Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> wrote:
> > A small subset of this patch has been upstreamed
> > c38eb2973c18 ("netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds").
> >
> > My plan was to zap some of the backwards-compat kconfig
> > knobs that we have and update various selftest config files,
> > then rebase this and retry.
>
> Anything that I can help with?
So some of the problems with CI pipelines are caused by 'config'
settings having something like:
IP_NF_TARGET_TTL=m
... but if you look at net/ipv4/netfilter/Kconfig this is:
config IP_NF_TARGET_TTL
tristate '"TTL" target support'
depends on NETFILTER_ADVANCED && IP_NF_MANGLE
select NETFILTER_XT_TARGET_HL
help
This is a backwards-compatible option for the user's convenience
(e.g. when running oldconfig). It selects
CONFIG_NETFILTER_XT_TARGET_HL.
... and that doesn't do anything anymore due to IP_NF_MANGLE dependency
(thats a legacy thing, so it will be off).
So my plan was to zap those old backwards hints first and update
the configs to make sure none of the old symbols remain.
OTOH one could just add the correct config settings.
I need to re-test but the attached updated patch should not omit any
of the required features even with legacy=n at least for the net ci.
I suspect that it would make sense to split the config tweaks into
a distinct patch, however.
If you have cycles please feel free to work on it, I can most likey
not get back to it until 2nd week of July.
