On 12.01.2011 22:08, Pablo Neira Ayuso wrote:
> On 12/01/11 21:57, Jan Engelhardt wrote:
>> On Wednesday 2011-01-12 20:48, Pablo Neira Ayuso wrote:
>>
>>> On 12/01/11 20:15, Valdis.Kletnieks@vt.edu wrote:
>>>> scripts/kconfig/conf --silentoldconfig Kconfig
>>>> warning: (NETFILTER_XT_MATCH_REALM) selects NET_CLS_ROUTE which has unmet direct dependencies (NET && NET_SCHED)
>>>> warning: (NETFILTER_XT_MATCH_REALM) selects NET_CLS_ROUTE which has unmet direct dependencies (NET && NET_SCHED)
>>>
>>> Does this fix your problem?
>>>
>>
>> diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
>> index 1534f2b..ae56764 100644
>> --- a/net/netfilter/Kconfig
>> +++ b/net/netfilter/Kconfig
>> @@ -886,7 +886,8 @@ config NETFILTER_XT_MATCH_RATEEST
>>  config NETFILTER_XT_MATCH_REALM
>>  	tristate  '"realm" match support'
>>  	depends on NETFILTER_ADVANCED
>> -	select NET_CLS_ROUTE
>> +	depends on NET_SCHED
>> +	depends on NET_CLS_ROUTE
>>  	help
>>  	  This option adds a `realm' match, which allows you to use the realm
>>  	  key from the routing subsystem inside iptables.
>>
>>
>> This patch is not right. The select should just be removed, because
>> xt_realm is useful even without SCHED and CLS_ROUTE.
> 
> I wonder why NET_CLS_ROUTE has been there as dependency.
> 
> Then this patch should be fine.

This doesn't look correct to me. NET_CLS_ROUTE guards the tclassid
member of struct dst_entry, which is used by the realm match.

I have a patch to use a seperate define for the tclassid member
and have realm and cls_route select that. I'll add that one to
my tree after testing whether it still builds.