lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4D2E183C.4070908@netfilter.org>
Date:	Wed, 12 Jan 2011 22:08:12 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Jan Engelhardt <jengelh@...ozas.de>
CC:	Valdis.Kletnieks@...edu, Patrick McHardy <kaber@...sh.net>,
	"David S. Miller" <davem@...emloft.net>,
	linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: XT_MATCH_REALM Kconfig whinge...

On 12/01/11 21:57, Jan Engelhardt wrote:
> On Wednesday 2011-01-12 20:48, Pablo Neira Ayuso wrote:
> 
>> On 12/01/11 20:15, Valdis.Kletnieks@...edu wrote:
>>> scripts/kconfig/conf --silentoldconfig Kconfig
>>> warning: (NETFILTER_XT_MATCH_REALM) selects NET_CLS_ROUTE which has unmet direct dependencies (NET && NET_SCHED)
>>> warning: (NETFILTER_XT_MATCH_REALM) selects NET_CLS_ROUTE which has unmet direct dependencies (NET && NET_SCHED)
>>
>> Does this fix your problem?
>>
> 
> diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
> index 1534f2b..ae56764 100644
> --- a/net/netfilter/Kconfig
> +++ b/net/netfilter/Kconfig
> @@ -886,7 +886,8 @@ config NETFILTER_XT_MATCH_RATEEST
>  config NETFILTER_XT_MATCH_REALM
>  	tristate  '"realm" match support'
>  	depends on NETFILTER_ADVANCED
> -	select NET_CLS_ROUTE
> +	depends on NET_SCHED
> +	depends on NET_CLS_ROUTE
>  	help
>  	  This option adds a `realm' match, which allows you to use the realm
>  	  key from the routing subsystem inside iptables.
> 
> 
> This patch is not right. The select should just be removed, because
> xt_realm is useful even without SCHED and CLS_ROUTE.

I wonder why NET_CLS_ROUTE has been there as dependency.

Then this patch should be fine.



View attachment "realm.patch" of type "text/x-patch" (1137 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ