[PATCH v2] netfilter: remove no-op kconfig symbols

Rui Salvaterra rsalvaterra at gmail.com
Fri Apr 9 16:48:04 BST 2021 

These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:

CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - OOT, superseded upstream by flow offloading

Signed-off-by: Rui Salvaterra <rsalvaterra at gmail.com>
---
v2: also removed CONFIG_NF_CONNTRACK_RTCACHE and two references to
CONFIG_NF_CONNTRACK_IPV4 in the WireGuard patches (the QEMU kconfigs).

 include/netfilter.mk                                        | 6 ------
 ...reguard-selftests-import-harness-makefile-for-test.patch | 3 +--
 ...reguard-selftests-check-that-route_me_harder-packe.patch | 3 +--
 target/linux/generic/config-5.10                            | 2 --
 target/linux/generic/config-5.4                             | 2 --
 5 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 45e9dadf85..803749d931 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -64,9 +64,7 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MARK, $(P_XT)
 
 # kernel only
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK, $(P_XT)nf_conntrack),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_RTCACHE, $(P_XT)nf_conntrack_rtcache),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)nf_defrag_ipv4),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
 
 $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
 $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_CT, $(P_XT)xt_CT))
@@ -120,7 +118,6 @@ $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_STATISTIC, $(P_XT)xt_st
 $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_TCPMSS, $(P_XT)xt_tcpmss))
 
 $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_CLASSIFY, $(P_XT)xt_CLASSIFY))
-$(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_MATCH_DSCP, $(P_V4)ipt_dscp))
 $(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_TARGET_ECN, $(P_V4)ipt_ECN))
 
 $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_ECN, $(P_XT)xt_ecn))
@@ -156,17 +153,14 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_REJECT6,CONFIG_NF_REJECT_IPV6, $(P_V6)nf
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),))
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),))
 
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
 
 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
 
 
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG))
 $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))
 
 # ipv6 extra
diff --git a/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch b/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch
index ca3853aa19..bc3d1edeb6 100644
--- a/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch
+++ b/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch
@@ -989,7 +989,7 @@ Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
 +}
 --- /dev/null
 +++ b/tools/testing/selftests/wireguard/qemu/kernel.config
-@@ -0,0 +1,86 @@
+@@ -0,0 +1,85 @@
 +CONFIG_LOCALVERSION=""
 +CONFIG_NET=y
 +CONFIG_NETDEVICES=y
@@ -1010,7 +1010,6 @@ Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
 +CONFIG_NETFILTER_XTABLES=y
 +CONFIG_NETFILTER_XT_NAT=y
 +CONFIG_NETFILTER_XT_MATCH_LENGTH=y
-+CONFIG_NF_CONNTRACK_IPV4=y
 +CONFIG_NF_NAT_IPV4=y
 +CONFIG_IP_NF_IPTABLES=y
 +CONFIG_IP_NF_FILTER=y
diff --git a/target/linux/generic/backport-5.4/080-wireguard-0116-wireguard-selftests-check-that-route_me_harder-packe.patch b/target/linux/generic/backport-5.4/080-wireguard-0116-wireguard-selftests-check-that-route_me_harder-packe.patch
index 09c1b0b8f8..35abdf8774 100644
--- a/target/linux/generic/backport-5.4/080-wireguard-0116-wireguard-selftests-check-that-route_me_harder-packe.patch
+++ b/target/linux/generic/backport-5.4/080-wireguard-0116-wireguard-selftests-check-that-route_me_harder-packe.patch
@@ -41,12 +41,11 @@ Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
  ip1 addr add 192.168.242.1/24 dev wg0
 --- a/tools/testing/selftests/wireguard/qemu/kernel.config
 +++ b/tools/testing/selftests/wireguard/qemu/kernel.config
-@@ -18,10 +18,12 @@ CONFIG_NF_NAT=y
+@@ -18,9 +18,11 @@ CONFIG_NF_NAT=y
  CONFIG_NETFILTER_XTABLES=y
  CONFIG_NETFILTER_XT_NAT=y
  CONFIG_NETFILTER_XT_MATCH_LENGTH=y
 +CONFIG_NETFILTER_XT_MARK=y
- CONFIG_NF_CONNTRACK_IPV4=y
  CONFIG_NF_NAT_IPV4=y
  CONFIG_IP_NF_IPTABLES=y
  CONFIG_IP_NF_FILTER=y
diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10
index 6a5cc09615..af0a16db1b 100644
--- a/target/linux/generic/config-5.10
+++ b/target/linux/generic/config-5.10
@@ -3998,8 +3998,6 @@ CONFIG_NFS_V3=y
 # CONFIG_NF_CONNTRACK_EVENTS is not set
 # CONFIG_NF_CONNTRACK_FTP is not set
 # CONFIG_NF_CONNTRACK_H323 is not set
-# CONFIG_NF_CONNTRACK_IPV4 is not set
-# CONFIG_NF_CONNTRACK_IPV6 is not set
 # CONFIG_NF_CONNTRACK_IRC is not set
 # CONFIG_NF_CONNTRACK_LABELS is not set
 # CONFIG_NF_CONNTRACK_MARK is not set
diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4
index e7c197b5f1..3977b8b436 100644
--- a/target/linux/generic/config-5.4
+++ b/target/linux/generic/config-5.4
@@ -3686,8 +3686,6 @@ CONFIG_NFS_V3=y
 # CONFIG_NF_CONNTRACK_EVENTS is not set
 # CONFIG_NF_CONNTRACK_FTP is not set
 # CONFIG_NF_CONNTRACK_H323 is not set
-# CONFIG_NF_CONNTRACK_IPV4 is not set
-# CONFIG_NF_CONNTRACK_IPV6 is not set
 # CONFIG_NF_CONNTRACK_IRC is not set
 # CONFIG_NF_CONNTRACK_LABELS is not set
 # CONFIG_NF_CONNTRACK_MARK is not set
-- 
2.31.1

More information about the openwrt-devel mailing list