diff options
| author | Florian Westphal <[email protected]> | 2024-01-24 09:21:11 +0000 |
|---|---|---|
| committer | Florian Westphal <[email protected]> | 2024-01-29 14:43:21 +0000 |
| commit | a9525c7f6219cee9284c0031c5930e8d41384677 (patch) | |
| tree | 33ac522cfa5efa0aa3bdf50a8dd70b92ac446430 /net/unix/scm.c | |
| parent | netfilter: arptables: allow xtables-nft only builds (diff) | |
| download | kernel-a9525c7f6219cee9284c0031c5930e8d41384677.tar.gz kernel-a9525c7f6219cee9284c0031c5930e8d41384677.zip | |
netfilter: xtables: allow xtables-nft only builds
Add hidden IP(6)_NF_IPTABLES_LEGACY symbol.
When any of the "old" builtin tables are enabled the "old" iptables
interface will be supported.
To disable the old set/getsockopt interface the existing options
for the builtin tables need to be turned off:
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER is not set
CONFIG_IP_NF_NAT is not set
CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_SECURITY is not set
Same for CONFIG_IP6_NF_ variants.
This allows to build a kernel that only supports ip(6)tables-nft
(iptables-over-nftables api).
In the future the _LEGACY symbol will become visible and the select
statements will be turned into 'depends on', but for now be on safe side
so "make oldconfig" won't break things.
Signed-off-by: Florian Westphal <[email protected]>
Diffstat (limited to 'net/unix/scm.c')
0 files changed, 0 insertions, 0 deletions