Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#3083 - [nftables] invalid/obsolete and missing and unset kconf for kernel 5.4 #8545

Closed
openwrt-bot opened this issue May 9, 2020 · 1 comment
Labels

Comments

@openwrt-bot
Copy link

n8v8R:

upstream source https://github.com/torvalds/linux/blob/v5.4/net/netfilter/Kconfig#L442 is not matching downstream, in particular it seems that:

  • downstream exhibiting obsolete kconf

CONFIG_NF_TABLES_ARP
CONFIG_NF_TABLES_BRIDGE

  • downstream missing kconf (impeding nft functionality)

NFT_NUMGEN
NFT_CT
NFT_COUNTER
NFT_LOG
NFT_LIMIT
NFT_MASQ
NFT_REDIR
NFT_NAT
NFT_QUEUE
NFT_QUOTA
NFT_REJECT
NFT_REJECT_INET
NFT_COMPAT
NFT_HASH
NFT_FIB_INET
NF_DUP_NETDEV
NFT_DUP_NETDEV
NFT_FWD_NETDEV

  • downstream unset kconf (impeding nft functionality)

NFT_FLOW_OFFLOAD
NFT_CONNLIMIT
NFT_TUNNEL
NFT_OBJREF
NFT_XFRM
NFT_SOCKET
NFT_OSF
NFT_TPROXY

@openwrt-bot
Copy link
Author

n8v8R:

Tested with

{"kernel":"5.4.45","hostname":"OpenWrt","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"cznic,turris-omnia","release":{"distribution":"OpenWrt","version":"SNAPSHOT","revision":"r13552-cd09f26660","target":"mvebu/cortexa9","description":"OpenWrt SNAPSHOT r13552-cd09f26660"}}


  • downstream exhibiting obsolete kconf

zcat /proc/config.gz | grep NF_TABLES
CONFIG_NF_TABLES_ARP=y
CONFIG_NF_TABLES_BRIDGE=m

Though only a few bytes for housekeeping purpose should be removed


  • downstream missing kconf (impeding nft functionality)

All kconf flags are available.


  • downstream unset kconf (impeding nft functionality)

xzgrep -E 'NFT.*set' /proc/config.gz

CONFIG_NFT_CONNLIMIT is not set

CONFIG_NFT_TUNNEL is not set

CONFIG_NFT_QUEUE is not set

CONFIG_NFT_COMPAT is not set

CONFIG_NFT_XFRM is not set

CONFIG_NFT_SOCKET is not set

CONFIG_NFT_OSF is not set

CONFIG_NFT_TPROXY is not set

CONFIG_NFT_SYNPROXY is not set

CONFIG_NFT_FIB_NETDEV is not set

CONFIG_NFT_DUP_IPV4 is not set

CONFIG_NFT_DUP_IPV6 is not set

CONFIG_NFTL is not set

CONFIG_INFTL is not set

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant