mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 21:11:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #649 from flatcar-linux/dongsu/kernel-remove-ip-conntrack-ipv4

Browse Source 
sys-kernel: remove blank kernel module nf-conntrack-ipv4
This commit is contained in:
Dongsu Park 2020-10-15 11:36:50 +02:00 committed by GitHub
commit 8cb9909d1e
4 changed files with 2 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-5.8.14.ebuild vendored
View File

@ -34,5 +34,4 @@ IUSE=""
UNIPATCH_LIST=" UNIPATCH_LIST="
${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \
${PATCH_DIR}/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch \ ${PATCH_DIR}/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch \
${PATCH_DIR}/z0003-net-netfilter-add-nf_conntrack_ipv4-compat-module-fo.patch \
" "

2
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/5.8/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch vendored
View File

@ -1,7 +1,7 @@
From b500ac62a04f6aede02e0ca8c9a4228b0ffc2828 Mon Sep 17 00:00:00 2001 From b500ac62a04f6aede02e0ca8c9a4228b0ffc2828 Mon Sep 17 00:00:00 2001
From: Vito Caputo <vito.caputo@coreos.com> From: Vito Caputo <vito.caputo@coreos.com>
Date: Wed, 25 Nov 2015 02:59:45 -0800 Date: Wed, 25 Nov 2015 02:59:45 -0800
Subject: [PATCH 1/3] kbuild: derive relative path for srctree from CURDIR Subject: [PATCH 1/2] kbuild: derive relative path for srctree from CURDIR
This enables relocating source and build trees to different roots, This enables relocating source and build trees to different roots,
provided they stay reachable relative to one another. Useful for provided they stay reachable relative to one another. Useful for

2
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/5.8/z0002-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch vendored
View File

@ -1,7 +1,7 @@
From d2559ba1a806f8d010d09807c2c0906181824626 Mon Sep 17 00:00:00 2001 From d2559ba1a806f8d010d09807c2c0906181824626 Mon Sep 17 00:00:00 2001
From: David Michael <david.michael@coreos.com> From: David Michael <david.michael@coreos.com>
Date: Thu, 8 Feb 2018 21:23:12 -0500 Date: Thu, 8 Feb 2018 21:23:12 -0500
Subject: [PATCH 2/3] tools/objtool/Makefile: Don't fail on fallthrough with Subject: [PATCH 2/2] tools/objtool/Makefile: Don't fail on fallthrough with
new GCCs new GCCs
--- ---

87
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/5.8/z0003-net-netfilter-add-nf_conntrack_ipv4-compat-module-fo.patch vendored
View File

@ -1,87 +0,0 @@
From ab2e2914cd297cd14a82fdbe6b709290bd9fe449 Mon Sep 17 00:00:00 2001
From: Benjamin Gilbert <bgilbert@redhat.com>
Date: Fri, 26 Oct 2018 17:00:56 -0700
Subject: [PATCH 3/3] net/netfilter: add nf_conntrack_ipv4 compat module for
kube-proxy
kube-proxy won't enable ipvs unless it can modprobe nf_conntrack_ipv4 and
find it in the list of loaded modules afterward. Thus an alias isn't
enough to maintain compatibility; we need an actual module.
---
net/netfilter/Kconfig | 8 ++++++++
net/netfilter/Makefile | 1 +
net/netfilter/nf_conntrack_ipv4.c | 31 +++++++++++++++++++++++++++++++
3 files changed, 40 insertions(+)
create mode 100644 net/netfilter/nf_conntrack_ipv4.c
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 0ffe2b8723c4..522b1a6c9e7e 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -71,6 +71,14 @@ config NF_CONNTRACK
To compile it as a module, choose M here. If unsure, say N.
+config NF_CONNTRACK_IPV4_COMPAT
+ tristate "Netfilter connection tracking IPv4 compatibility module"
+ depends on NF_CONNTRACK
+ default NF_CONNTRACK
+ help
+ Compatibility nf_conntrack_ipv4 module that loads nf_conntrack.ko,
+ since kube-proxy cares about the names of loaded kernel modules.
+
config NF_LOG_COMMON
tristate
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 0e0ded87e27b..fb28e546187b 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -25,6 +25,7 @@ obj-$(CONFIG_NETFILTER_NETLINK_OSF) += nfnetlink_osf.o
# connection tracking
obj-$(CONFIG_NF_CONNTRACK) += nf_conntrack.o
+obj-$(CONFIG_NF_CONNTRACK_IPV4_COMPAT) += nf_conntrack_ipv4.o
# netlink interface for nf_conntrack
obj-$(CONFIG_NF_CT_NETLINK) += nf_conntrack_netlink.o
diff --git a/net/netfilter/nf_conntrack_ipv4.c b/net/netfilter/nf_conntrack_ipv4.c
new file mode 100644
index 000000000000..8308772022c6
--- /dev/null
+++ b/net/netfilter/nf_conntrack_ipv4.c
@@ -0,0 +1,31 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Compatibility nf_conntrack_ipv4 module that depends on nf_conntrack
+ * to keep kube-proxy happy.
+ *
+ * Copyright (c) 2018 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#include <linux/module.h>
+#include <linux/printk.h>
+#include <net/netfilter/nf_conntrack.h>
+
+unsigned int *pointer_to_nf_conntrack_data = &nf_conntrack_max;
+
+static int __init nf_conntrack_ipv4_init(void) {
+ pr_notice("nf_conntrack_ipv4: loaded compatibility alias for nf_conntrack\n");
+ return 0;
+}
+
+static void __exit nf_conntrack_ipv4_exit(void) {}
+
+module_init(nf_conntrack_ipv4_init);
+module_exit(nf_conntrack_ipv4_exit);
+
+MODULE_DESCRIPTION("kube-proxy compatibility wrapper for nf_conntrack.ko");
+MODULE_LICENSE("GPL");
--
2.26.2