| Message ID | 20240126201308.2903602-1-kuba@kernel.org |
|---|---|
| State | Accepted |
| Commit | 59c93583491ab15db109f9902524d241c4fa4c0b |
| Headers | show |
| Series | [net] selftests: net: add missing config for nftables-backed iptables | expand |
diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config index 413ab9abcf1b..ba56f231e109 100644 --- a/tools/testing/selftests/net/config +++ b/tools/testing/selftests/net/config @@ -59,6 +59,7 @@ CONFIG_NET_SCH_HTB=m CONFIG_NET_SCH_FQ=m CONFIG_NET_SCH_ETF=m CONFIG_NET_SCH_NETEM=y +CONFIG_NFT_COMPAT=m CONFIG_NF_FLOW_TABLE=m CONFIG_PSAMPLE=m CONFIG_TCP_MD5SIG=y
Modern OSes use iptables implementation with nf_tables as a backend, e.g.: $ iptables -V iptables v1.8.8 (nf_tables) Pablo points out that we need CONFIG_NFT_COMPAT to make that work, otherwise we see a lot of: Warning: Extension DNAT revision 0 not supported, missing kernel module? with DNAT being just an example here, other modules we need include udp, TTL, length etc. Signed-off-by: Jakub Kicinski <kuba@kernel.org> --- Location for new entry chosen based on `sort --version-sort`. CC: shuah@kernel.org CC: linux-kselftest@vger.kernel.org --- tools/testing/selftests/net/config | 1 + 1 file changed, 1 insertion(+)