[PATCH v2] netfilter: remove no-op kconfig symbols

Hauke Mehrtens hauke at hauke-m.de
Sat Apr 17 17:14:50 BST 2021 

On 4/9/21 5:48 PM, Rui Salvaterra wrote:
> These have long been obsolete. For reference, here's the Linux version where
> each symbol has been dropped:
> 
> CONFIG_IP6_NF_QUEUE - 3.5
> CONFIG_IP6_NF_TARGET_LOG - 3.4
> CONFIG_IP_NF_MATCH_DSCP - 2.6.19
> CONFIG_NF_CONNTRACK_IPV4 - 4.19
> CONFIG_NF_CONNTRACK_IPV6 - 4.19
> CONFIG_NF_CONNTRACK_RTCACHE - OOT, superseded upstream by flow offloading
> 
> Signed-off-by: Rui Salvaterra <rsalvaterra at gmail.com>
> ---
> v2: also removed CONFIG_NF_CONNTRACK_RTCACHE and two references to
> CONFIG_NF_CONNTRACK_IPV4 in the WireGuard patches (the QEMU kconfigs).
> 
>   include/netfilter.mk                                        | 6 ------
>   ...reguard-selftests-import-harness-makefile-for-test.patch | 3 +--
>   ...reguard-selftests-check-that-route_me_harder-packe.patch | 3 +--
>   target/linux/generic/config-5.10                            | 2 --
>   target/linux/generic/config-5.4                             | 2 --
>   5 files changed, 2 insertions(+), 14 deletions(-)
> 
> diff --git a/include/netfilter.mk b/include/netfilter.mk
> index 45e9dadf85..803749d931 100644
> --- a/include/netfilter.mk
> +++ b/include/netfilter.mk
> @@ -64,9 +64,7 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MARK, $(P_XT)
>   
>   # kernel only
>   $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK, $(P_XT)nf_conntrack),))
> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_RTCACHE, $(P_XT)nf_conntrack_rtcache),))

This is still uses with a path on top of kernel 5.4 in OpenWrt.

>   $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)nf_defrag_ipv4),))
> -$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
>   
>   $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
>   $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_CT, $(P_XT)xt_CT))
> @@ -120,7 +118,6 @@ $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_STATISTIC, $(P_XT)xt_st

.....

>   
>   # ipv6 extra
> diff --git a/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch b/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch
> index ca3853aa19..bc3d1edeb6 100644
> --- a/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch
> +++ b/target/linux/generic/backport-5.4/080-wireguard-0073-wireguard-selftests-import-harness-makefile-for-test.patch
> @@ -989,7 +989,7 @@ Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
>   +}
>   --- /dev/null
>   +++ b/tools/testing/selftests/wireguard/qemu/kernel.config
> -@@ -0,0 +1,86 @@
> +@@ -0,0 +1,85 @@
>   +CONFIG_LOCALVERSION=""
>   +CONFIG_NET=y
>   +CONFIG_NETDEVICES=y
> @@ -1010,7 +1010,6 @@ Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
>   +CONFIG_NETFILTER_XTABLES=y
>   +CONFIG_NETFILTER_XT_NAT=y
>   +CONFIG_NETFILTER_XT_MATCH_LENGTH=y
> -+CONFIG_NF_CONNTRACK_IPV4=y

This is part of the original patch we backport, so it should stay here.

>   +CONFIG_NF_NAT_IPV4=y
>   +CONFIG_IP_NF_IPTABLES=y
>   +CONFIG_IP_NF_FILTER=y

More information about the openwrt-devel mailing list