netfilter: ebtables: allow xtables-nft only builds

Same patch as previous one, but for ebtables.

To build a kernel that only supports ebtables-nft, the builtin tables
need to be disabled, i.e.:

CONFIG_BRIDGE_EBT_BROUTE=n
CONFIG_BRIDGE_EBT_T_FILTER=n
CONFIG_BRIDGE_EBT_T_NAT=n

The ebtables specific extensions can then be used nftables'
NFT_COMPAT interface.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
index 7f304a1..104c012 100644 (file)
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -39,6 +39,10 @@ config NF_CONNTRACK_BRIDGE
 
          To compile it as a module, choose M here.  If unsure, say N.
 
 
          To compile it as a module, choose M here.  If unsure, say N.
 

+# old sockopt interface and eval loop
+config BRIDGE_NF_EBTABLES_LEGACY
+       tristate
+

 menuconfig BRIDGE_NF_EBTABLES
        tristate "Ethernet Bridge tables (ebtables) support"
        depends on BRIDGE && NETFILTER && NETFILTER_XTABLES
 menuconfig BRIDGE_NF_EBTABLES
        tristate "Ethernet Bridge tables (ebtables) support"
        depends on BRIDGE && NETFILTER && NETFILTER_XTABLES


@@ -55,6 +59,7 @@ if BRIDGE_NF_EBTABLES
 #
 config BRIDGE_EBT_BROUTE
        tristate "ebt: broute table support"
 #
 config BRIDGE_EBT_BROUTE
        tristate "ebt: broute table support"

+       select BRIDGE_NF_EBTABLES_LEGACY

        help
          The ebtables broute table is used to define rules that decide between
          bridging and routing frames, giving Linux the functionality of a
        help
          The ebtables broute table is used to define rules that decide between
          bridging and routing frames, giving Linux the functionality of a


@@ -65,6 +70,7 @@ config BRIDGE_EBT_BROUTE
 
 config BRIDGE_EBT_T_FILTER
        tristate "ebt: filter table support"
 
 config BRIDGE_EBT_T_FILTER
        tristate "ebt: filter table support"

+       select BRIDGE_NF_EBTABLES_LEGACY

        help
          The ebtables filter table is used to define frame filtering rules at
          local input, forwarding and local output. See the man page for
        help
          The ebtables filter table is used to define frame filtering rules at
          local input, forwarding and local output. See the man page for


@@ -74,6 +80,7 @@ config BRIDGE_EBT_T_FILTER
 
 config BRIDGE_EBT_T_NAT
        tristate "ebt: nat table support"
 
 config BRIDGE_EBT_T_NAT
        tristate "ebt: nat table support"

+       select BRIDGE_NF_EBTABLES_LEGACY

        help
          The ebtables nat table is used to define rules that alter the MAC
          source address (MAC SNAT) or the MAC destination address (MAC DNAT).
        help
          The ebtables nat table is used to define rules that alter the MAC
          source address (MAC SNAT) or the MAC destination address (MAC DNAT).

diff --git a/net/bridge/netfilter/Makefile b/net/bridge/netfilter/Makefile
index 1c9ce49..b9a1303 100644 (file)
--- a/net/bridge/netfilter/Makefile
+++ b/net/bridge/netfilter/Makefile
@@ -9,7 +9,7 @@ obj-$(CONFIG_NFT_BRIDGE_REJECT)  += nft_reject_bridge.o
 # connection tracking
 obj-$(CONFIG_NF_CONNTRACK_BRIDGE) += nf_conntrack_bridge.o
 
 # connection tracking
 obj-$(CONFIG_NF_CONNTRACK_BRIDGE) += nf_conntrack_bridge.o
 

-obj-$(CONFIG_BRIDGE_NF_EBTABLES) += ebtables.o
+obj-$(CONFIG_BRIDGE_NF_EBTABLES_LEGACY) += ebtables.o

 
 # tables
 obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o
 
 # tables
 obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o