From patchwork Sun Aug 24 13:28:02 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 382484
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id B79DA1400B7
	for <incoming@patchwork.ozlabs.org>;
	Sun, 24 Aug 2014 23:27:27 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752604AbaHXN1V (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Sun, 24 Aug 2014 09:27:21 -0400
Received: from mail.us.es ([193.147.175.20]:33030 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752494AbaHXN1V (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Sun, 24 Aug 2014 09:27:21 -0400
Received: (qmail 22981 invoked from network); 24 Aug 2014 15:27:16 +0200
Received: from unknown (HELO us.es) (192.168.2.11)
	by us.es with SMTP; 24 Aug 2014 15:27:16 +0200
Received: (qmail 7885 invoked by uid 507); 24 Aug 2014 13:27:16 -0000
X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus1 (envelope-from
	<pneira@us.es>, uid 501) with qmail-scanner-2.10
	(clamdscan: 0.98.4/19306. spamassassin: 3.3.2.  
	Clear:RC:1(127.0.0.1):SA:0(-103.0/7.5):.
	Processed in 1.98366 secs); 24 Aug 2014 13:27:16 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on antivirus1
X-Spam-Level: 
X-Spam-Status: No, score=-103.0 required=7.5 tests=BAYES_50,KHOP_DYNAMIC,
	SMTPAUTH_US, SPF_HELO_FAIL,
	USER_IN_WHITELIST autolearn=disabled version=3.3.2
X-Spam-ASN: AS12715 87.216.0.0/16
X-Envelope-From: pneira@us.es
Received: from unknown (HELO antivirus1) (127.0.0.1)
	by us.es with SMTP; 24 Aug 2014 13:27:14 -0000
Received: from 192.168.1.13 (192.168.1.13)
	by antivirus1 (F-Secure/fsigk_smtp/412/antivirus1);
	Sun, 24 Aug 2014 15:27:14 +0200 (CEST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/412/antivirus1)
Received: (qmail 19422 invoked from network); 24 Aug 2014 15:27:13 +0200
Received: from 186.169.216.87.static.jazztel.es (HELO us.es)
	(1984lsi@87.216.169.186)
	by mail.us.es with AES128-SHA encrypted SMTP;
	24 Aug 2014 15:27:13 +0200
Date: Sun, 24 Aug 2014 15:28:02 +0200
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: =?utf-8?B?UmFmYcWCIE1pxYJlY2tp?= <zajec5@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Easy network (config) breakage with 3.17-rc1:
	NETFILTER_XT_TARGET_LOG
Message-ID: <20140824132801.GA11927@salvia>
References: 
 <CACna6rymZjgex0p1snf3e-GvK2xHrQST3roGiA3F__y3DvYhKw@mail.gmail.com>
	<20140822180112.GB3402@salvia>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20140822180112.GB3402@salvia>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

On Fri, Aug 22, 2014 at 08:01:12PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Aug 21, 2014 at 12:49:33PM +0200, Rafał Miłecki wrote:
> > Few days ago I updated my 3.16 to 3.17-rc1 (both self compiled) and I
> > was using it until I noticed my machine doesn't respond to pings. I
> > rebooted to 3.16 and it was working again.
> > 
> > I bisected between 3.16 and 3.17-rc1 but it has failed. After all I
> > got 3.16 not working anymore as well.
> > 
> > It took me few hours to find the one to blame:
> > CONFIG_NETFILTER_XT_TARGET_LOG. After moving my config from 3.16 to
> > 3.17-rc1 CONFIG_NETFILTER_XT_TARGET_LOG got disabled because of two
> > new dependencies: NF_LOG_IPV4 && NF_LOG_IPV6.
> > 
> > It would be nice if you could try to use "select" instead of "depends
> > on" in such cases in the future. I bet fix my problem would be trivial
> > since the beginning, but end-users may spent hours or days tracking
> > such things :(
> 
> Sorry for that Kconfig problem. Please, have a look at the attached
> patch and confirm that it fixes the problem. At quick glance I think
> it's safe to use select in this case.

I'm just looking at this again.

We cannot select NF_LOG_IPV6. This is going to break if IPV6 is not
enabled.

I can just relax this to avoid the dependency with NF_LOG_IPV4 and
NF_LOG_IPV6 so CONFIG_NETFILTER_XT_TARGET_LOG will be still selected
if not NF_LOG_IP* is set (see patch attached).

However, those new modules are really required to get this working, if
they are not present, iptables ... -j LOG will fail with -ENOENT since
the protocol logger won't be available.

diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 05eb177..9b57bc0 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -747,7 +747,6 @@ config NETFILTER_XT_TARGET_LED
 
 config NETFILTER_XT_TARGET_LOG
 	tristate "LOG target support"
-	depends on NF_LOG_IPV4 && NF_LOG_IPV6
 	default m if NETFILTER_ADVANCED=n
 	help
 	  This option adds a `LOG' target, which allows you to create rules in