tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: fix missing dependencies for NETFILTER_XT_MATCH_CONNLABEL

It was possible to set NF_CONNTRACK=n and NF_CONNTRACK_LABELS=y via
NETFILTER_XT_MATCH_CONNLABEL=y.

warning: (NETFILTER_XT_MATCH_CONNLABEL) selects NF_CONNTRACK_LABELS which has
unmet direct dependencies (NET && INET && NETFILTER && NF_CONNTRACK)

Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 35612a22 27000929

+1
+1
net/netfilter/Kconfig
··· 860 860 config NETFILTER_XT_MATCH_CONNLABEL 861 861 tristate '"connlabel" match support' 862 862 select NF_CONNTRACK_LABELS 863 + depends on NF_CONNTRACK 863 864 depends on NETFILTER_ADVANCED 864 865 ---help--- 865 866 This match allows you to test and assign userspace-defined labels names