[Bridge] [PATCH 1/1] superfluous skb->nfct check in br_nf_dev_queue_xmit

Vasily Averin vvs at parallels.com
Mon Apr 28 14:25:22 UTC 2014


>> Therefore I believe that my patch is still correct, however now I think we also need 
>> to remove #if IS_ENABLED(CONFIG_NF_CONNTRACK_IPV4) in br_nf_dev_queue_xmit().
> 
> I don't think so, DEFRAG_IPV4 is dependency glue, so it shouldn't be
> possible to build kernel with CONNTRACK_IPV4=n and DEFRAG_IPV4=(m|y).

Could you please explain, why this #ifdef is required?

I'm going to remove this #ifdef because it was added together with nfct check.

Also I believe you are wrong with dependencies:
NF_CONNTRACK_IPV4 forces NF_DEFRAG_IPV4, not vice versa

net/ipv4/netfilter/Kconfig
config NF_DEFRAG_IPV4
        tristate
        default n

config NF_CONNTRACK_IPV4
        tristate "IPv4 connection tracking support (required for NAT)"
        depends on NF_CONNTRACK
        default m if NETFILTER_ADVANCED=n
        select NF_DEFRAG_IPV4




More information about the Bridge mailing list