OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Kernel
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by n8v8R - 09.05.2020

FS#3083 - [nftables] invalid/obsolete and missing and unset kconf for kernel 5.4

upstream source https://github.com/torvalds/linux/blob/v5.4/net/netfilter/Kconfig#L442 is not matching downstream, in particular it seems that:

  • downstream exhibiting obsolete kconf
CONFIG_NF_TABLES_ARP
CONFIG_NF_TABLES_BRIDGE
  • downstream missing kconf (impeding nft functionality)
NFT_NUMGEN
NFT_CT
NFT_COUNTER
NFT_LOG
NFT_LIMIT
NFT_MASQ
NFT_REDIR
NFT_NAT
NFT_QUEUE
NFT_QUOTA
NFT_REJECT
NFT_REJECT_INET
NFT_COMPAT
NFT_HASH
NFT_FIB_INET
NF_DUP_NETDEV
NFT_DUP_NETDEV
NFT_FWD_NETDEV
  • downstream unset kconf (impeding nft functionality)
NFT_FLOW_OFFLOAD
NFT_CONNLIMIT
NFT_TUNNEL
NFT_OBJREF
NFT_XFRM
NFT_SOCKET
NFT_OSF
NFT_TPROXY
n8v8R commented on 12.06.2020 17:22

Tested with

{"kernel":"5.4.45","hostname":"OpenWrt","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"cznic,turris-omnia","release":{"distribution":"OpenWrt","version":"SNAPSHOT","revision":"r13552-cd09f26660","target":"mvebu/cortexa9","description":"OpenWrt SNAPSHOT r13552-cd09f26660"}}
—-
* downstream exhibiting obsolete kconf
zcat /proc/config.gz | grep NF_TABLES
CONFIG_NF_TABLES_ARP=y
CONFIG_NF_TABLES_BRIDGE=m

Though only a few bytes for housekeeping purpose should be removed


* downstream missing kconf (impeding nft functionality)

All kconf flags are available.


* downstream unset kconf (impeding nft functionality)
xzgrep -E 'NFT.*set' /proc/config.gz
# CONFIG_NFT_CONNLIMIT is not set
# CONFIG_NFT_TUNNEL is not set
# CONFIG_NFT_QUEUE is not set
# CONFIG_NFT_COMPAT is not set
# CONFIG_NFT_XFRM is not set
# CONFIG_NFT_SOCKET is not set
# CONFIG_NFT_OSF is not set
# CONFIG_NFT_TPROXY is not set
# CONFIG_NFT_SYNPROXY is not set
# CONFIG_NFT_FIB_NETDEV is not set
# CONFIG_NFT_DUP_IPV4 is not set
# CONFIG_NFT_DUP_IPV6 is not set
# CONFIG_NFTL is not set
# CONFIG_INFTL is not set

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing