Re: [OpenWrt-Devel] [RFC 26/27] kernel: netfilter: Adapt merge ipv4/ipv6 masquerade code

Thu, 29 Nov 2018 14:47:19 -0800 

On 11/28/18 6:53 AM, Yousong Zhou wrote:
> On Wed, 28 Nov 2018 at 07:21, Hauke Mehrtens <ha...@hauke-m.de> wrote:
>>
>> In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade
>> code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and
>> CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed
>> to bool and the code will not be compiled as a own module any more, but
>> it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some
>> memory.
>>
>> Activate these options as bool in the generic kernel 4.19 configuration
>> only, to always build them into the nf_nat_ipv*.ko modules. The kmod
>> file will still try to select them as module, but the generic
>> configuration will not be overwritten.
>>
>> Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de>
>> ---
>>  include/netfilter.mk             | 4 ++--
>>  target/linux/generic/config-4.19 | 4 ++--
>>  2 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/netfilter.mk b/include/netfilter.mk
>> index 2d232b5f5c..4b9cc20622 100644
>> --- a/include/netfilter.mk
>> +++ b/include/netfilter.mk
>> @@ -187,10 +187,10 @@ $(eval $(call 
>> nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
>>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
>>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, 
>> $(P_XT)nf_nat_redirect, ge 3.19.0),))
>>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, 
>> $(P_V4)nf_nat_ipv4),))
>> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, 
>> $(P_V4)nf_nat_masquerade_ipv4),))
>> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, 
>> $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),))
>>
>>  $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, 
>> $(P_V6)nf_nat_ipv6),))
>> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, 
>> $(P_V6)nf_nat_masquerade_ipv6),))
>> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, 
>> $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),))
>>
>>  $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, 
>> $(P_XT)xt_nat),))
>>  $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, 
>> $(P_V4)iptable_nat),))
>> diff --git a/target/linux/generic/config-4.19 
>> b/target/linux/generic/config-4.19
>> index c197f58464..5dec53c0f3 100644
>> --- a/target/linux/generic/config-4.19
>> +++ b/target/linux/generic/config-4.19
>> @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y
>>  # CONFIG_NF_NAT_H323 is not set
>>  # CONFIG_NF_NAT_IPV6 is not set
>>  # CONFIG_NF_NAT_IRC is not set
>> -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
>> -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set
>> +CONFIG_NF_NAT_MASQUERADE_IPV4=y
>> +CONFIG_NF_NAT_MASQUERADE_IPV6=y
> 
> The ipv6 config option should be placed into config/Config-kernel.in,
> so that it can depend on the state of CONFIG_KERNEL_IPV6 option.

Hi yousong,

The IPV6 version is only available if CONFIG_IPV6 is selected otherwise
it is not possible to select it:
kernel 4.19:
https://elixir.bootlin.com/linux/v4.19.5/source/net/ipv6/netfilter/Kconfig#L121
kernel 4.9:
https://elixir.bootlin.com/linux/v4.9.141/source/net/ipv6/netfilter/Kconfig#L97

This depends on the kernel version on kernel < 4.18 this should be build
as a module.

Would it be better to add some KConfig options which depend on kernel
4.19 near CONFIG_KERNEL_IPV6 ?

Hauke

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to