lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 25 Oct 2010 12:14:00 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	KOVACS Krisztian <hidden@...abit.hu>
Cc:	Patrick McHardy <kaber@...sh.net>, netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org,
	Balazs Scheidler <bazsi@...abit.hu>,
	David Miller <davem@...emloft.net>
Subject: Re: [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a
 separate module

Le lundi 25 octobre 2010 à 11:38 +0200, KOVACS Krisztian a écrit :
> Hi,
> 
> On Fri, 2010-10-22 at 00:19 +0200, Eric Dumazet wrote:
> > Le jeudi 21 octobre 2010 à 16:04 +0200, Patrick McHardy a écrit :
> > > Am 21.10.2010 13:43, schrieb KOVACS Krisztian:
> > > > tproxy: split off ipv6 defragmentation to a separate module
> > > >     
> > > >     Like with IPv4, TProxy needs IPv6 defragmentation but does not
> > > >     require connection tracking. Since defragmentation was coupled
> > > >     with conntrack, I split off the two, creating an nf_defrag_ipv6 module,
> > > >     similar to the already existing nf_defrag_ipv4.
> > > 
> > > Applied, thanks.
> > 
> > Hmm...
> > 
> > CONFIG_IPV6=m
> > CONFIG_NETFILTER_TPROXY=m
> > 
> > 
> >   MODPOST 201 modules
> > ERROR: "nf_defrag_ipv6_enable" [net/netfilter/xt_TPROXY.ko] undefined!
> > ERROR: "ipv6_find_hdr" [net/netfilter/xt_TPROXY.ko] undefined!
> > 
> > Sorry, it's late here, I wont fix this ;)
> 
> Oops, I guess this is because you do have IPv6 support but don't have
> ip6tables enabled in your config. Does the patch below fix the issue for
> you? (For me it now compiles with and without IPv6 conntrack, ip6tables
> and IPv6 support, too.)
> 
> 

I had ip6tables enabled, but not CONFIG_NF_CONNTRACK_IPV6 ;)

> 
> netfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and xt_TPROXY
> 
> One of the previous tproxy related patches split IPv6 defragmentation and
> connection tracking, but did not correctly add Kconfig stanzas to handle the
> new dependencies correctly. This patch fixes that by making the config options
> mirror the setup we have for IPv4: a distinct config option for defragmentation
> that is automatically selected by both connection tracking and
> xt_TPROXY/xt_socket.
> 
> The patch also changes the #ifdefs enclosing IPv6 specific code in xt_socket
> and xt_TPROXY: we only compile these in case we have ip6tables support enabled.
> 
> Signed-off-by: KOVACS Krisztian <hidden@...abit.hu>

Reported-and-tested-by: Eric Dumazet <eric.dumazet@...il.com>

Thanks !


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ