| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jul 2007 22:05:07 +0300 From: Al Boldi <a1426z@...ab.com> To: Patrick McHardy <kaber@...sh.net> Cc: Sam Ravnborg <sam@...nborg.org>, netdev@...r.kernel.org, linux-net@...r.kernel.org, David Miller <davem@...emloft.net>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] Netfilter Kconfig: Expose IPv4/6 connection tracking options by selecting NF_CONNTRACK Patrick McHardy wrote: > Al Boldi wrote: > > Patrick McHardy wrote: > >>But I vaguely recall having tried this myself and it broke somewhere, > >>maybe it was because of the NF_CONNTRACK_ENABLED option, I can't > >>recall anymore. Al, if this also works without removal of > >>NF_CONNTRACK_ENABLED, please resend without that part. > > > > It doesn't. But how about this, if you really can't live without > > NF_CONNTRACK_ENBLED: > > > > ================== > > --- Kconfig.old 2007-07-09 06:38:52.000000000 +0300 > > +++ Kconfig 2007-07-24 20:24:27.000000000 +0300 > > @@ -25,8 +25,7 @@ config NETFILTER_NETLINK_LOG > > and is also scheduled to replace the old syslog-based ipt_LOG > > and ip6t_LOG modules. > > > > -# Rename this to NF_CONNTRACK in a 2.6.25 > > -config NF_CONNTRACK_ENABLED > > +config NF_CONNTRACK > > tristate "Netfilter connection tracking support" > > help > > Connection tracking keeps a record of what packets have passed > > @@ -40,9 +39,9 @@ config NF_CONNTRACK_ENABLED > > > > To compile it as a module, choose M here. If unsure, say N. > > > > -config NF_CONNTRACK > > +config NF_CONNTRACK_ENABLED > > tristate > > - default NF_CONNTRACK_ENABLED > > + default NF_CONNTRACK > > > > config NF_CT_ACCT > > bool "Connection tracking flow accounting" > > That defeats the only purpose why we kept it. I'm not sure how this would defeat the only purpose. Isn't the purpose of this to alias NF_CONNTRACK_ENABLED to NF_CONNTRACK? And as such would yield the same result. Also, we could leave this as is, and select NF_CONNTRACK_ENABLED instead of NF_CONNTRACK. Thanks! -- Al - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists