[Devel] [PATCH RHEL7 COMMIT] configs.minimal: Build a set of NFT modules
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Mar 10 17:07:49 MSK 2023
The commit is pushed to "branch-rh7-3.10.0-1160.88.1.vz7.195.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.88.1.el7
------>
commit ca732337f647302afff7f2a0aae9138323a8d86b
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Fri Mar 10 16:42:04 2023 +0300
configs.minimal: Build a set of NFT modules
The reason of this commit is the incorrect commit
1818f06a5eaa ("netfilter: core: fix NAT hooks collision check").
This commit breaks the kernel build with the minimal config because
minimal config did not have any NFT modules enabled while
nf_tables_allow_nat_conflict() contains access to (struct net)->nft
field which is available only under
defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
The proper fix should be setting ifdefs of course,
but in any case even minimal config should better have NFT enabled
(surely as compiled-in).
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
configs/kernel-3.10.0-x86_64-minimal.config | 67 +++++++++++++++++++++++------
1 file changed, 53 insertions(+), 14 deletions(-)
diff --git a/configs/kernel-3.10.0-x86_64-minimal.config b/configs/kernel-3.10.0-x86_64-minimal.config
index 3e441be5da72..49b6f100812b 100644
--- a/configs/kernel-3.10.0-x86_64-minimal.config
+++ b/configs/kernel-3.10.0-x86_64-minimal.config
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.10.0-1127.10.1.ovz.162.2 Kernel Configuration
+# Linux/x86 3.10.0-1160.88.1.ovz7.194.6 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -934,8 +934,25 @@ CONFIG_NF_NAT_PROTO_SCTP=y
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_NF_NAT_TFTP is not set
-# CONFIG_NF_NAT_REDIRECT is not set
-# CONFIG_NF_TABLES is not set
+CONFIG_NF_NAT_REDIRECT=y
+CONFIG_NF_TABLES=y
+CONFIG_NF_TABLES_INET=y
+CONFIG_NFT_EXTHDR=y
+CONFIG_NFT_META=y
+CONFIG_NFT_CT=y
+CONFIG_NFT_RBTREE=y
+CONFIG_NFT_HASH=y
+CONFIG_NFT_COUNTER=y
+CONFIG_NFT_LOG=y
+CONFIG_NFT_LIMIT=y
+CONFIG_NFT_MASQ=y
+CONFIG_NFT_REDIR=y
+CONFIG_NFT_NAT=y
+CONFIG_NFT_REJECT=y
+CONFIG_NFT_REJECT_INET=y
+CONFIG_NFT_COMPAT=y
+CONFIG_NFT_FIB=y
+CONFIG_NFT_FIB_INET=y
CONFIG_NETFILTER_XTABLES=y
#
@@ -961,12 +978,12 @@ CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
CONFIG_NETFILTER_XT_NAT=y
-# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
-# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
@@ -1084,11 +1101,20 @@ CONFIG_IP_VS_NFCT=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
-# CONFIG_NF_DUP_IPV4 is not set
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
+CONFIG_NFT_REJECT_IPV4=y
+CONFIG_NFT_DUP_IPV4=y
+CONFIG_NFT_FIB_IPV4=y
+CONFIG_NF_TABLES_ARP=y
+CONFIG_NF_DUP_IPV4=y
# CONFIG_NF_LOG_IPV4 is not set
CONFIG_NF_REJECT_IPV4=y
CONFIG_NF_NAT_IPV4=y
-# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
+CONFIG_NFT_CHAIN_NAT_IPV4=y
+CONFIG_NF_NAT_MASQUERADE_IPV4=y
+CONFIG_NFT_MASQ_IPV4=y
+CONFIG_NFT_REDIR_IPV4=y
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
CONFIG_IP_NF_IPTABLES=y
@@ -1101,9 +1127,9 @@ CONFIG_IP_NF_TARGET_REJECT=y
# CONFIG_IP_NF_TARGET_SYNPROXY is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_IP_NF_NAT=y
-# CONFIG_IP_NF_TARGET_MASQUERADE is not set
-# CONFIG_IP_NF_TARGET_NETMAP is not set
-# CONFIG_IP_NF_TARGET_REDIRECT is not set
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_MANGLE=y
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
# CONFIG_IP_NF_TARGET_ECN is not set
@@ -1117,11 +1143,19 @@ CONFIG_VE_IP_NF_VZPRIVNET=m
#
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
-# CONFIG_NF_DUP_IPV6 is not set
+CONFIG_NF_TABLES_IPV6=y
+CONFIG_NFT_CHAIN_ROUTE_IPV6=y
+CONFIG_NFT_REJECT_IPV6=y
+CONFIG_NFT_DUP_IPV6=y
+CONFIG_NFT_FIB_IPV6=y
+CONFIG_NF_DUP_IPV6=y
CONFIG_NF_REJECT_IPV6=y
# CONFIG_NF_LOG_IPV6 is not set
CONFIG_NF_NAT_IPV6=y
-# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set
+CONFIG_NFT_CHAIN_NAT_IPV6=y
+CONFIG_NF_NAT_MASQUERADE_IPV6=y
+CONFIG_NFT_MASQ_IPV6=y
+CONFIG_NFT_REDIR_IPV6=y
CONFIG_IP6_NF_IPTABLES=y
# CONFIG_IP6_NF_MATCH_AH is not set
# CONFIG_IP6_NF_MATCH_EUI64 is not set
@@ -1141,6 +1175,10 @@ CONFIG_IP6_NF_RAW=y
CONFIG_IP6_NF_NAT=y
# CONFIG_IP6_NF_TARGET_MASQUERADE is not set
# CONFIG_IP6_NF_TARGET_NPT is not set
+CONFIG_NF_TABLES_BRIDGE=y
+CONFIG_NFT_BRIDGE_META=y
+CONFIG_NFT_BRIDGE_REJECT=y
+CONFIG_NF_LOG_BRIDGE=y
CONFIG_BRIDGE_NF_EBTABLES=y
CONFIG_BRIDGE_EBT_BROUTE=y
CONFIG_BRIDGE_EBT_T_FILTER=y
@@ -1953,7 +1991,7 @@ CONFIG_ISDN=y
#
CONFIG_INPUT=y
CONFIG_INPUT_LEDS=y
-# CONFIG_INPUT_FF_MEMLESS is not set
+CONFIG_INPUT_FF_MEMLESS=y
# CONFIG_INPUT_POLLDEV is not set
# CONFIG_INPUT_SPARSEKMAP is not set
# CONFIG_INPUT_MATRIXKMAP is not set
@@ -3738,6 +3776,7 @@ CONFIG_EFI_VARS_PSTORE=y
CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y
CONFIG_EFI_RUNTIME_MAP=y
CONFIG_UEFI_CPER=y
+CONFIG_UEFI_CPER_X86=y
CONFIG_EFI_RUNTIME_WRAPPERS=y
# CONFIG_EFI_DEV_PATH_PARSER is not set
@@ -4059,7 +4098,7 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60
# CONFIG_LATENCYTOP is not set
CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
-# CONFIG_PAGE_EXTENSION is not set
+CONFIG_PAGE_EXTENSION=y
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_NOP_TRACER=y
More information about the Devel
mailing list