[OpenWrt-Devel] [RFC 26/27] kernel: netfilter: Adapt merge ipv4/ipv6 masquerade code
Hauke Mehrtens
hauke at hauke-m.de
Thu Nov 29 17:26:37 EST 2018
On 11/28/18 6:53 AM, Yousong Zhou wrote:
> On Wed, 28 Nov 2018 at 07:21, Hauke Mehrtens <hauke at hauke-m.de> wrote:
>>
>> In kernel commit 0168e8b361 ("netfilter: nat: merge ipv4/ipv6 masquerade
>> code into main nat module") the CONFIG_NF_NAT_MASQUERADE_IPV4 and
>> CONFIG_NF_NAT_MASQUERADE_IPV6 kernel configuration option were changed
>> to bool and the code will not be compiled as a own module any more, but
>> it will be integrated into nf_nat_ipv4.ko or nf_nat_ipv6.ko to save some
>> memory.
>>
>> Activate these options as bool in the generic kernel 4.19 configuration
>> only, to always build them into the nf_nat_ipv*.ko modules. The kmod
>> file will still try to select them as module, but the generic
>> configuration will not be overwritten.
>>
>> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
>> ---
>> include/netfilter.mk | 4 ++--
>> target/linux/generic/config-4.19 | 4 ++--
>> 2 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/netfilter.mk b/include/netfilter.mk
>> index 2d232b5f5c..4b9cc20622 100644
>> --- a/include/netfilter.mk
>> +++ b/include/netfilter.mk
>> @@ -187,10 +187,10 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),))
>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),))
>> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),))
>> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),))
>>
>> $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),))
>> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),))
>> +$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),))
>>
>> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),))
>> $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),))
>> diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
>> index c197f58464..5dec53c0f3 100644
>> --- a/target/linux/generic/config-4.19
>> +++ b/target/linux/generic/config-4.19
>> @@ -3352,8 +3352,8 @@ CONFIG_NF_CONNTRACK_PROCFS=y
>> # CONFIG_NF_NAT_H323 is not set
>> # CONFIG_NF_NAT_IPV6 is not set
>> # CONFIG_NF_NAT_IRC is not set
>> -# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
>> -# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set
>> +CONFIG_NF_NAT_MASQUERADE_IPV4=y
>> +CONFIG_NF_NAT_MASQUERADE_IPV6=y
>
> The ipv6 config option should be placed into config/Config-kernel.in,
> so that it can depend on the state of CONFIG_KERNEL_IPV6 option.
Hi yousong,
The IPV6 version is only available if CONFIG_IPV6 is selected otherwise
it is not possible to select it:
kernel 4.19:
https://elixir.bootlin.com/linux/v4.19.5/source/net/ipv6/netfilter/Kconfig#L121
kernel 4.9:
https://elixir.bootlin.com/linux/v4.9.141/source/net/ipv6/netfilter/Kconfig#L97
This depends on the kernel version on kernel < 4.18 this should be build
as a module.
Would it be better to add some KConfig options which depend on kernel
4.19 near CONFIG_KERNEL_IPV6 ?
Hauke
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20181129/33a4314d/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list