Bug 210539 - Unable to select NET_ACT_CONNMARK when IP_NF_IPTABLES not enabled
Summary: Unable to select NET_ACT_CONNMARK when IP_NF_IPTABLES not enabled
Status: NEW
Alias: None
Product: Networking
Classification: Unclassified
Component: Netfilter/Iptables (show other bugs)
Hardware: All Linux
: P1 enhancement
Assignee: networking_netfilter-iptables@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-07 19:39 UTC by Andreas Sundstrom
Modified: 2020-12-07 21:37 UTC (History)
1 user (show)

See Also:
Kernel Version: 5.9.12
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Kernel config before editing Kconfig to allow NET_ACT_CONNMARK (74.94 KB, text/plain)
2020-12-07 19:39 UTC, Andreas Sundstrom 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Andreas Sundstrom 2020-12-07 19:39:29 UTC 
Created attachment 294025 [details]
Kernel config before editing Kconfig to allow NET_ACT_CONNMARK

I have disabled iptables in kernel config (only nftables enabled).
There is a dependency to IP_NF_IPTABLES for NET_ACT_CONNMARK.

I edited the Kconfig file and it compiles and works fine on my machine without IP_NF_IPTABLES.

Maybe the dependency should be changed some way?

Here is what I did to make the module compile:
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index a3b37d88800e..4bb5c04b72d3 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -912,7 +912,7 @@ config NET_ACT_BPF
 
 config NET_ACT_CONNMARK
        tristate "Netfilter Connection Mark Retriever"
-       depends on NET_CLS_ACT && NETFILTER && IP_NF_IPTABLES
+       depends on NET_CLS_ACT && NETFILTER
        depends on NF_CONNTRACK && NF_CONNTRACK_MARK
        help
          Say Y here to allow retrieving of conn mark
Comment 1 Pablo Neira Ayuso 2020-12-07 21:37:36 UTC 
IP_NF_IPTABLES is a superfluous dependency.

Would you mind you submit this patch to netfilter-devel@vger.kernel.org? Please, also add your Signed-off-by: tag

Thanks.
Note You need to log in before you can comment on or make changes to this bug.