriyan: "ppc64: BPA iommu fails to build (BUILD_BUG_ON)"
Next in thread: Roman Zippel: "Re: [HELP] netfilter Kconfig dependency nightmare"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 16, 2005 at 10:23:15PM -0300, Arnaldo Carvalho de Melo wrote:
> After applying this patch I still get a loop:
>
> [acme@toy net-2.6]$ make O=OUTPUT/oops/ oldconfig | grep Warning
> Warning! Found recursive dependency: IP_NF_CONNTRACK_NETLINK NETFILTER_NETLINK IP_NF_CONNTRACK_NETLINK
> Warning! Found recursive dependency: NETFILTER_NETLINK IP_NF_CONNTRACK_NETLINK NETFILTER_NETLINK NETFILTER_NETLINK_QUEUE
>
> This is using latest Dave tree, the one just before master.kernel.org
> was switched off for moving to Oregon, is there any other patch I should
> apply?

This f!*#$%!#$%ing kconfig dependency is killing me. We have this
incredible inter-dependency between various options, and with every new
feature it's getting more complex. The main reason being to avoid some
bits of dead code in case it's not really needed by some other module.

I'm starting to wonder whether it's really worth saving those few bytes
in some configurations at the expense of this complexity.

Maybe some Kconfig freak can help out. This is the intended dependency
rules:

ip_conntrack == CONFIG_IP_NF_CONNTRACK
nfnetlink == CONFIG_NETFILTER_NETLINK
ip_conntrack_netlink == CONFIG_IP_NF_CONNTRACK_NETLINK

If nfnetlink == N, ip_conntrack can be N or M or Y
If nfnetlink == M, ip_conntrack can be N or M
If nfnetlink == Y, ip_conntrack can be Y or M

If ip_conntrack == N && nfnetlink == N, ip_conntrack_netlink must be N
If ip_conntrack == N && nfnetlink == M, ip_conntrack_netlink must be N
If ip_conntrack == N && nfnetlink == Y, ip_conntrack_netlink must be N

If ip_conntrack == M && nfnetlink == N, ip_conntrack_netlink must be N
If ip_conntrack == M && nfnetlink == M, ip_conntrack_netlink can N or M
If ip_conntrack == M && nfnetlink == Y, ip_conntrack_netlink can N or M

if ip_conntrack == Y && nfnetlink == N, ip_conntrack_netlink must be N
if ip_conntrack == Y && nfnetlink == M, ip_conntrack_netlink can N or M
if ip_conntrack == Y && nfnetlink == Y, ip_conntrack_netlink can N, M or Y

NETfILTER_NETLINK_QUEUE and NETFILTER_NETLINK_LOG only depend on
NETFILER_NETLINK and nothing else.

Cheers,

--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Christoph Hellwig: "Re: I request inclusion of reiser4 in the mainline kernel"
Previous message: Alexey Dobriyan: "ppc64: BPA iommu fails to build (BUILD_BUG_ON)"
Next in thread: Roman Zippel: "Re: [HELP] netfilter Kconfig dependency nightmare"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]