Re: linux-next: Tree for Mar 9 (netfilter)

[Pablo Neira Ayuso]

Hi Hans,

On Sun, Mar 11, 2012 at 05:14:01PM +0100, Hans Schillstrom wrote:
> >Perhaps I'm missing anything but either way (IPv6 as module or
> >built-in) the symbol is still defined. With my patch applied, xt_LOG
> >now depends on IP6_NF_IPTABLES, which depends on IPV6.
> >
> >Moreover we've got other xt_ target and matches that contain both IPv4
> >and IPv6 support that don't require this.
> >
> >Let me know.
> 
> if you compile ipv6 as a module and xt_LOG as builtin (=y)  there is a missing ref to  `ip6t_ext_hdr' at link time ...

ip6t_ext_hdr is defined by ip6_tables:

net/ipv6/netfilter/ip6_tables.c:ip6t_ext_hdr(u8 nexthdr)

AFAICS the dependency should rely on CONFIG_IP6_NF_IPTABLES.

An alternative is to define ip6t_ext_hdr as static inline in
include/linux/netfilter_ipv6/ip6_tables.h, it's fairly small and it's
invoked in the typical packet path if this LOG is used.

> What I did was to resolve that issue i.e. force xt_LOG to be a module if ipv6 is a module

Thanks for reporting this.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/