| Message ID | 20181127231449.29188-27-hauke@hauke-m.de |
|---|---|
| State | RFC |
| Delegated to: | Hauke Mehrtens |
| Headers | show |
| Series | Add support for kernel 4.19 | expand |
On Wed, 28 Nov 2018 at 07:21, Hauke Mehrtens <hauke@hauke-m.de> wrote: > > In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade > code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and > CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed > to bool and the code will not be compiled as a own module any more, but > it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some > memory. > > Activate these options as bool in the generic kernel 4.19 configuration > only, to always build them into the nf_nat_ipv*.ko modules. The kmod > file will still try to select them as module, but the generic > configuration will not be overwritten. > > Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> > --- > include/netfilter.mk | 4 ++-- > target/linux/generic/config-4.19 | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/include/netfilter.mk b/include/netfilter.mk > index 2d232b5f5c..4b9cc20622 100644 > --- a/include/netfilter.mk > +++ b/include/netfilter.mk > @@ -187,10 +187,10 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) > $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),)) > $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),)) > $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),)) > -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),)) > +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),)) > > $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),)) > -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),)) > +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),)) > > $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),)) > $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),)) > diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 > index c197f58464..5dec53c0f3 100644 > --- a/target/linux/generic/config-4.19 > +++ b/target/linux/generic/config-4.19 > @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y > # CONFIG_NF_NAT_H323 is not set > # CONFIG_NF_NAT_IPV6 is not set > # CONFIG_NF_NAT_IRC is not set > -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set > -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set > +CONFIG_NF_NAT_MASQUERADE_IPV4=y > +CONFIG_NF_NAT_MASQUERADE_IPV6=y The ipv6 config option should be placed into config/Config-kernel.in, so that it can depend on the state of CONFIG_KERNEL_IPV6 option. Regards, yousong
On 11/28/18 6:53 AM, Yousong Zhou wrote: > On Wed, 28 Nov 2018 at 07:21, Hauke Mehrtens <hauke@hauke-m.de> wrote: >> >> In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade >> code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and >> CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed >> to bool and the code will not be compiled as a own module any more, but >> it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some >> memory. >> >> Activate these options as bool in the generic kernel 4.19 configuration >> only, to always build them into the nf_nat_ipv*.ko modules. The kmod >> file will still try to select them as module, but the generic >> configuration will not be overwritten. >> >> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> >> --- >> include/netfilter.mk | 4 ++-- >> target/linux/generic/config-4.19 | 4 ++-- >> 2 files changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/include/netfilter.mk b/include/netfilter.mk >> index 2d232b5f5c..4b9cc20622 100644 >> --- a/include/netfilter.mk >> +++ b/include/netfilter.mk >> @@ -187,10 +187,10 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),)) >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),)) >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),)) >> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),)) >> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),)) >> >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),)) >> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),)) >> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),)) >> >> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),)) >> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),)) >> diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 >> index c197f58464..5dec53c0f3 100644 >> --- a/target/linux/generic/config-4.19 >> +++ b/target/linux/generic/config-4.19 >> @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y >> # CONFIG_NF_NAT_H323 is not set >> # CONFIG_NF_NAT_IPV6 is not set >> # CONFIG_NF_NAT_IRC is not set >> -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set >> -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set >> +CONFIG_NF_NAT_MASQUERADE_IPV4=y >> +CONFIG_NF_NAT_MASQUERADE_IPV6=y > > The ipv6 config option should be placed into config/Config-kernel.in, > so that it can depend on the state of CONFIG_KERNEL_IPV6 option. Hi yousong, The IPV6 version is only available if CONFIG_IPV6 is selected otherwise it is not possible to select it: kernel 4.19: https://elixir.bootlin.com/linux/v4.19.5/source/net/ipv6/netfilter/Kconfig#L121 kernel 4.9: https://elixir.bootlin.com/linux/v4.9.141/source/net/ipv6/netfilter/Kconfig#L97 This depends on the kernel version on kernel < 4.18 this should be build as a module. Would it be better to add some KConfig options which depend on kernel 4.19 near CONFIG_KERNEL_IPV6 ? Hauke
On Fri, 30 Nov 2018 at 06:26, Hauke Mehrtens <hauke@hauke-m.de> wrote: > > On 11/28/18 6:53 AM, Yousong Zhou wrote: > > On Wed, 28 Nov 2018 at 07:21, Hauke Mehrtens <hauke@hauke-m.de> wrote: > >> > >> In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade > >> code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and > >> CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed > >> to bool and the code will not be compiled as a own module any more, but > >> it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some > >> memory. > >> > >> Activate these options as bool in the generic kernel 4.19 configuration > >> only, to always build them into the nf_nat_ipv*.ko modules. The kmod > >> file will still try to select them as module, but the generic > >> configuration will not be overwritten. > >> > >> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> > >> --- > >> include/netfilter.mk | 4 ++-- > >> target/linux/generic/config-4.19 | 4 ++-- > >> 2 files changed, 4 insertions(+), 4 deletions(-) > >> > >> diff --git a/include/netfilter.mk b/include/netfilter.mk > >> index 2d232b5f5c..4b9cc20622 100644 > >> --- a/include/netfilter.mk > >> +++ b/include/netfilter.mk > >> @@ -187,10 +187,10 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) > >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),)) > >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),)) > >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),)) > >> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),)) > >> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),)) > >> > >> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),)) > >> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),)) > >> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),)) > >> > >> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),)) > >> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),)) > >> diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 > >> index c197f58464..5dec53c0f3 100644 > >> --- a/target/linux/generic/config-4.19 > >> +++ b/target/linux/generic/config-4.19 > >> @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y > >> # CONFIG_NF_NAT_H323 is not set > >> # CONFIG_NF_NAT_IPV6 is not set > >> # CONFIG_NF_NAT_IRC is not set > >> -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set > >> -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set > >> +CONFIG_NF_NAT_MASQUERADE_IPV4=y > >> +CONFIG_NF_NAT_MASQUERADE_IPV6=y > > > > The ipv6 config option should be placed into config/Config-kernel.in, > > so that it can depend on the state of CONFIG_KERNEL_IPV6 option. > > Hi yousong, > > The IPV6 version is only available if CONFIG_IPV6 is selected otherwise > it is not possible to select it: > kernel 4.19: > https://elixir.bootlin.com/linux/v4.19.5/source/net/ipv6/netfilter/Kconfig#L121 > kernel 4.9: > https://elixir.bootlin.com/linux/v4.9.141/source/net/ipv6/netfilter/Kconfig#L97 > > This depends on the kernel version on kernel < 4.18 this should be build > as a module. > > Would it be better to add some KConfig options which depend on kernel > 4.19 near CONFIG_KERNEL_IPV6 ? If this is a trend in the mainline to transform ipv6 options from tristate to bool, then annotating them each in the build system will become unwieldy sooner or later. Thinking it again, the main concern seems to be that we can still tweak out ipv6 from the build by disabling it with CONFIG_KERNEL_IPV6=n. If this is still achievable with IPV6 options in the kernel config presets, then I think it's fine to include them there. There are already several targets with IPV6 options explicitly enabled. It's a bit odd and inconsistent. ➜ ~/git-repo/openwrt/openwrt git:(master) find target/linux -name 'config-*' | xargs ag -s IPV6 | grep = target/linux/layerscape/armv8_64b/config-4.9:690:CONFIG_IPV6=y target/linux/layerscape/armv8_64b/config-4.9:691:CONFIG_IPV6_SIT=y target/linux/layerscape/armv8_32b/config-4.9:643:CONFIG_IPV6=y target/linux/layerscape/armv8_32b/config-4.9:644:CONFIG_IPV6_MULTIPLE_TABLES=y target/linux/layerscape/armv8_32b/config-4.9:645:CONFIG_IPV6_OPTIMISTIC_DAD=y target/linux/layerscape/armv8_32b/config-4.9:646:CONFIG_IPV6_ROUTER_PREF=y target/linux/layerscape/armv8_32b/config-4.9:647:CONFIG_IPV6_SIT=y target/linux/cns3xxx/config-4.14:192:CONFIG_IPV6=y target/linux/cns3xxx/config-4.14:193:CONFIG_IPV6_MROUTE=y target/linux/cns3xxx/config-4.14:194:CONFIG_IPV6_MULTIPLE_TABLES=y target/linux/cns3xxx/config-4.14:196:CONFIG_IPV6_SUBTREES=y target/linux/cns3xxx/config-4.14:259:CONFIG_NF_CONNTRACK_IPV6=m target/linux/cns3xxx/config-4.14:262:CONFIG_NF_DEFRAG_IPV6=m target/linux/cns3xxx/config-4.14:265:CONFIG_NF_LOG_IPV6=m target/linux/cns3xxx/config-4.14:272:CONFIG_NF_REJECT_IPV6=m target/linux/generic/config-4.14:2049:CONFIG_IPV6_NDISC_NODETYPE=y target/linux/generic/config-4.9:1915:CONFIG_IPV6_NDISC_NODETYPE=y target/linux/generic/config-3.18:1609:CONFIG_IPV6_NDISC_NODETYPE=y yousong
On 11/30/18 3:15 AM, Yousong Zhou wrote: > On Fri, 30 Nov 2018 at 06:26, Hauke Mehrtens <hauke@hauke-m.de> wrote: >> >> On 11/28/18 6:53 AM, Yousong Zhou wrote: >>> On Wed, 28 Nov 2018 at 07:21, Hauke Mehrtens <hauke@hauke-m.de> wrote: >>>> >>>> In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade >>>> code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and >>>> CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed >>>> to bool and the code will not be compiled as a own module any more, but >>>> it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some >>>> memory. >>>> >>>> Activate these options as bool in the generic kernel 4.19 configuration >>>> only, to always build them into the nf_nat_ipv*.ko modules. The kmod >>>> file will still try to select them as module, but the generic >>>> configuration will not be overwritten. >>>> >>>> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> >>>> --- >>>> include/netfilter.mk | 4 ++-- >>>> target/linux/generic/config-4.19 | 4 ++-- >>>> 2 files changed, 4 insertions(+), 4 deletions(-) >>>> >>>> diff --git a/include/netfilter.mk b/include/netfilter.mk >>>> index 2d232b5f5c..4b9cc20622 100644 >>>> --- a/include/netfilter.mk >>>> +++ b/include/netfilter.mk >>>> @@ -187,10 +187,10 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) >>>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),)) >>>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),)) >>>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),)) >>>> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),)) >>>> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),)) >>>> >>>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),)) >>>> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),)) >>>> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),)) >>>> >>>> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),)) >>>> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),)) >>>> diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 >>>> index c197f58464..5dec53c0f3 100644 >>>> --- a/target/linux/generic/config-4.19 >>>> +++ b/target/linux/generic/config-4.19 >>>> @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y >>>> # CONFIG_NF_NAT_H323 is not set >>>> # CONFIG_NF_NAT_IPV6 is not set >>>> # CONFIG_NF_NAT_IRC is not set >>>> -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set >>>> -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set >>>> +CONFIG_NF_NAT_MASQUERADE_IPV4=y >>>> +CONFIG_NF_NAT_MASQUERADE_IPV6=y >>> >>> The ipv6 config option should be placed into config/Config-kernel.in, >>> so that it can depend on the state of CONFIG_KERNEL_IPV6 option. >> >> Hi yousong, >> >> The IPV6 version is only available if CONFIG_IPV6 is selected otherwise >> it is not possible to select it: >> kernel 4.19: >> https://elixir.bootlin.com/linux/v4.19.5/source/net/ipv6/netfilter/Kconfig#L121 >> kernel 4.9: >> https://elixir.bootlin.com/linux/v4.9.141/source/net/ipv6/netfilter/Kconfig#L97 >> >> This depends on the kernel version on kernel < 4.18 this should be build >> as a module. >> >> Would it be better to add some KConfig options which depend on kernel >> 4.19 near CONFIG_KERNEL_IPV6 ? > > If this is a trend in the mainline to transform ipv6 options from > tristate to bool, then annotating them each in the build system will > become unwieldy sooner or later. In the netfilter part some kernel modules were merged together, to save some memory. In this change the nf_nat_masquerade_ipv6.ko kernel module will be build into the nf_nat_ipv6.ko kernel module, IPv4 and IPv6 will still be separated. https://git.kernel.org/linus/0168e8b36145a7db353055bdd2673096165c8a3a The only new part were a IPv4 netfilter module depends on a IPv6 module is related to the IPv6 IP defrag module which is now needed by the core netfilter code in case the kernel is compiled with IPv6 support, for the other cases the IPv4 and IPv6 part still stays separate as before. https://git.kernel.org/linus/a0ae2562c6c4b2721d9fddba63b7286c13517d9f > Thinking it again, the main concern seems to be that we can still > tweak out ipv6 from the build by disabling it with > CONFIG_KERNEL_IPV6=n. If this is still achievable with IPV6 options > in the kernel config presets, then I think it's fine to include them > there. I hope this still works, but I will definitely try this before merging the code. > There are already several targets with IPV6 options explicitly > enabled. It's a bit odd and inconsistent. > > ➜ ~/git-repo/openwrt/openwrt git:(master) find target/linux -name > 'config-*' | xargs ag -s IPV6 | grep = > target/linux/layerscape/armv8_64b/config-4.9:690:CONFIG_IPV6=y > target/linux/layerscape/armv8_64b/config-4.9:691:CONFIG_IPV6_SIT=y > target/linux/layerscape/armv8_32b/config-4.9:643:CONFIG_IPV6=y > target/linux/layerscape/armv8_32b/config-4.9:644:CONFIG_IPV6_MULTIPLE_TABLES=y > target/linux/layerscape/armv8_32b/config-4.9:645:CONFIG_IPV6_OPTIMISTIC_DAD=y > target/linux/layerscape/armv8_32b/config-4.9:646:CONFIG_IPV6_ROUTER_PREF=y > target/linux/layerscape/armv8_32b/config-4.9:647:CONFIG_IPV6_SIT=y > target/linux/cns3xxx/config-4.14:192:CONFIG_IPV6=y > target/linux/cns3xxx/config-4.14:193:CONFIG_IPV6_MROUTE=y > target/linux/cns3xxx/config-4.14:194:CONFIG_IPV6_MULTIPLE_TABLES=y > target/linux/cns3xxx/config-4.14:196:CONFIG_IPV6_SUBTREES=y > target/linux/cns3xxx/config-4.14:259:CONFIG_NF_CONNTRACK_IPV6=m > target/linux/cns3xxx/config-4.14:262:CONFIG_NF_DEFRAG_IPV6=m > target/linux/cns3xxx/config-4.14:265:CONFIG_NF_LOG_IPV6=m > target/linux/cns3xxx/config-4.14:272:CONFIG_NF_REJECT_IPV6=m > target/linux/generic/config-4.14:2049:CONFIG_IPV6_NDISC_NODETYPE=y > target/linux/generic/config-4.9:1915:CONFIG_IPV6_NDISC_NODETYPE=y > target/linux/generic/config-3.18:1609:CONFIG_IPV6_NDISC_NODETYPE=y These are the targets which have anyway too many option activated. ;-) We should clean these configurations up. Hauke
diff --git a/include/netfilter.mk b/include/netfilter.mk index 2d232b5f5c..4b9cc20622 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -187,10 +187,10 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),)) $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),)) $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),)) $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),)) diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index c197f58464..5dec53c0f3 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y # CONFIG_NF_NAT_H323 is not set # CONFIG_NF_NAT_IPV6 is not set # CONFIG_NF_NAT_IRC is not set -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set +CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NF_NAT_MASQUERADE_IPV6=y # CONFIG_NF_NAT_NEEDED is not set # CONFIG_NF_NAT_PPTP is not set # CONFIG_NF_NAT_PROTO_GRE is not set
In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed to bool and the code will not be compiled as a own module any more, but it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some memory. Activate these options as bool in the generic kernel 4.19 configuration only, to always build them into the nf_nat_ipv*.ko modules. The kmod file will still try to select them as module, but the generic configuration will not be overwritten. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> --- include/netfilter.mk | 4 ++-- target/linux/generic/config-4.19 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)