From patchwork Tue Jul 10 14:01:28 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
X-Patchwork-Id: 942001
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="V5Z3xOt5"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 41Q3zR2gBLz9s01
	for <incoming@patchwork.ozlabs.org>;
	Wed, 11 Jul 2018 00:11:47 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933336AbeGJOLq (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Tue, 10 Jul 2018 10:11:46 -0400
Received: from mail-wr1-f66.google.com ([209.85.221.66]:34495 "EHLO
	mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754265AbeGJOLp (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Tue, 10 Jul 2018 10:11:45 -0400
Received: by mail-wr1-f66.google.com with SMTP id c13-v6so14753796wrt.1
	for <netfilter-devel@vger.kernel.org>;
	Tue, 10 Jul 2018 07:11:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=2h42TOCq7WU90P47gwcoh7n5HiSNtUZ5/UlQRZ5njJE=;
	b=V5Z3xOt5MrEyqtlygOZ6GdFQSrZAATeqKK1eZagg/fa5QEeJENfIrEv3CIIBIf0Dcd
	jQKvRtBcnQJkDUXvyIqKHnqz4XYpzod2zuN3QIZSNFB5mgqmVw4UObMfujgjUvC/4M0Z
	yJMfswExzbFakePF3/MAJGV0xSOIH98BVzsdHzOH3QcMsT7S4ZGLGsxmjYpHXlXB791I
	yJfh17S6FjlQ/EY+hGoer6695SaFVkMfEd8Rjf2P3w2MBQJd6k3aDzRZfV5PPCburTcV
	OjqGOBkARMLiD6uMbGtw/16b8qqTXn44v6Eg0IeXapWk24pf1CRl8hWV6pYKHPrknE8W
	yhPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=2h42TOCq7WU90P47gwcoh7n5HiSNtUZ5/UlQRZ5njJE=;
	b=Ij7WglKz15hv8Up2s1QApXXPQtZucQo4BUa8PMo6/5GgZfZR9WO0GvBg35FyxB+4vC
	eOXMSf+loN+CTdfPhNzku9HzFhNUCyGbq7rZw6SNRmkNF97v402DIkfEpgrT7WyUyzgs
	07eiDQ55V5rUVeFGX002tCZkHIO4pRRbLVJRUIx7VvVJpzEZ0duG18tXU1Z6Nb9Ty3Aq
	oMDvlTEZtKupv26YE1uBhqKZt4e5hloieFRej2nLrV5DVDgi8DUzocr9e8zd53/lNkSZ
	AYOE2Zn3eO3WqM/GSAz9lp+zCyTPNh9UzTOFJ7pNMKawlPuAChP6FITsU5AsVE/Zx1m6
	EkIw==
X-Gm-Message-State: AOUpUlHj5mBuAoIDoei5MHdJY/Jck5qt2hG6rImWvyl2k4v/dd6CntDZ
	6uFnLQ4NtMTtF2F36+Ekh36nWhtE
X-Google-Smtp-Source: 
 AAOMgpeEzOqwGKVXExW+7T4IbjhYm0cycouu7vq7u0YUl4Gdftrx4ookI8TFXWl8K1qEI108QkLbvg==
X-Received: by 2002:adf:a49a:: with SMTP id
	g26-v6mr651866wrb.91.1531231903830;
	Tue, 10 Jul 2018 07:11:43 -0700 (PDT)
Received: from ecklm-lapos.localdomain (ecklm-pi.sch.bme.hu.
	[152.66.179.182]) by smtp.gmail.com with ESMTPSA id
	d4-v6sm15320038wrp.51.2018.07.10.07.11.41
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 10 Jul 2018 07:11:42 -0700 (PDT)
From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: arnd@arndb.de, pablo@netfilter.org, fw@strlen.de
Subject: [PATCH v2 nf-next] netfilter: Kconfig: Change select dependencies
	from IPV6 to NF_TABLES_IPV6 and IP6_NF_IPTABLES
Date: Tue, 10 Jul 2018 16:01:28 +0200
Message-Id: <20180710140127.459-1-ecklm94@gmail.com>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180710105605.evgtmjiq5z46zld6@salvia>
References: <20180710105605.evgtmjiq5z46zld6@salvia>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

In some cases module selects depend on IPV6, but this means that they
select another module even if eg. NF_TABLES_IPV6 is not set in which
case the selected module is useless due to the lack of IPv6 nf_tables
functionality.

The same applies for IP6_NF_IPTABLES and iptables.

Joint work with: Arnd Bermann <arnd@arndb.de>

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---

v2: squashes (with some refinement) the following patches:
 - netfilter: Kconfig: Change select dependencies from IPV6 to NF_TABLES_IPV6 and IP6_NF_IPTABLES (https://patchwork.ozlabs.org/patch/936305/)
 - netfilter: fix NETFILTER_XT_TARGET_TEE dependencies (https://patchwork.ozlabs.org/patch/940460/)
 - netfilter: xt_tee: fix calling nf_dup_ipv6 (https://patchwork.ozlabs.org/patch/941374/)
 - netfilter: NFT_SOCKET don't use NF_SOCKET_IPV6 without NF_TABLES_IPV6 (https://patchwork.ozlabs.org/patch/941696/)

Now nothing that is specific to nftables or xtables uses CONFIG_IPV6 as a
compile-time criterion.
	$ find net/{,ipv6}/netfilter -name "*.[hc]" -exec grep --color -H "CONFIG_IPV6" {} \;
	net//netfilter/nf_conntrack_proto.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_proto.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_proto.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_proto.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_proto.c:#endif /* CONFIG_IPV6 */
	net//netfilter/nf_conntrack_proto.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_proto.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_proto.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_core.c:#if IS_ENABLED(CONFIG_IPV6)
	net//netfilter/nf_conntrack_core.c:#if IS_ENABLED(CONFIG_IPV6)

Nothing that is specific to nftables or iptables use 'select <module> if IPV6.

 net/netfilter/Kconfig      | 6 +++---
 net/netfilter/nft_socket.c | 4 ++--
 net/netfilter/xt_TEE.c     | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index f5866eb6911b..6c65d756e603 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -628,7 +628,7 @@ config NFT_SOCKET
 	tristate "Netfilter nf_tables socket match support"
 	depends on IPV6 || IPV6=n
 	select NF_SOCKET_IPV4
-	select NF_SOCKET_IPV6 if IPV6
+	select NF_SOCKET_IPV6 if NF_TABLES_IPV6
 	help
 	  This option allows matching for the presence or absence of a
 	  corresponding socket and its attributes.
@@ -894,7 +894,7 @@ config NETFILTER_XT_TARGET_LOG
 	tristate "LOG target support"
 	select NF_LOG_COMMON
 	select NF_LOG_IPV4
-	select NF_LOG_IPV6 if IPV6
+	select NF_LOG_IPV6 if IP6_NF_IPTABLES
 	default m if NETFILTER_ADVANCED=n
 	help
 	  This option adds a `LOG' target, which allows you to create rules in
@@ -986,7 +986,7 @@ config NETFILTER_XT_TARGET_TEE
 	depends on IPV6 || IPV6=n
 	depends on !NF_CONNTRACK || NF_CONNTRACK
 	select NF_DUP_IPV4
-	select NF_DUP_IPV6 if IPV6
+	select NF_DUP_IPV6 if IP6_NF_IPTABLES
 	---help---
 	This option adds a "TEE" target with which a packet can be cloned and
 	this clone be rerouted to another nexthop.
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
index 74e1b3bd6954..70e2690afc72 100644
--- a/net/netfilter/nft_socket.c
+++ b/net/netfilter/nft_socket.c
@@ -28,7 +28,7 @@ static void nft_socket_eval(const struct nft_expr *expr,
 		case NFPROTO_IPV4:
 			sk = nf_sk_lookup_slow_v4(nft_net(pkt), skb, nft_in(pkt));
 			break;
-#if IS_ENABLED(CONFIG_NF_SOCKET_IPV6)
+#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
 		case NFPROTO_IPV6:
 			sk = nf_sk_lookup_slow_v6(nft_net(pkt), skb, nft_in(pkt));
 			break;
@@ -74,7 +74,7 @@ static int nft_socket_init(const struct nft_ctx *ctx,
 
 	switch(ctx->family) {
 	case NFPROTO_IPV4:
-#if IS_ENABLED(CONFIG_NF_SOCKET_IPV6)
+#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
 	case NFPROTO_IPV6:
 #endif
 	case NFPROTO_INET:
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index 475957cfcf50..0d0d68c989df 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -38,7 +38,7 @@ tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
 	return XT_CONTINUE;
 }
 
-#if IS_ENABLED(CONFIG_IPV6)
+#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
 static unsigned int
 tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 {
@@ -141,7 +141,7 @@ static struct xt_target tee_tg_reg[] __read_mostly = {
 		.destroy    = tee_tg_destroy,
 		.me         = THIS_MODULE,
 	},
-#if IS_ENABLED(CONFIG_IPV6)
+#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
 	{
 		.name       = "TEE",
 		.revision   = 1,