Re: [PATCH v2] net: netfilter: Fix undefined reference to nf_nat_redirect_* functions

From: Pablo Neira Ayuso
Date: Wed Nov 26 2014 - 06:23:24 EST

Next message: Marc Zyngier: "Re: [PATCH v11 1/2] irqchip: gicv2m: Add support for ARM GICv2m MSI(-X) doorbell"
Previous message: Mark Brown: "Re: [PATCH 1/2] ASoC: rt5677: Add ACPI device probing"
In reply to: Andreas Ruprecht: "Re: [PATCH v2] net: netfilter: Fix undefined reference to nf_nat_redirect_* functions"
Next in thread: Florian Westphal: "Re: [PATCH v2] net: netfilter: Fix undefined reference to nf_nat_redirect_* functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 26, 2014 at 11:33:19AM +0100, Andreas Ruprecht wrote:
> Sure.
>
> When the file is compiled, i.e. CONFIG_NETFILTER_XT_TARGET_REDIRECT is
> selected, all headers will be included and all functions inside the file
> will be compiled, regardless of other Kconfig options.
>
> This means redirect_tg6 and redirect_tg4 will be compiled (which doesn't
> necessarily mean they will be _called_) but the linker needs to resolve
> nf_nat_redirect_ipv4() due to the compilation of the redirect_tg4()
> function.
>
> nf_nat_redirect_ip4() is defined in
> net/ipv4/netfilter/nf_nat_redirect_ipv4.c but this file is only included
> into the build when CONFIG_NF_NAT_REDIRECT_IPV4 is enabled.
>
> Now when a kernel config enables CONFIG_NETFILTER_XT_TARGET_REDIRECT but
> _not_ CONFIG_NF_NAT_REDIRECT_IPV4, the declaration of
> nf_nat_redirect_ipv4() from the header
> <net/netfilter/ipv4/nf_nat_redirect.h> will have no definition (i.e., no
> implementation), causing the linker to report an "undefined reference".
>
> Same logic goes for nf_nat_redirect_ipv6().

I'd suggest alternatives to resolve this problem:

1) Split xt_REDIRECT into ipt_REDIRECT and ip6t_REDIRECT, so we
restore the state of how this was back in 2012. The main motivation
behind that change was to reduce memory consumption by combining both
modules. In other modules, these combinations have been causing us
problems specifically when IPv6 symbols are used and it's not that
clean since IPv6 specific code remains there unused in the module even
if CONFIG_IPV6=n.

2) Merge nf_nat_redirect_ipv4 and nf_nat_redirect_ipv6 into
nf_nat_redirect, so we inconditionally build IPv6 redirect code, thus
xt_REDIRECT always finds the IPv6 symbol that needs even if it doesn't
use it.

3) Add #ifdef to xt_REDIRECT.c to make IPv6 specific code, this should
be a simple and small patch, but it results in #ifdef pollution.

Comments?

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marc Zyngier: "Re: [PATCH v11 1/2] irqchip: gicv2m: Add support for ARM GICv2m MSI(-X) doorbell"
Previous message: Mark Brown: "Re: [PATCH 1/2] ASoC: rt5677: Add ACPI device probing"
In reply to: Andreas Ruprecht: "Re: [PATCH v2] net: netfilter: Fix undefined reference to nf_nat_redirect_* functions"
Next in thread: Florian Westphal: "Re: [PATCH v2] net: netfilter: Fix undefined reference to nf_nat_redirect_* functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]