Commit dfee0e99 authored by Arnd Bergmann's avatar Arnd Bergmann Committed by Pablo Neira Ayuso

netfilter: bridge: make NF_TABLES_BRIDGE tristate

The new nft_meta_bridge code fails to link as built-in when NF_TABLES
is a loadable module.

net/bridge/netfilter/nft_meta_bridge.o: In function `nft_meta_bridge_get_eval':
nft_meta_bridge.c:(.text+0x1e8): undefined reference to `nft_meta_get_eval'
net/bridge/netfilter/nft_meta_bridge.o: In function `nft_meta_bridge_get_init':
nft_meta_bridge.c:(.text+0x468): undefined reference to `nft_meta_get_init'
nft_meta_bridge.c:(.text+0x49c): undefined reference to `nft_parse_register'
nft_meta_bridge.c:(.text+0x4cc): undefined reference to `nft_validate_register_store'
net/bridge/netfilter/nft_meta_bridge.o: In function `nft_meta_bridge_module_exit':
nft_meta_bridge.c:(.exit.text+0x14): undefined reference to `nft_unregister_expr'
net/bridge/netfilter/nft_meta_bridge.o: In function `nft_meta_bridge_module_init':
nft_meta_bridge.c:(.init.text+0x14): undefined reference to `nft_register_expr'
net/bridge/netfilter/nft_meta_bridge.o:(.rodata+0x60): undefined reference to `nft_meta_get_dump'
net/bridge/netfilter/nft_meta_bridge.o:(.rodata+0x88): undefined reference to `nft_meta_set_eval'

This can happen because the NF_TABLES_BRIDGE dependency itself is just a
'bool'.  Make the symbol a 'tristate' instead so Kconfig can propagate the
dependencies correctly.

Fixes: 30e103fe ("netfilter: nft_meta: move bridge meta keys into nft_meta_bridge")
Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fc2f14f8
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
menuconfig NF_TABLES_BRIDGE menuconfig NF_TABLES_BRIDGE
depends on BRIDGE && NETFILTER && NF_TABLES depends on BRIDGE && NETFILTER && NF_TABLES
select NETFILTER_FAMILY_BRIDGE select NETFILTER_FAMILY_BRIDGE
bool "Ethernet Bridge nf_tables support" tristate "Ethernet Bridge nf_tables support"
if NF_TABLES_BRIDGE if NF_TABLES_BRIDGE
......
...@@ -193,7 +193,7 @@ static inline void nft_chain_filter_inet_init(void) {} ...@@ -193,7 +193,7 @@ static inline void nft_chain_filter_inet_init(void) {}
static inline void nft_chain_filter_inet_fini(void) {} static inline void nft_chain_filter_inet_fini(void) {}
#endif /* CONFIG_NF_TABLES_IPV6 */ #endif /* CONFIG_NF_TABLES_IPV6 */
#ifdef CONFIG_NF_TABLES_BRIDGE #if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE)
static unsigned int static unsigned int
nft_do_chain_bridge(void *priv, nft_do_chain_bridge(void *priv,
struct sk_buff *skb, struct sk_buff *skb,
......
...@@ -546,7 +546,7 @@ nft_meta_select_ops(const struct nft_ctx *ctx, ...@@ -546,7 +546,7 @@ nft_meta_select_ops(const struct nft_ctx *ctx,
if (tb[NFTA_META_DREG] && tb[NFTA_META_SREG]) if (tb[NFTA_META_DREG] && tb[NFTA_META_SREG])
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
#if defined(CONFIG_NF_TABLES_BRIDGE) && IS_MODULE(CONFIG_NFT_BRIDGE_META) #if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE) && IS_MODULE(CONFIG_NFT_BRIDGE_META)
if (ctx->family == NFPROTO_BRIDGE) if (ctx->family == NFPROTO_BRIDGE)
return ERR_PTR(-EAGAIN); return ERR_PTR(-EAGAIN);
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment