lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4D2EE370.3090001@trash.net>
Date:	Thu, 13 Jan 2011 12:35:12 +0100
From:	Patrick McHardy <kaber@...sh.net>
To:	Pablo Neira Ayuso <pablo@...filter.org>
CC:	Jan Engelhardt <jengelh@...ozas.de>, Valdis.Kletnieks@...edu,
	"David S. Miller" <davem@...emloft.net>,
	linux-kernel@...r.kernel.org, netfilter-devel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: XT_MATCH_REALM Kconfig whinge...

On 12.01.2011 22:08, Pablo Neira Ayuso wrote:
> On 12/01/11 21:57, Jan Engelhardt wrote:
>> On Wednesday 2011-01-12 20:48, Pablo Neira Ayuso wrote:
>>
>>> On 12/01/11 20:15, Valdis.Kletnieks@...edu wrote:
>>>> scripts/kconfig/conf --silentoldconfig Kconfig
>>>> warning: (NETFILTER_XT_MATCH_REALM) selects NET_CLS_ROUTE which has unmet direct dependencies (NET && NET_SCHED)
>>>> warning: (NETFILTER_XT_MATCH_REALM) selects NET_CLS_ROUTE which has unmet direct dependencies (NET && NET_SCHED)
>>>
>>> Does this fix your problem?
>>>
>>
>> diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
>> index 1534f2b..ae56764 100644
>> --- a/net/netfilter/Kconfig
>> +++ b/net/netfilter/Kconfig
>> @@ -886,7 +886,8 @@ config NETFILTER_XT_MATCH_RATEEST
>>  config NETFILTER_XT_MATCH_REALM
>>  	tristate  '"realm" match support'
>>  	depends on NETFILTER_ADVANCED
>> -	select NET_CLS_ROUTE
>> +	depends on NET_SCHED
>> +	depends on NET_CLS_ROUTE
>>  	help
>>  	  This option adds a `realm' match, which allows you to use the realm
>>  	  key from the routing subsystem inside iptables.
>>
>>
>> This patch is not right. The select should just be removed, because
>> xt_realm is useful even without SCHED and CLS_ROUTE.
> 
> I wonder why NET_CLS_ROUTE has been there as dependency.
> 
> Then this patch should be fine.

This doesn't look correct to me. NET_CLS_ROUTE guards the tclassid
member of struct dst_entry, which is used by the realm match.

I have a patch to use a seperate define for the tclassid member
and have realm and cls_route select that. I'll add that one to
my tree after testing whether it still builds.

View attachment "x" of type "text/plain" (12102 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ