| From foo@baz Sun Jun 17 12:07:33 CEST 2018 |
| From: Pablo Neira Ayuso <pablo@netfilter.org> |
| Date: Wed, 18 Apr 2018 12:23:39 +0200 |
| Subject: netfilter: nf_tables: NAT chain and extensions require NF_TABLES |
| |
| From: Pablo Neira Ayuso <pablo@netfilter.org> |
| |
| [ Upstream commit 39f2ff0816e5421476c2bc538b68b4bb0708a78e ] |
| |
| Move these options inside the scope of the 'if' NF_TABLES and |
| NF_TABLES_IPV6 dependencies. This patch fixes: |
| |
| net/ipv6/netfilter/nft_chain_nat_ipv6.o: In function `nft_nat_do_chain': |
| >> net/ipv6/netfilter/nft_chain_nat_ipv6.c:37: undefined reference to `nft_do_chain' |
| net/ipv6/netfilter/nft_chain_nat_ipv6.o: In function `nft_chain_nat_ipv6_exit': |
| >> net/ipv6/netfilter/nft_chain_nat_ipv6.c:94: undefined reference to `nft_unregister_chain_type' |
| net/ipv6/netfilter/nft_chain_nat_ipv6.o: In function `nft_chain_nat_ipv6_init': |
| >> net/ipv6/netfilter/nft_chain_nat_ipv6.c:87: undefined reference to `nft_register_chain_type' |
| |
| that happens with: |
| |
| CONFIG_NF_TABLES=m |
| CONFIG_NFT_CHAIN_NAT_IPV6=y |
| |
| Fixes: 02c7b25e5f54 ("netfilter: nf_tables: build-in filter chain type") |
| Reported-by: kbuild test robot <lkp@intel.com> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/netfilter/Kconfig | 55 ++++++++++++++++++++++----------------------- |
| 1 file changed, 28 insertions(+), 27 deletions(-) |
| |
| --- a/net/ipv6/netfilter/Kconfig |
| +++ b/net/ipv6/netfilter/Kconfig |
| @@ -48,6 +48,34 @@ config NFT_CHAIN_ROUTE_IPV6 |
| fields such as the source, destination, flowlabel, hop-limit and |
| the packet mark. |
| |
| +if NF_NAT_IPV6 |
| + |
| +config NFT_CHAIN_NAT_IPV6 |
| + tristate "IPv6 nf_tables nat chain support" |
| + help |
| + This option enables the "nat" chain for IPv6 in nf_tables. This |
| + chain type is used to perform Network Address Translation (NAT) |
| + packet transformations such as the source, destination address and |
| + source and destination ports. |
| + |
| +config NFT_MASQ_IPV6 |
| + tristate "IPv6 masquerade support for nf_tables" |
| + depends on NFT_MASQ |
| + select NF_NAT_MASQUERADE_IPV6 |
| + help |
| + This is the expression that provides IPv4 masquerading support for |
| + nf_tables. |
| + |
| +config NFT_REDIR_IPV6 |
| + tristate "IPv6 redirect support for nf_tables" |
| + depends on NFT_REDIR |
| + select NF_NAT_REDIRECT |
| + help |
| + This is the expression that provides IPv4 redirect support for |
| + nf_tables. |
| + |
| +endif # NF_NAT_IPV6 |
| + |
| config NFT_REJECT_IPV6 |
| select NF_REJECT_IPV6 |
| default NFT_REJECT |
| @@ -107,39 +135,12 @@ config NF_NAT_IPV6 |
| |
| if NF_NAT_IPV6 |
| |
| -config NFT_CHAIN_NAT_IPV6 |
| - depends on NF_TABLES_IPV6 |
| - tristate "IPv6 nf_tables nat chain support" |
| - help |
| - This option enables the "nat" chain for IPv6 in nf_tables. This |
| - chain type is used to perform Network Address Translation (NAT) |
| - packet transformations such as the source, destination address and |
| - source and destination ports. |
| - |
| config NF_NAT_MASQUERADE_IPV6 |
| tristate "IPv6 masquerade support" |
| help |
| This is the kernel functionality to provide NAT in the masquerade |
| flavour (automatic source address selection) for IPv6. |
| |
| -config NFT_MASQ_IPV6 |
| - tristate "IPv6 masquerade support for nf_tables" |
| - depends on NF_TABLES_IPV6 |
| - depends on NFT_MASQ |
| - select NF_NAT_MASQUERADE_IPV6 |
| - help |
| - This is the expression that provides IPv4 masquerading support for |
| - nf_tables. |
| - |
| -config NFT_REDIR_IPV6 |
| - tristate "IPv6 redirect support for nf_tables" |
| - depends on NF_TABLES_IPV6 |
| - depends on NFT_REDIR |
| - select NF_NAT_REDIRECT |
| - help |
| - This is the expression that provides IPv4 redirect support for |
| - nf_tables. |
| - |
| endif # NF_NAT_IPV6 |
| |
| config IP6_NF_IPTABLES |