From fcc6877c8b4802a58d3c346e1fd5fd708aa19b71 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 27 May 2020 21:56:02 +0200
Subject: [PATCH] gluon-core: build in xt_CT with GLUON_SPECIALIZE_KERNEL

xt_CT was added to kmod-ipt-conntrack a while back. Update our
GLUON_SPECIALIZE_KERNEL rules accordingly.

When building xt_CT into the kernel, one of the symbols IP_NF_RAW and
IP6_NF_RAW must be enabled as well, even though there is no runtime
dependency when building as modules. The kernel grows by less than 1KB
even when both IP_NF_RAW and NETFILTER_XT_TARGET_CT are enabled, making
this change a (very slight) net win in both flash and RAM usage.
---
 package/gluon-core/Config.in | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/package/gluon-core/Config.in b/package/gluon-core/Config.in
index 954651464..7c3ba6fcb 100644
--- a/package/gluon-core/Config.in
+++ b/package/gluon-core/Config.in
@@ -279,6 +279,16 @@ config KERNEL_NETFILTER_XT_MATCH_CONNTRACK
 	select KERNEL_NETFILTER_XTABLES
 	select KERNEL_NF_CONNTRACK
 
+config KERNEL_IP_NF_RAW
+	bool
+	select KERNEL_IP_NF_IPTABLES
+
+config KERNEL_NETFILTER_XT_TARGET_CT
+	bool
+	select KERNEL_NETFILTER_XTABLES
+	select KERNEL_NF_CONNTRACK
+	select KERNEL_IP_NF_RAW
+
 
 # kmod-ipt-nat
 
@@ -344,6 +354,7 @@ config GLUON_SPECIALIZE_KERNEL
 	select KERNEL_NETFILTER_XT_TARGET_TCPMSS
 	select KERNEL_NETFILTER_XT_MATCH_STATE
 	select KERNEL_NETFILTER_XT_MATCH_CONNTRACK
+	select KERNEL_NETFILTER_XT_TARGET_CT
 	select KERNEL_IP_NF_NAT
 	select KERNEL_IP_NF_TARGET_MASQUERADE
 	select KERNEL_IP_NF_TARGET_REDIRECT
-- 
GitLab