www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 16 May 2025 14:12:13 +0000 (16:12 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 22 May 2025 15:16:02 +0000 (17:16 +0200)
commit	c38eb2973c18d34a8081d173a6ad298461f4a37c
tree	94b5961b91a265fc5e59fbf07d6c8b43a85bf828	tree
parent	d31c1cafc4a7b790f752f2816e275d14fcb9aeef	commit \| diff

netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds

Its now possible to build a kernel that has no support for the classic
xtables get/setsockopt interfaces and builtin tables.

In this case, we have CONFIG_IP6_NF_MANGLE=n and
CONFIG_IP_NF_ARPTABLES=n.

For optstript, the ipv6 code is so small that we can enable it if
netfilter ipv6 support exists. For mark, check if either classic
arptables or NFT_ARP_COMPAT is set.

Fixes: a9525c7f6219 ("netfilter: xtables: allow xtables-nft only builds")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/xt_TCPOPTSTRIP.c		diff \| blob \| history
net/netfilter/xt_mark.c		diff \| blob \| history