diff options
| author | Florian Westphal <fw@strlen.de> | 2025-05-16 16:12:13 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-05-22 17:16:02 +0200 |
| commit | c38eb2973c18d34a8081d173a6ad298461f4a37c (patch) | |
| tree | 94b5961b91a265fc5e59fbf07d6c8b43a85bf828 /net/netfilter/xt_mark.c | |
| parent | selftests: netfilter: nft_concat_range.sh: add coverage for 4bit group repres... (diff) | |
| download | linux-c38eb2973c18d34a8081d173a6ad298461f4a37c.tar.gz linux-c38eb2973c18d34a8081d173a6ad298461f4a37c.zip | |
netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds
Its now possible to build a kernel that has no support for the classic
xtables get/setsockopt interfaces and builtin tables.
In this case, we have CONFIG_IP6_NF_MANGLE=n and
CONFIG_IP_NF_ARPTABLES=n.
For optstript, the ipv6 code is so small that we can enable it if
netfilter ipv6 support exists. For mark, check if either classic
arptables or NFT_ARP_COMPAT is set.
Fixes: a9525c7f6219 ("netfilter: xtables: allow xtables-nft only builds")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/xt_mark.c')
| -rw-r--r-- | net/netfilter/xt_mark.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c index 65b965ca40ea..59b9d04400ca 100644 --- a/net/netfilter/xt_mark.c +++ b/net/netfilter/xt_mark.c @@ -48,7 +48,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = { .targetsize = sizeof(struct xt_mark_tginfo2), .me = THIS_MODULE, }, -#if IS_ENABLED(CONFIG_IP_NF_ARPTABLES) +#if IS_ENABLED(CONFIG_IP_NF_ARPTABLES) || IS_ENABLED(CONFIG_NFT_COMPAT_ARP) { .name = "MARK", .revision = 2, |