domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw

Browse Source 
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko

According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)

Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).

It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This commit is contained in:
Rafał Miłecki
2023-02-09 13:29:37 +01:00
parent 6e555ac3ad
commit 3c66ac7e22
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
package/network/utils/iptables/Makefile
View File

@@ -150,7 +150,7 @@ Extra iptables nftables nft binaries.
endef endef
define Package/iptables-mod-conntrack-extra define Package/iptables-mod-conntrack-extra
$(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw) $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
TITLE:=Extra connection tracking extensions TITLE:=Extra connection tracking extensions
endef endef