Modern OSes use iptables implementation with nf_tables as a backend, e.g.:
$ iptables -V iptables v1.8.8 (nf_tables)
Pablo points out that we need CONFIG_NFT_COMPAT to make that work, otherwise we see a lot of:
Warning: Extension DNAT revision 0 not supported, missing kernel module?
with DNAT being just an example here, other modules we need include udp, TTL, length etc.
Signed-off-by: Jakub Kicinski kuba@kernel.org --- Location for new entry chosen based on `sort --version-sort`.
CC: shuah@kernel.org CC: linux-kselftest@vger.kernel.org --- tools/testing/selftests/net/config | 1 + 1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config index 413ab9abcf1b..ba56f231e109 100644 --- a/tools/testing/selftests/net/config +++ b/tools/testing/selftests/net/config @@ -59,6 +59,7 @@ CONFIG_NET_SCH_HTB=m CONFIG_NET_SCH_FQ=m CONFIG_NET_SCH_ETF=m CONFIG_NET_SCH_NETEM=y +CONFIG_NFT_COMPAT=m CONFIG_NF_FLOW_TABLE=m CONFIG_PSAMPLE=m CONFIG_TCP_MD5SIG=y
Hello:
This patch was applied to netdev/net.git (main) by Jakub Kicinski kuba@kernel.org:
On Fri, 26 Jan 2024 12:13:08 -0800 you wrote:
Modern OSes use iptables implementation with nf_tables as a backend, e.g.:
$ iptables -V iptables v1.8.8 (nf_tables)
Pablo points out that we need CONFIG_NFT_COMPAT to make that work, otherwise we see a lot of:
[...]
Here is the summary with links: - [net] selftests: net: add missing config for nftables-backed iptables https://git.kernel.org/netdev/net/c/59c93583491a
You are awesome, thank you!
linux-kselftest-mirror@lists.linaro.org
-
Jakub Kicinski -
patchwork-bot+netdevbpf@kernel.org