Re: [PATCH] netfilter: NFT_SOCKET don't use NF_SOCKET_IPV6 without NF_TABLES_IPV6

From: Pablo Neira Ayuso
Date: Tue Jul 10 2018 - 06:56:22 EST

Next message: Leon Romanovsky: "Re: [PATCH] ib/mlx4: adjust gfp flags for DMA allocations"
Previous message: Petr Mladek: "Re: INFO: rcu detected stall in llcp_sock_sendmsg"
In reply to: MÃtÃ Eckl: "Re: [PATCH] netfilter: NFT_SOCKET don't use NF_SOCKET_IPV6 without NF_TABLES_IPV6"
Next in thread: MÃtÃ Eckl: "Re: [PATCH] netfilter: NFT_SOCKET don't use NF_SOCKET_IPV6 without NF_TABLES_IPV6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 10, 2018 at 11:10:40AM +0200, Arnd Bergmann wrote:
> On Tue, Jul 10, 2018 at 10:05 AM, Máté Eckl <ecklm94@xxxxxxxxx> wrote:
> > On Tue, Jul 10, 2018 at 10:02:27AM +0200, Máté Eckl wrote:
> >> On Mon, Jul 09, 2018 at 11:35:09PM +0200, Arnd Bergmann wrote:
> >> > It is now possible to build the nft_socket module as built-in when
> >> > NF_TABLES_IPV6 is disabled, and have NF_SOCKET_IPV6=m set manually.
> >> >
> >> > In this case, the NF_SOCKET_IPV6 functionality will be useless according
> >> > to the explanation in commit 35bf1ccecaaa ("netfilter: Kconfig: Change
> >> > IPv6 select dependencies"), but on top of that it also causes a link
> >> > error:
> >> >
> >> > net/netfilter/nft_socket.o: In function `nft_socket_eval':
> >> > nft_socket.c:(.text+0x162): undefined reference to `nf_sk_lookup_slow_v6'
> >> >
> >> > This changes the compile-time check so we don't attempt to use
> >> > the NF_SOCKET_IPV6 code when it cannot be used, and make it all
> >> > compile again. That may lead to unexpected behavior when a user
> >> > enables NF_SOCKET_IPV6 but cannot use it, but seems to be the
> >> > logical conclusion of the 35bf1ccecaaa change.
> >> >
> >> > Fixes: 35bf1ccecaaa ("netfilter: Kconfig: Change IPv6 select dependencies")
> >> > Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
> >>
> >> I think this should be fixed in the Kconfig rather than inside the module(s).
>
> Should we revert your patch then, or do you have a better idea?

Máté, would you resubmit a new patch that addresses all the problems
that Arnd is reporting in one go?

I think it's better if we toss your original patch in the tree and
rebase, ie. take the new one that fixes all issues that Arnd is
reporting. It would be good if we can sort out this before I send the
next pull request for net-next stuff.

I was afraid of fallout like this when I saw your original patch,
kbuild is always tricky.

Please Cc Arnd, Florian and me for review.

Thanks!

Next message: Leon Romanovsky: "Re: [PATCH] ib/mlx4: adjust gfp flags for DMA allocations"
Previous message: Petr Mladek: "Re: INFO: rcu detected stall in llcp_sock_sendmsg"
In reply to: MÃtÃ Eckl: "Re: [PATCH] netfilter: NFT_SOCKET don't use NF_SOCKET_IPV6 without NF_TABLES_IPV6"
Next in thread: MÃtÃ Eckl: "Re: [PATCH] netfilter: NFT_SOCKET don't use NF_SOCKET_IPV6 without NF_TABLES_IPV6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]