| View previous topic :: View next topic |
| Author |
Message |
Vieri
l33t
Joined: 18 Dec 2005
Posts: 907
|
 Posted: Mon Oct 02, 2017 7:39 pm Post subject: [SOLVED] Config_netfilter_xt_match_socket |
 |
|
Hi,
The latest kernel gentoo-sources do not seem to include CONFIG_NETFILTER_XT_MATCH_SOCKET. However, gentoo ebuilds such as Squid's rely on a check for CONFIG_NETFILTER_XT_MATCH_SOCKET.
I'm not sure if it's been removed by the kernel team, or simply renamed. I'm also worried that it's absence could undermine, for instance, Squid's features.
Last edited by Vieri on Mon Oct 02, 2017 8:33 pm; edited 1 time in total |
|
| Back to top |
|
 |
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 31461
Location: here
|
| Posted: Mon Oct 02, 2017 7:49 pm Post subject: |
|
|
You are sure? With a search in menuconfig I find
| Code: | Symbol: NETFILTER_XT_MATCH_SOCKET [=n]
Type : tristate
Prompt: "socket" match support
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
(1) -> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
Defined at net/netfilter/Kconfig:1443
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && NETFILTER_ADVANCED [=n] && (IPV6 [=y] || IPV6 [=y]=n) && (IP6_NF_IPTABLES [=y] || IP6_NF_IPTABLES [=y]=n) && NF_SOCKET_IPV4 [=n] && NF_SOCKET_IPV6 [=n]
Selects: NF_DEFRAG_IPV4 [=y] && NF_DEFRAG_IPV6 [=y] |
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
Vieri
l33t
Joined: 18 Dec 2005
Posts: 907
|
| Posted: Mon Oct 02, 2017 8:00 pm Post subject: |
|
|
| Are you using 4.12.12 gentoo sources? |
|
| Back to top |
|
|
fedeliallalinea
Administrator
Joined: 08 Mar 2003
Posts: 31461
Location: here
|
| Posted: Mon Oct 02, 2017 8:24 pm Post subject: |
|
|
| Vieri wrote: | | Are you using 4.12.12 gentoo sources? |
Yes, you have selected/deselected correct dependencies
| Code: | config NETFILTER_XT_MATCH_SOCKET
tristate '"socket" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED
depends on IPV6 || IPV6=n
depends on IP6_NF_IPTABLES || IP6_NF_IPTABLES=n
depends on NF_SOCKET_IPV4
depends on NF_SOCKET_IPV6
select NF_DEFRAG_IPV4
select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES != n |
_________________
Questions are guaranteed in life; Answers aren't. |
|
| Back to top |
|
|
Vieri
l33t
Joined: 18 Dec 2005
Posts: 907
|
| Posted: Mon Oct 02, 2017 8:32 pm Post subject: |
|
|
OK, thanks. I see the option now.
Great! |
|
| Back to top |
|
|
Chiitoo
Administrator
Joined: 28 Feb 2010
Posts: 2754
Location: Here and Away Again
|
| Posted: Tue Oct 03, 2017 8:26 am Post subject: |
|
|
Moved from Portage & Programming to Kernel & Hardware, as the topic seems to fit better here.
_________________
Kindest of regardses. |
|
| Back to top |
|
|
ryszardzonk
Apprentice
Joined: 18 Dec 2003
Posts: 225
Location: Rzeszów, POLAND
|
| Posted: Mon Apr 23, 2018 12:58 pm Post subject: |
|
|
Do you guys know why does one needs IPV6 selected in order for this option to show up? I do not use IPV6 at all and it took me by surprise to have this option disappear after deselecting ipv6 in kernel.
If I read this right https://cateee.net/lkddb/web-lkddb/NETFILTER_XT_MATCH_SOCKET.html than both CONFIG_IPV6 && CONFIG_IP6_NF_IPTABLES are optional while CONFIG_NF_SOCKET_IPV6 is required and obviously available only when other two are also selected.
_________________
Sky is not the limit... |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23085
|
| Posted: Tue Apr 24, 2018 2:15 am Post subject: |
|
|
Posting a question in a long-solved thread is usually not a good approach. It's likely to be missed by people who ignore solved threads.
As I read the dependency information, it requires that IPv6 not be a module. You may have it builtin or disabled. If this is not your experience, please indicate which kernel version you used and how you came to the conclusion that IPv6=y is required for your use case. |
|
| Back to top |
|
|
ryszardzonk
Apprentice
Joined: 18 Dec 2003
Posts: 225
Location: Rzeszów, POLAND
|
| Posted: Sun May 27, 2018 6:46 am Post subject: |
|
|
Sorry for not checking back here for some time.
I am using kernel-4.14.44 and when I deselect CONFIG_IPV6 then CONFIG_NETFILTER_XT_MATCH_SOCKET is also removed. Using CONFIG_IPV6=m on the other hand works.
This is exactly what happens with CONFIG_IPV6=n.
| Code: | --- .config.old 2018-05-25 18:26:17.520579253 +0200
+++ .config 2018-05-27 08:39:29.345697190 +0200
@@ -834,31 +834,7 @@
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
-CONFIG_IPV6=m
-# CONFIG_IPV6_ROUTER_PREF is not set
-# CONFIG_IPV6_OPTIMISTIC_DAD is not set
-# CONFIG_INET6_AH is not set
-# CONFIG_INET6_ESP is not set
-# CONFIG_INET6_IPCOMP is not set
-# CONFIG_IPV6_MIP6 is not set
-# CONFIG_IPV6_ILA is not set
-# CONFIG_INET6_XFRM_TUNNEL is not set
-# CONFIG_INET6_TUNNEL is not set
-CONFIG_INET6_XFRM_MODE_TRANSPORT=m
-CONFIG_INET6_XFRM_MODE_TUNNEL=m
-CONFIG_INET6_XFRM_MODE_BEET=m
-# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
-# CONFIG_IPV6_VTI is not set
-CONFIG_IPV6_SIT=m
-# CONFIG_IPV6_SIT_6RD is not set
-CONFIG_IPV6_NDISC_NODETYPE=y
-# CONFIG_IPV6_TUNNEL is not set
-# CONFIG_IPV6_FOU is not set
-# CONFIG_IPV6_FOU_TUNNEL is not set
-# CONFIG_IPV6_MULTIPLE_TABLES is not set
-# CONFIG_IPV6_MROUTE is not set
-# CONFIG_IPV6_SEG6_LWTUNNEL is not set
-# CONFIG_IPV6_SEG6_HMAC is not set
+# CONFIG_IPV6 is not set
# CONFIG_NETWORK_SECMARK is not set
CONFIG_NET_PTP_CLASSIFY=y
# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
@@ -988,7 +964,6 @@
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
CONFIG_NETFILTER_XT_MATCH_RECENT=m
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
-CONFIG_NETFILTER_XT_MATCH_SOCKET=m
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
@@ -1034,29 +1009,6 @@
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
-
-#
-# IPv6: Netfilter Configuration
-#
-CONFIG_NF_DEFRAG_IPV6=m
-# CONFIG_NF_CONNTRACK_IPV6 is not set
-CONFIG_NF_SOCKET_IPV6=m
-# CONFIG_NF_DUP_IPV6 is not set
-# CONFIG_NF_REJECT_IPV6 is not set
-CONFIG_NF_LOG_IPV6=m
-CONFIG_IP6_NF_IPTABLES=m
-# CONFIG_IP6_NF_MATCH_AH is not set
-# CONFIG_IP6_NF_MATCH_EUI64 is not set
-# CONFIG_IP6_NF_MATCH_FRAG is not set
-# CONFIG_IP6_NF_MATCH_OPTS is not set
-# CONFIG_IP6_NF_MATCH_HL is not set
-# CONFIG_IP6_NF_MATCH_IPV6HEADER is not set
-# CONFIG_IP6_NF_MATCH_MH is not set
-# CONFIG_IP6_NF_MATCH_RT is not set
-# CONFIG_IP6_NF_FILTER is not set
-# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
-# CONFIG_IP6_NF_MANGLE is not set
-# CONFIG_IP6_NF_RAW is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_RDS is not set
@@ -1076,7 +1028,6 @@
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_PHONET is not set
-# CONFIG_6LOWPAN is not set
# CONFIG_IEEE802154 is not set
CONFIG_NET_SCHED=y |
_________________
Sky is not the limit... |
|
| Back to top |
|
|
|
Kernel & Hardware
