Skip to content

armbian build machinery - force all iptables/nftables to be built #8661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 27, 2025
Merged

armbian build machinery - force all iptables/nftables to be built #8661

merged 1 commit into from
Sep 27, 2025

Conversation

tabrisnet
Copy link

@tabrisnet tabrisnet commented Sep 22, 2025
edited
Loading

Description

Rather than just modify armbian_kernel_config__enable_docker_support to make modules instead of built-ins, just build all iptables/nftables modules as modules.
Also yanks the iptables/nftables kernel_config_set_m or kernel_config_set_y from armbian_kernel_config__enable_docker_support

this is an alternative to #8658

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

  • built kernels for nanopim4v2, tritium-h3, rock-5-itx, bananapir4, pine64so, orangepizero2
  • [ ]

Checklist:

Please delete options that are not relevant.

  • [?] My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas

@github-actions github-actions bot added 11 Milestone: Fourth quarter release size/medium PR with more then 50 and less then 250 lines labels Sep 22, 2025
@tabrisnet tabrisnet added Work in progress Unfinished / work in progress and removed 11 Milestone: Fourth quarter release size/medium PR with more then 50 and less then 250 lines labels Sep 22, 2025
@github-actions github-actions bot added Needs review Seeking for review Framework Framework components labels Sep 22, 2025
@tabrisnet tabrisnet added the 11 Milestone: Fourth quarter release label Sep 22, 2025
@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from fb0f87c to 4601a22 Compare September 22, 2025 01:05
@github-actions github-actions bot added the size/medium PR with more then 50 and less then 250 lines label Sep 22, 2025
@tabrisnet tabrisnet mentioned this pull request Sep 22, 2025
Draft
2 tasks
@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from 4601a22 to 89a3a5f Compare September 22, 2025 12:37
@tabrisnet tabrisnet marked this pull request as ready for review September 22, 2025 15:35
@tabrisnet tabrisnet requested a review from a team as a code owner September 22, 2025 15:35
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 22, 2025
edited
Loading

Walkthrough

Added a new public function armbian_kernel_config__select_nftables() in lib/functions/compilation/armbian-kernel.sh that, when a .config exists, enables a large set of nftables/netfilter, iptables, conntrack, NAT, bridge and related kernel options (mostly as modules). Many NF_TABLES-/netfilter-related options previously enabled in armbian_kernel_config__enable_docker_support() were removed from that function, centralizing nftables/netfilter selection in the new function.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • allow BTRFS to be built as module #8561 — Also modifies armbian_kernel_config__enable_docker_support() in lib/functions/compilation/armbian-kernel.sh; likely overlaps in kernel config option handling.

Suggested labels

size/medium

Suggested reviewers

  • EvilOlaf
  • chraac
  • rpardini
  • leggewie
  • AGM1968
  • teknoid

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The pull request title succinctly highlights the primary change—updating the Armbian build machinery to force iptables and nftables components to be built—making it clear and directly related to the changeset.
Description Check ✅ Passed The description clearly outlines the changes to build all iptables and nftables modules, the removal of related settings from the Docker support function, and the testing performed, making it directly relevant to the changeset.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from 89a3a5f to 2b0825a Compare September 22, 2025 15:36
@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from 2b0825a to fddb8fc Compare September 22, 2025 16:41
@github-actions github-actions bot added size/large PR with 250 lines or more and removed size/medium PR with more then 50 and less then 250 lines labels Sep 22, 2025
coderabbitai[bot]
coderabbitai bot reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (6)
lib/functions/compilation/armbian-kernel.sh (6)

232-236: IP_NF_SECURITY should be a module if tristate (to honor “force modules”)

If CONFIG_IP_NF_SECURITY is tristate on your target kernels, setting it to built‑in contradicts the PR goal.

-		kernel_config_set_y IP_NF_SECURITY                  # Enables security features for IPv4 netfilter
+		kernel_config_set_m IP_NF_SECURITY                  # Prefer module if tristate; leave =y only if boolean

If some vendor trees expose IP_NF_SECURITY as boolean, keep =y there. Verify across your supported kernel families (LTS 6.1/6.6, vendor 5.10/5.15). I can script a check against Kconfig if you provide the source paths.

235-235: Duplicate NETFILTER_ADVANCED assignment

NETFILTER_ADVANCED is set twice (=y). Drop one to reduce noise.

-		kernel_config_set_y NETFILTER_ADVANCED              # Enables advanced netfilter options
@@
-		kernel_config_set_y NETFILTER_ADVANCED              # Enables advanced netfilter options

Also applies to: 330-331

204-206: *Enabling both _LEGACY and non-legacy iptables: confirm intent or gate behind a switch

You enable IP6_NF_IPTABLES and IP6_NF_IPTABLES_LEGACY (and the IPv4 counterparts). That pulls in both xtables legacy and modern stacks. If the goal is “always available,” fine; otherwise, consider a build flag (e.g., KERNEL_IPTABLES_LEGACY=yes) or restrict to nft + xtables-nft compat.

I can add a simple guard (env var + linux-version checks) if desired.

Also applies to: 225-227

200-392: Reduce maintenance risk: define arrays and loop vs. 190+ imperative calls

The long series of kernel_config_set_m/_y calls is hard to diff and easy to diverge across branches. Consider arrays grouped by intent (core booleans ‘=y’, tri‑states ‘=m’) and loop over them. This also makes it trivial to feed kernel_config_modifying_hashes in one place.

I can provide a refactor patch that:

  • declares module_symbols=(…)
  • declares builtin_symbols=(…)
  • appends representative hashes
  • iterates to apply when .config exists

202-202: BRIDGE_NETFILTER set in both select_nftables and enable_docker_support

To keep boundaries clear (PR says docker path no longer mutates iptables/nftables), remove the duplicate from docker support.

-		kernel_config_set_m BRIDGE_NETFILTER                # Enables netfilter support for the bridge

Also applies to: 414-415

236-237: Comment mismatch: NETFILTER_BPF_LINK is not “BPF_SYSCALL”

The inline comment “# BPF_SYSCALL” next to NETFILTER_BPF_LINK is misleading. NETFILTER_BPF_LINK enables attaching BPF programs to netfilter hooks; BPF_SYSCALL is separate and already enabled elsewhere.

-		kernel_config_set_y NETFILTER_BPF_LINK              # BPF_SYSCALL
+		kernel_config_set_y NETFILTER_BPF_LINK              # BPF link support for netfilter hooks
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between fddb8fc and 7b0d197.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (7)
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🧬 Code graph analysis (1)
lib/functions/compilation/armbian-kernel.sh (1)
lib/functions/compilation/kernel-config.sh (1)
  • call_extensions_kernel_config (88-111)
🔇 Additional comments (2)
lib/functions/compilation/armbian-kernel.sh (2)

332-339: NF_TABLES_ family options set to =y: verify they’re boolean-only*

NF_TABLES_INET/IPV4/IPV6/NETDEV (and ARP) are typically boolean feature toggles under NF_TABLES. If any are tristate in your kernels, flip them to =m to stay consistent with “force modules.”

I can generate a script to scan Kconfig across your supported kernel sources to validate tristate vs. boolean and emit a safe map.

354-357: Potentially invalid/renamed symbol: NFT_COMPAT_ARP

Please verify NFT_COMPAT_ARP exists in all targeted kernels. If it’s not present (or renamed), scripts/config will inject unknown symbols and later olddefconfig will drop them, causing noisy logs.

Would you like a checker that greps Kconfig for every symbol in this function and reports unknowns by kernel family?

@tabrisnet
Copy link
Author

Actionable comments posted: 2
🧹 Nitpick comments (6)

@coderabbitai

236-237: Comment mismatch: NETFILTER_BPF_LINK is not “BPF_SYSCALL”
The inline comment “# BPF_SYSCALL” next to NETFILTER_BPF_LINK is misleading. NETFILTER_BPF_LINK enables attaching BPF programs to netfilter hooks; BPF_SYSCALL is separate and already enabled elsewhere.

-		kernel_config_set_y NETFILTER_BPF_LINK              # BPF_SYSCALL
+		kernel_config_set_y NETFILTER_BPF_LINK              # BPF link support for netfilter hooks

I'll look into this. but fwiw I didn't write these comments manually but rather pulled them from
the various Kconfig entries, using the text after bool, tristate or def_bool
specifically NETFILTER_BPF_LINK

I may have misunderstood the semantics of def_bool's text parameter.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 22, 2025

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

I understand your approach of pulling comments from Kconfig entries! Let me examine the actual Kconfig definition to clarify the def_bool semantics.

@tabrisnet You're absolutely right about the source of the comment! Looking at the Kconfig definition, the confusion comes from how def_bool works.

In Kconfig syntax:

  • def_bool BPF_SYSCALL means "default to bool, with the default value determined by the BPF_SYSCALL config option"
  • The text after def_bool is actually a dependency/default condition, not a description

So def_bool BPF_SYSCALL means:

  • This is a boolean option
  • Its default value follows the state of CONFIG_BPF_SYSCALL
  • If BPF_SYSCALL=y, then NETFILTER_BPF_LINK defaults to y

This explains why your automated comment extraction picked up "BPF_SYSCALL" - it's technically the default value expression, not the feature description. The actual feature description would typically be in a separate help section or sometimes absent in simple entries.

Your approach of automated comment generation from Kconfig is clever, but for def_bool/def_tristate entries, you might want to:

  1. Use the help text if available, or
  2. Create a descriptive comment based on the config name itself
  3. Skip the dependency expression part

The suggested change to "BPF link support for netfilter hooks" is more descriptive of what the feature actually does, even though "BPF_SYSCALL" is technically what the Kconfig contains.

🏁 Script executed:

#!/bin/bash
# Let's look at the NETFILTER_BPF_LINK Kconfig definition from the Linux kernel
curl -s "https://raw.githubusercontent.com/torvalds/linux/master/net/netfilter/Kconfig" | grep -A 10 -B 2 "NETFILTER_BPF_LINK"

Length of output: 328

Perfect! Now I can see exactly what happened. The Kconfig definition confirms your understanding:

config NETFILTER_BPF_LINK
	def_bool BPF_SYSCALL

Your automated comment extraction was technically correct from a Kconfig parsing perspective. You extracted "BPF_SYSCALL" because that's literally what follows def_bool. However, this creates a misleading comment because:

  1. What def_bool BPF_SYSCALL actually means: "This boolean option defaults to the same value as the BPF_SYSCALL configuration option"
  2. What the comment implies: "This option is BPF_SYSCALL" (which is incorrect)

The issue is that NETFILTER_BPF_LINK has no descriptive text in its Kconfig entry - just the dependency/default relationship. This is common for simple "glue" configuration options.

For your automated comment generation, you might want to handle def_bool/def_tristate entries differently:

# Instead of using the dependency as a comment:
kernel_config_set_y NETFILTER_BPF_LINK              # BPF_SYSCALL

# Consider these alternatives:
kernel_config_set_y NETFILTER_BPF_LINK              # depends on BPF_SYSCALL
kernel_config_set_y NETFILTER_BPF_LINK              # netfilter BPF link support
# or simply:
kernel_config_set_y NETFILTER_BPF_LINK

Your approach of automated extraction is smart - it just needs a small tweak to handle the semantic difference between descriptions and dependencies in Kconfig files.

  (\   /)
 ( ._. )
o_("_")("_")  *thinking rabbit*
✏️ Learnings added 
Learnt from: tabrisnet
URL: https://github.com/armbian/build/pull/8661

Timestamp: 2025-09-22T22:08:54.215Z
Learning: When extracting comments from Linux Kconfig files, def_bool and def_tristate entries use their parameter as a dependency/default condition, not as a feature description. Comments should be generated differently for these entry types to avoid misleading inline documentation.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

coderabbitai[bot]
coderabbitai bot reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
lib/functions/compilation/armbian-kernel.sh (1)

194-201: Intent mismatch: function preserves existing =y; PR title says “force modules”

Using kernel_config_set_m intentionally keeps existing built-ins. Decide and document: either

  • Clarify comment to “prefer modules; keep existing =y”, or
  • Implement a “force to =m” helper and use it here.

Apply this minimal comment fix if “prefer modules” is intended:

-# Enables almost all IPTABLES/NFTABLES options as modules [whilst 
-# allowing them to be built-in]. no particular modules are intentionally 
-# excluded, but this author doesn't want to claim it's 100.00% 
-# comprehensive, in case more are added or some oversight is found. 
+# Prefer modules for almost all IPTABLES/NFTABLES (preserve existing =y).
+# No particular modules are intentionally excluded; may not be 100% exhaustive.
+# Useful split from docker support path.

If you do want to coerce =y→=m, I can provide a safe helper that toggles through =n then =m only for tristates and leaves booleans alone. Do you want that?

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7b0d197 and 163454e.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (16)
📓 Common learnings 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:59:36.311Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-24T10:08:40.313Z 
Learnt from: EvilOlaf
PR: armbian/build#8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🔇 Additional comments (1)
lib/functions/compilation/armbian-kernel.sh (1)

235-235: Good fix: clearer NETFILTER_BPF_LINK comment

The new inline text reflects intent and avoids “def_bool BPF_SYSCALL” confusion. LGTM.

coderabbitai[bot]
coderabbitai bot reviewed Sep 22, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (6)
lib/functions/compilation/armbian-kernel.sh (6)

194-199: Reword header to reflect “prefer modules; booleans stay y” and call out unavoidable bools

Title/goal says “force as modules,” but implementation preserves existing =y and several nf_tables children are bool-only. Clarify intent to avoid confusion for future maintainers.

-# Enables almost all IPTABLES/NFTABLES options as modules [whilst 
-# allowing them to be built-in]. no particular modules are intentionally 
-# excluded, but this author doesn't want to claim it's 100.00% 
-# comprehensive, in case more are added or some oversight is found. 
-# split in part from armbian_kernel_config__enable_docker_support.
+# Prefer modules for nearly all iptables/nftables components; existing built‑ins remain =y.
+# Some nf_tables suboptions are bool-only and will necessarily be built‑in, which can promote parents to =y.
+# No particular modules are intentionally excluded; list may evolve. Split out of enable_docker_support.

203-226: Guard symbols that may be absent in some supported kernels/vendors

Several symbols (e.g., IP6_NF_IPTABLES, some legacy iptables targets) are not uniformly present across all Armbian kernel families/versions. A missing symbol makes scripts/config fail on CI/builders. Prefer “try‑set” wrappers that noop if the symbol doesn’t exist.

+## helpers (place near other helpers)
+function kernel_config_try_set_y() { ./scripts/config --state "$1" >/dev/null 2>&1 && kernel_config_set_y "$1"; }
+function kernel_config_try_set_m() { ./scripts/config --state "$1" >/dev/null 2>&1 && kernel_config_set_m "$1"; }

-		kernel_config_set_m IP6_NF_IPTABLES
+		kernel_config_try_set_m IP6_NF_IPTABLES
-		kernel_config_set_m IP_NF_IPTABLES
+		kernel_config_try_set_m IP_NF_IPTABLES
-		kernel_config_set_m IP_NF_TARGET_NETMAP
+		kernel_config_try_set_m IP_NF_TARGET_NETMAP

If you’d rather not add helpers, inline the state check before risky enables.

326-336: Bool nf_tables children will promote NF_TABLES=y — document as intentional

NF_TABLES_{ARP,INET,IPV4,IPV6,NETDEV} are bool in 6.12; setting them =y makes NF_TABLES end up built‑in. If that’s desired, fine — but please acknowledge this explicitly (see header change) so it doesn’t look like drift from the “modules” goal.

247-248: NETFILTER_XTABLES_COMPAT=y may imply 32‑bit compat expectations

On 64‑bit kernels without CONFIG_COMPAT, this is harmless; with COMPAT it increases surface area. Confirm we actually want this globally.

Also applies to: 297-297

351-355: A few nftables extras vary by kernel; consider try‑set for these clusters

Targets like NFT_FIB_NETDEV, NFT_FLOW_OFFLOAD, NFT_TUNNEL, NFT_XFRM, NFT_OSF, NFT_COMPAT{,_ARP} can differ across vendor trees. Using the proposed try‑set wrappers on these groups will reduce build fragility.

Also applies to: 361-366, 366-389

328-334: Minor ordering nit: set parents before children to reduce churn in logs

Enabling NF_TABLES before its children reduces redundant dependency toggles and log noise.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 163454e and f2c0994.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (17)
📓 Common learnings 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.
📚 Learning: 2025-09-22T21:59:36.311Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-24T10:08:40.313Z 
Learnt from: EvilOlaf
PR: armbian/build#8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:53:30.629Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:805-825
Timestamp: 2025-07-27T15:53:30.629Z
Learning: In the Armbian build system, kernel configurations prioritize broad hardware compatibility over optimization concerns. Even when including numerous legacy/obsolete drivers causes technical issues like increased initramfs size and slower enumeration, the project philosophy is to "appease the masses" by ensuring maximum device compatibility rather than optimizing for specific use cases.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🧬 Code graph analysis (1)
lib/functions/compilation/armbian-kernel.sh (1)
lib/functions/compilation/kernel-config.sh (1)
  • call_extensions_kernel_config (88-111)
🔇 Additional comments (2)
lib/functions/compilation/armbian-kernel.sh (2)

200-201: Add representative kernel_config_modifying_hashes entries (per hook contract)

The kernel-config hook may run without .config; docs say it must still add representative hashes. Add a minimal, stable subset here.

 function armbian_kernel_config__select_nftables() {
-	if [[ -f .config ]]; then
+	# Representative hashes for config cache invalidation when .config is absent.
+	kernel_config_modifying_hashes+=(
+		"CONFIG_NETFILTER=y"
+		"CONFIG_NETFILTER_XTABLES=m"
+		"CONFIG_NF_TABLES=m"
+		"CONFIG_IP_NF_IPTABLES=m"
+		"CONFIG_IP6_NF_IPTABLES=m"
+	)
+	if [[ -f .config ]]; then

233-233: Good fix on NETFILTER_BPF_LINK comment

Accurate description replaces misleading “BPF_SYSCALL” token extraction. LGTM.

@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from 3e3c198 to 2c3171c Compare September 23, 2025 11:03
coderabbitai[bot]
coderabbitai bot reviewed Sep 23, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
lib/functions/compilation/armbian-kernel.sh (1)

194-199: Consider improving the function comment for clarity.

Based on the learnings from past review comments, the function comment could be more precise about the behavior. The current comment mentions "allowing them to be built-in" which could be clarified to reflect that kernel_config_set_m preserves existing built-in settings.

Consider updating the comment to:

-# Enables almost all IPTABLES/NFTABLES options as modules [whilst 
-# allowing them to be built-in]. no particular modules are intentionally 
-# excluded, but this author doesn't want to claim it's 100.00% 
-# comprehensive, in case more are added or some oversight is found. 
-# split in part from armbian_kernel_config__enable_docker_support.
+# Prefer modules for almost all IPTABLES/NFTABLES options (booleans remain =y).
+# No particular modules are intentionally excluded, but this author doesn't want 
+# to claim it's 100.00% comprehensive, in case more are added or some oversight 
+# is found. Split in part from armbian_kernel_config__enable_docker_support.
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3e3c198 and 2c3171c.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (19)
📓 Common learnings 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub API (https://api.github.com/repos/armbian/build/pulls/{pr_number}/files) to get the complete picture of what files are being added or modified, especially for U-Boot patches that will be applied during the build process.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.
📚 Learning: 2025-09-22T21:59:36.311Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-24T10:08:40.313Z 
Learnt from: EvilOlaf
PR: armbian/build#8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:53:30.629Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:805-825
Timestamp: 2025-07-27T15:53:30.629Z
Learning: In the Armbian build system, kernel configurations prioritize broad hardware compatibility over optimization concerns. Even when including numerous legacy/obsolete drivers causes technical issues like increased initramfs size and slower enumeration, the project philosophy is to "appease the masses" by ensuring maximum device compatibility rather than optimizing for specific use cases.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-26T10:43:10.130Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T10:43:10.130Z
Learning: When reviewing kernel configuration files, it's important to verify the actual Kconfig dependencies in the source code rather than making assumptions about configuration validity, especially for complex subsystems like I2C drivers where the dependency relationships may be more nuanced than initially apparent.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-17T04:12:33.125Z 
Learnt from: pyavitz
PR: armbian/build#8388
File: config/boards/kickpik2b.conf:1-14
Timestamp: 2025-07-17T04:12:33.125Z
Learning: In the Armbian build system, board configuration files (*.conf) follow a project standard of not including shebang lines, even though they contain bash code and are sourced by the build system. This is an established Armbian convention that individual contributors are expected to follow, and changes to this standard would require broader project maintainer approval.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🧬 Code graph analysis (1)
lib/functions/compilation/armbian-kernel.sh (1)
lib/functions/compilation/kernel-config.sh (1)
  • call_extensions_kernel_config (88-111)
🔇 Additional comments (7)
lib/functions/compilation/armbian-kernel.sh (7)

201-202: Good defensive programming practice.

The .config existence check is appropriate and follows the pattern established in other kernel configuration functions.

223-232: LGTM! Essential IPv4 tables are now properly enabled.

The addition of IP_NF_FILTER and IP_NF_MANGLE addresses the missing tables that would have broken common iptables usage. This resolves the issue raised in past review comments.

235-235: Verify accuracy of auto-generated inline comment.

Based on the PR objectives discussion about misleading auto-generated comments, this comment "BPF link support for netfilter hooks" looks correct and properly describes the functionality rather than using a dependency token as a description.

331-337: LGTM! Correct usage of built-in settings for bool options.

The use of kernel_config_set_y for these NF_TABLES_* options is correct since they are bool options in modern kernels and cannot be set as modules. Despite previous misunderstandings about Kconfig dependencies, these settings work properly in practice.

344-346: LGTM! Bool options correctly set as built-in.

The change to use kernel_config_set_y for NF_CONNTRACK_ZONES and NF_CONNTRACK_EVENTS is correct based on past review findings that these are bool options in modern kernels.

390-398: LGTM! Proper IP_SET configuration.

The addition of IP_SET core support and various hash-based backends properly addresses the dependencies for NETFILTER_XT_SET. The corrected symbols with HASH_ prefixes ensure proper functionality.

200-399: Function will be automatically invoked by Armbian's extension system.

Based on the learnings from past discussions, functions with the armbian_kernel_config__* naming pattern are automatically discovered and invoked by Armbian's extension system using metaprogramming (compgen -A function). No explicit registration is required.

coderabbitai[bot]
coderabbitai bot reviewed Sep 23, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
lib/functions/compilation/armbian-kernel.sh (1)

194-199: Clarify intent in the header comment (“prefer modules; booleans =y”).

Tighten the wording to match actual behavior (preserve existing =y; set tristates to =m; leave bools as =y).

Apply:

-# Enables almost all IPTABLES/NFTABLES options as modules [whilst 
-# allowing them to be built-in]. no particular modules are intentionally 
-# excluded, but this author doesn't want to claim it's 100.00% 
-# comprehensive, in case more are added or some oversight is found. 
-# split in part from armbian_kernel_config__enable_docker_support.
+# Prefer modules for IPTABLES/NFTABLES; preserve existing built-ins.
+# Tristate options are set to =m when not already =y; boolean options are set to =y.
+# No modules are intentionally excluded, though the list may not be 100% exhaustive.
+# Split from armbian_kernel_config__enable_docker_support.
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 2c3171c and f19c32f.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (19)
📓 Common learnings 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub API (https://api.github.com/repos/armbian/build/pulls/{pr_number}/files) to get the complete picture of what files are being added or modified, especially for U-Boot patches that will be applied during the build process.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.
📚 Learning: 2025-09-22T21:59:36.311Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.311Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.189Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.189Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-24T10:08:40.313Z 
Learnt from: EvilOlaf
PR: armbian/build#8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:53:30.629Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:805-825
Timestamp: 2025-07-27T15:53:30.629Z
Learning: In the Armbian build system, kernel configurations prioritize broad hardware compatibility over optimization concerns. Even when including numerous legacy/obsolete drivers causes technical issues like increased initramfs size and slower enumeration, the project philosophy is to "appease the masses" by ensuring maximum device compatibility rather than optimizing for specific use cases.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-26T10:43:10.130Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T10:43:10.130Z
Learning: When reviewing kernel configuration files, it's important to verify the actual Kconfig dependencies in the source code rather than making assumptions about configuration validity, especially for complex subsystems like I2C drivers where the dependency relationships may be more nuanced than initially apparent.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-17T04:12:33.125Z 
Learnt from: pyavitz
PR: armbian/build#8388
File: config/boards/kickpik2b.conf:1-14
Timestamp: 2025-07-17T04:12:33.125Z
Learning: In the Armbian build system, board configuration files (*.conf) follow a project standard of not including shebang lines, even though they contain bash code and are sourced by the build system. This is an established Armbian convention that individual contributors are expected to follow, and changes to this standard would require broader project maintainer approval.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🧬 Code graph analysis (1)
lib/functions/compilation/armbian-kernel.sh (1)
lib/functions/compilation/kernel-config.sh (1)
  • call_extensions_kernel_config (88-111)
🔇 Additional comments (5)
lib/functions/compilation/armbian-kernel.sh (5)

200-201: Consider adding representative hashes for config caching (optional).

The kernel-config hook may run without .config; adding a few representative entries helps hashing/invalidation. You previously noted this isn’t universally required; leaving as optional.

If you choose to add, minimally:

 function armbian_kernel_config__select_nftables() {
+	# Representative hashes for config caching when .config is absent (optional).
+	kernel_config_modifying_hashes+=(
+		"CONFIG_NETFILTER=y"
+		"CONFIG_NF_TABLES=m"
+		"CONFIG_NETFILTER_XTABLES=m"
+		"CONFIG_IP_NF_IPTABLES=m"
+		"CONFIG_IP6_NF_IPTABLES=m"
+	)
 	if [[ -f .config ]]; then

224-232: Good catch: include IPv4 filter/mangle tables.

Adding IP_NF_FILTER and IP_NF_MANGLE fills a common gap and avoids filter/mangle table surprises.

235-235: Accurate inline comment for NETFILTER_BPF_LINK.

“BPF link support for netfilter hooks” is correct and avoids the def_bool token confusion.

328-338: NF_TABLES hierarchy: bool children with NF_TABLES=m is valid.

Using =y for NF_TABLES_{ARP,INET,IPV4,IPV6,NETDEV} while keeping NF_TABLES=m aligns with current Kconfig; no unintended promotion.

390-397: ipset core and backends look correct.

Symbols and naming (HASH_* and BITMAP_*) are correct and cover common use-cases.

@igorpecovnik
Copy link
Member

I think this way is better. I didn't check all options, one by one, but looks ok.

@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from f19c32f to 49c86b6 Compare September 24, 2025 10:09
coderabbitai[bot]
coderabbitai bot reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
lib/functions/compilation/armbian-kernel.sh (2)

194-199: Clarify intent in the header comment (“prefer modules; booleans remain y”).

Tighten wording to reflect actual behavior and avoid the bracketed aside.

Apply:

-# Enables almost all IPTABLES/NFTABLES options as modules [whilst 
-# allowing them to be built-in]. no particular modules are intentionally 
-# excluded, but this author doesn't want to claim it's 100.00% 
-# comprehensive, in case more are added or some oversight is found. 
-# split in part from armbian_kernel_config__enable_docker_support.
+# Prefer modules for nearly all IPTABLES/NFTABLES options; booleans are set =y.
+# Not claiming 100% coverage; split out from armbian_kernel_config__enable_docker_support.

200-201: Add representative hashes to honor the hook contract.

Per call_extensions_kernel_config docs, add a few stable “representative” entries to kernel_config_modifying_hashes even when .config is absent. Use only booleans to avoid the =m vs =y ambiguity you noted.

Apply:

 function armbian_kernel_config__select_nftables() {
+	# Representative hashing (booleans only; avoids =m vs =y ambiguity)
+	kernel_config_modifying_hashes+=(
+		"CONFIG_NETFILTER=y"
+		"CONFIG_NETFILTER_ADVANCED=y"
+		"CONFIG_NETFILTER_FAMILY_BRIDGE=y"
+		"CONFIG_NETFILTER_INGRESS=y"
+		"CONFIG_NETFILTER_EGRESS=y"
+	)
 	if [[ -f .config ]]; then
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f19c32f and 49c86b6.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (20)
📓 Common learnings 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.
📚 Learning: 2025-09-22T21:59:36.334Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-24T10:08:40.313Z 
Learnt from: EvilOlaf
PR: armbian/build#8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-24T09:54:07.955Z 
Learnt from: amazingfate
PR: armbian/build#8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.955Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:53:30.629Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:805-825
Timestamp: 2025-07-27T15:53:30.629Z
Learning: In the Armbian build system, kernel configurations prioritize broad hardware compatibility over optimization concerns. Even when including numerous legacy/obsolete drivers causes technical issues like increased initramfs size and slower enumeration, the project philosophy is to "appease the masses" by ensuring maximum device compatibility rather than optimizing for specific use cases.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-26T10:43:10.130Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T10:43:10.130Z
Learning: When reviewing kernel configuration files, it's important to verify the actual Kconfig dependencies in the source code rather than making assumptions about configuration validity, especially for complex subsystems like I2C drivers where the dependency relationships may be more nuanced than initially apparent.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-17T04:12:33.125Z 
Learnt from: pyavitz
PR: armbian/build#8388
File: config/boards/kickpik2b.conf:1-14
Timestamp: 2025-07-17T04:12:33.125Z
Learning: In the Armbian build system, board configuration files (*.conf) follow a project standard of not including shebang lines, even though they contain bash code and are sourced by the build system. This is an established Armbian convention that individual contributors are expected to follow, and changes to this standard would require broader project maintainer approval.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🧬 Code graph analysis (1)
lib/functions/compilation/armbian-kernel.sh (1)
lib/functions/compilation/kernel-config.sh (1)
  • call_extensions_kernel_config (88-111)
🔇 Additional comments (5)
lib/functions/compilation/armbian-kernel.sh (5)

224-233: Good catch adding IPv4 filter/mangle tables.

These were easy to miss; including IP_NF_FILTER and IP_NF_MANGLE restores common iptables use.

235-235: Accurate inline description for NETFILTER_BPF_LINK.

Replacing the misleading “BPF_SYSCALL” token with a human-readable description is correct.

331-337: Correct handling of NF_TABLES bool children vs NF_TABLES=m.

Setting the bool children (=y) while keeping NF_TABLES as a module is valid in modern kernels.

390-397: ipset core/backends are complete and use correct symbol names.

IP_SET core plus HASH_* and BITMAP_* backends look correct and cover xt_set needs.

202-205: BRIDGE is enabled (kernel_config_set_y BRIDGE at lib/functions/compilation/armbian-kernel.sh:420).

[kresolve_review_comment]

@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from 49c86b6 to 20b621f Compare September 25, 2025 18:20
coderabbitai[bot]
coderabbitai bot reviewed Sep 25, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 49c86b6 and 20b621f.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (20)
📓 Common learnings 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.
📚 Learning: 2025-09-22T21:59:36.334Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-24T10:08:40.313Z 
Learnt from: EvilOlaf
PR: armbian/build#8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-24T09:54:07.968Z 
Learnt from: amazingfate
PR: armbian/build#8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.968Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:53:30.629Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:805-825
Timestamp: 2025-07-27T15:53:30.629Z
Learning: In the Armbian build system, kernel configurations prioritize broad hardware compatibility over optimization concerns. Even when including numerous legacy/obsolete drivers causes technical issues like increased initramfs size and slower enumeration, the project philosophy is to "appease the masses" by ensuring maximum device compatibility rather than optimizing for specific use cases.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-26T10:43:10.130Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T10:43:10.130Z
Learning: When reviewing kernel configuration files, it's important to verify the actual Kconfig dependencies in the source code rather than making assumptions about configuration validity, especially for complex subsystems like I2C drivers where the dependency relationships may be more nuanced than initially apparent.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-17T04:12:33.125Z 
Learnt from: pyavitz
PR: armbian/build#8388
File: config/boards/kickpik2b.conf:1-14
Timestamp: 2025-07-17T04:12:33.125Z
Learning: In the Armbian build system, board configuration files (*.conf) follow a project standard of not including shebang lines, even though they contain bash code and are sourced by the build system. This is an established Armbian convention that individual contributors are expected to follow, and changes to this standard would require broader project maintainer approval.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🔇 Additional comments (4)
lib/functions/compilation/armbian-kernel.sh (4)

200-201: LGTM! Function will be automatically discovered by extension system.

The function follows Armbian's naming convention for kernel config functions and will be automatically invoked via metaprogramming without requiring explicit calls.

Based on learnings about Armbian's extension system.

224-233: Verify IP_NF_FILTER and IP_NF_MANGLE support in all target kernels
Confirm that CONFIG_IP_NF_FILTER and CONFIG_IP_NF_MANGLE are present in the Kconfig tree for every kernel version you intend to build; missing symbols will break the build.

342-346: Verify NF_CONNTRACK_ZONES and NF_CONNTRACK_EVENTS module support
Check in the target Linux kernel Kconfig that both options are tristate (module-buildable), not bool.

390-398: Verify IP_SET symbols in kernel source
No local Kconfig files—cross-check net/netfilter/Kconfig in the Armbian kernel source for the exact CONFIG_IP_SET, CONFIG_IP_SET_HASH_, and CONFIG_IP_SET_BITMAP_ symbols.

@tabrisnet tabrisnet force-pushed the tabrisnet_nftables_modules branch from 20b621f to e531df0 Compare September 25, 2025 18:42
coderabbitai[bot]
coderabbitai bot reviewed Sep 25, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (3)
lib/functions/compilation/armbian-kernel.sh (3)

194-199: Clarify intent: “prefer modules; booleans remain =y.”

Tighten the header to avoid confusion with “allow built‑in”. This function prefers modules while preserving existing =y and setting bools to =y.

Apply:

-# Enables almost all IPTABLES/NFTABLES options as modules [whilst 
-# allowing them to be built-in]. no particular modules are intentionally 
+# Prefer modules for almost all IPTABLES/NFTABLES options (booleans remain =y).
+# No particular modules are intentionally 
 # excluded, but this author doesn't want to claim it's 100.00% 
 # comprehensive, in case more are added or some oversight is found. 
 # split in part from armbian_kernel_config__enable_docker_support.

Based on learnings

319-321: Drop deprecated NOTRACK xt target (optional).

NETFILTER_XT_TARGET_NOTRACK is deprecated; iptables/nftables flows use the raw table for conntrack-bypass. Removing avoids stale modules.

Apply:

-		kernel_config_set_m NETFILTER_XT_TARGET_NOTRACK     # "NOTRACK" target support (DEPRECATED)

313-326: Add xt REJECT target for legacy iptables parity.

Without NETFILTER_XT_TARGET_REJECT, iptables-legacy “-j REJECT” won’t work even though nft reject is present.

Apply:

 		kernel_config_set_m NETFILTER_XT_TARGET_LOG         # LOG target support
 		kernel_config_set_m NETFILTER_XT_TARGET_MARK        # "MARK" target support
+		kernel_config_set_m NETFILTER_XT_TARGET_REJECT      # "REJECT" target support (iptables-legacy)
 		kernel_config_set_m NETFILTER_XT_TARGET_MASQUERADE  # Enables masquerade target for netfilter
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 20b621f and e531df0.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (20)
📓 Common learnings 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-199
Timestamp: 2025-09-25T18:37:00.305Z
Learning: In PR armbian/build#8661, line 235 of lib/functions/compilation/armbian-kernel.sh already contains the corrected comment "BPF link support for netfilter hooks" for NETFILTER_BPF_LINK, not the misleading "BPF_SYSCALL" comment that was flagged during review.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-199
Timestamp: 2025-09-25T18:37:00.305Z
Learning: In PR armbian/build#8661, line 235 of lib/functions/compilation/armbian-kernel.sh already contains the corrected comment "BPF link support for netfilter hooks" for NETFILTER_BPF_LINK, not the misleading "BPF_SYSCALL" comment that was flagged during review.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:59:36.334Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-25T18:37:00.305Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-199
Timestamp: 2025-09-25T18:37:00.305Z
Learning: In PR armbian/build#8661, line 235 of lib/functions/compilation/armbian-kernel.sh already contains the corrected comment "BPF link support for netfilter hooks" for NETFILTER_BPF_LINK, not the misleading "BPF_SYSCALL" comment that was flagged during review.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-24T09:54:07.968Z 
Learnt from: amazingfate
PR: armbian/build#8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.968Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-26T10:43:10.130Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T10:43:10.130Z
Learning: When reviewing kernel configuration files, it's important to verify the actual Kconfig dependencies in the source code rather than making assumptions about configuration validity, especially for complex subsystems like I2C drivers where the dependency relationships may be more nuanced than initially apparent.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T22:08:54.273Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-09-22T22:08:54.273Z
Learning: When extracting comments from Linux Kconfig files, def_bool and def_tristate entries use their parameter as a dependency/default condition, not as a feature description. Comments should be generated differently for these entry types to avoid misleading inline documentation.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub API (https://api.github.com/repos/armbian/build/pulls/{pr_number}/files) to get the complete picture of what files are being added or modified, especially for U-Boot patches that will be applied during the build process.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🔇 Additional comments (2)
lib/functions/compilation/armbian-kernel.sh (2)

233-235: NET_SCHED already enabled NET_SCHED=y is set on line 466 in lib/functions/compilation/armbian-kernel.sh, so no additional gating is required for NET_ACT_IPT/NET_EMATCH_IPT.

202-202: kernel_config_set_m is correct for BRIDGE_NETFILTER
CONFIG_BRIDGE_NETFILTER is a tristate (default m) in Linux 6.6–6.12 (net/Kconfig); no change needed.

Likely an incorrect or invalid review comment.

igorpecovnik
igorpecovnik approved these changes Sep 25, 2025
View reviewed changes
Copy link
Member

@igorpecovnik igorpecovnik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i am ok with this change

@github-actions github-actions bot added the Ready to merge Reviewed, tested and ready for merge label Sep 25, 2025
@github-actions GitHub Actions
Copy link
Contributor

✅ This PR has been reviewed and approved — all set for merge!

@github-actions github-actions bot removed Needs review Seeking for review Work in progress Unfinished / work in progress labels Sep 25, 2025
@EvilOlaf
Copy link
Member

Run the build train on it and then merge?

@igorpecovnik igorpecovnik added the Build Executing build train (permission needed) label Sep 26, 2025
@igorpecovnik igorpecovnik force-pushed the tabrisnet_nftables_modules branch from e531df0 to 9904135 Compare September 26, 2025 08:24
@github-actions github-actions bot added Needs review Seeking for review and removed Ready to merge Reviewed, tested and ready for merge labels Sep 26, 2025
coderabbitai[bot]
coderabbitai bot reviewed Sep 26, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (4)
lib/functions/compilation/armbian-kernel.sh (4)

194-199: Clarify intent in header comment (“prefer modules; preserve built-ins”).

Tighten the wording to match actual behavior and PR intent.

-# Enables almost all IPTABLES/NFTABLES options as modules [whilst 
-# allowing them to be built-in]. no particular modules are intentionally 
-# excluded, but this author doesn't want to claim it's 100.00% 
-# comprehensive, in case more are added or some oversight is found. 
-# split in part from armbian_kernel_config__enable_docker_support.
+# Prefer modules for almost all netfilter/iptables/nftables options (preserve existing built-ins).
+# No particular modules are intentionally excluded; this may not be 100% exhaustive.
+# Split in part from armbian_kernel_config__enable_docker_support.

200-201: Add representative hashes for this hook (for config hashing).

Per the hook contract, add a few stable, representative entries even when .config is absent.

As per kernel-config.sh hook docs (call_extensions_kernel_config), add something like:

 function armbian_kernel_config__select_nftables() {
+	# Representative entries for kernel config hashing (see call_extensions_kernel_config docs).
+	kernel_config_modifying_hashes+=(
+		"CONFIG_NETFILTER=y"
+		"CONFIG_NETFILTER_ADVANCED=y"
+	)
 	if [[ -f .config ]]; then

Please verify kernel-config hashing behaves as expected across rebuilds.

319-321: NOTRACK target is deprecated; consider dropping or gating by version.

This symbol is deprecated/removed in modern kernels; scripts/config may ignore it silently.

-		kernel_config_set_m NETFILTER_XT_TARGET_NOTRACK     # "NOTRACK" target support (DEPRECATED)

390-397: Optional: enable additional common ipset backends.

If desired, add hash:net,iface and hash:ip,mark for broader coverage.

 		kernel_config_set_m IP_SET_HASH_IP
 		kernel_config_set_m IP_SET_HASH_NET
+		kernel_config_set_m IP_SET_HASH_NETIFACE
+		kernel_config_set_m IP_SET_HASH_IPMARK
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e531df0 and 9904135.

📒 Files selected for processing (1)
  • lib/functions/compilation/armbian-kernel.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (20)
📓 Common learnings 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-199
Timestamp: 2025-09-25T18:37:00.305Z
Learning: In PR armbian/build#8661, line 235 of lib/functions/compilation/armbian-kernel.sh already contains the corrected comment "BPF link support for netfilter hooks" for NETFILTER_BPF_LINK, not the misleading "BPF_SYSCALL" comment that was flagged during review.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-199
Timestamp: 2025-09-25T18:37:00.305Z
Learning: In PR armbian/build#8661, line 235 of lib/functions/compilation/armbian-kernel.sh already contains the corrected comment "BPF link support for netfilter hooks" for NETFILTER_BPF_LINK, not the misleading "BPF_SYSCALL" comment that was flagged during review.

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub API (https://api.github.com/repos/armbian/build/pulls/{pr_number}/files) to get the complete picture of what files are being added or modified, especially for U-Boot patches that will be applied during the build process.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the kernel_config_modifying_hashes array is not universally required for all kernel configuration functions - some functions like armbian_kernel_config__netkit() operate without it, and adding entries with '=m' would be incorrect when the actual result might be '=y' for options already built-in.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:59:36.334Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:200-200
Timestamp: 2025-09-22T21:59:36.334Z
Learning: Functions named with the pattern `armbian_kernel_config__*` in lib/functions/compilation/armbian-kernel.sh are automatically discovered and invoked by Armbian's extension system via metaprogramming using `compgen -A function`, without requiring explicit registration or calls.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T21:52:01.225Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-201
Timestamp: 2025-09-22T21:52:01.225Z
Learning: The kernel_config_set_m function in lib/functions/compilation/armbian-kernel.sh preserves existing 'y' (built-in) settings and only sets options to 'm' (module) when they are not already built-in, achieving "prefer modules but allow built-ins" behavior.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-25T18:37:00.305Z 
Learnt from: tabrisnet
PR: armbian/build#8661
File: lib/functions/compilation/armbian-kernel.sh:194-199
Timestamp: 2025-09-25T18:37:00.305Z
Learning: In PR armbian/build#8661, line 235 of lib/functions/compilation/armbian-kernel.sh already contains the corrected comment "BPF link support for netfilter hooks" for NETFILTER_BPF_LINK, not the misleading "BPF_SYSCALL" comment that was flagged during review.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T04:13:16.457Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T04:13:16.457Z
Learning: Armbian kernel configuration files like linux-filogic-current.config are autogenerated overlays on top of arch defconfig. Comments added manually will be lost during future updates by maintainers, and explicit "CONFIG_OPTION is not set" statements aren't needed for mutually exclusive options since these are overlay configs that only specify changes from the base configuration.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the modern recommended approach for kernel configuration is to use the kernel-config command via "./compile.sh BOARD=boardname BRANCH=branchname kernel-config" instead of the deprecated KERNEL_CONFIGURE=yes flag. This provides a two-step workflow: configure using menuconfig, then build, with better transparency and control over configuration changes.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:48:09.091Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:48:09.091Z
Learning: In lib/functions/compilation/armbian-kernel.sh, the user prefers flexible grep patterns over anchored ones for BTRFS configuration checks, but agrees to use quiet grep (-q) to avoid polluting build logs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-30T06:56:33.372Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-30T06:56:33.372Z
Learning: In Armbian kernel configuration, the BTRFS configuration logic preserves existing settings (whether built-in 'y' or module 'm') and only sets BTRFS_FS to module when it was previously disabled or not set, achieving "allow but not require" flexibility while maintaining backward compatibility.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-02T05:46:10.664Z 
Learnt from: EvilOlaf
PR: armbian/build#0
File: :0-0
Timestamp: 2025-08-02T05:46:10.664Z
Learning: In the Armbian build system, the KERNEL_CONFIGURE=yes switch is deprecated. The recommended approach for kernel configuration is now to use the `kernel-config` build command, which provides a more structured way to configure kernel options.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-06-25T03:40:52.109Z 
Learnt from: EvilOlaf
PR: armbian/build#8330
File: config/sources/families/sun55iw3.conf:32-36
Timestamp: 2025-06-25T03:40:52.109Z
Learning: In Armbian build system configuration files like config/sources/families/*.conf, when KERNELSOURCE is not explicitly declared in a case branch, the system falls back to a default KERNELSOURCE value, so missing KERNELSOURCE declarations are not critical issues.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-24T09:54:07.968Z 
Learnt from: amazingfate
PR: armbian/build#8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.968Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-26T10:43:10.130Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:1058-1061
Timestamp: 2025-07-26T10:43:10.130Z
Learning: When reviewing kernel configuration files, it's important to verify the actual Kconfig dependencies in the source code rather than making assumptions about configuration validity, especially for complex subsystems like I2C drivers where the dependency relationships may be more nuanced than initially apparent.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-09-22T22:08:54.273Z 
Learnt from: tabrisnet
PR: armbian/build#0
File: :0-0
Timestamp: 2025-09-22T22:08:54.273Z
Learning: When extracting comments from Linux Kconfig files, def_bool and def_tristate entries use their parameter as a dependency/default condition, not as a feature description. Comments should be generated differently for these entry types to avoid misleading inline documentation.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-25T03:51:50.830Z 
Learnt from: EvilOlaf
PR: armbian/build#8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub API (https://api.github.com/repos/armbian/build/pulls/{pr_number}/files) to get the complete picture of what files are being added or modified, especially for U-Boot patches that will be applied during the build process.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT was introduced in Linux kernel 4.14.330 (November 2023) and enables BPF-programmable network devices that can operate in Layer 3 or Layer 2 mode. It's a valid configuration option in modern kernels including 6.12.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-19T00:03:42.995Z 
Learnt from: lanefu
PR: armbian/build#8377
File: config/kernel/linux-uefi-arm64-cloud.config:165-170
Timestamp: 2025-07-19T00:03:42.995Z
Learning: CONFIG_NETKIT is a valid kernel configuration option in Linux kernel 6.12 and later versions, despite not being present in earlier versions like 6.9/6.10-rc.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-08-11T22:00:13.411Z 
Learnt from: rafayahmed317
PR: armbian/build#8484
File: config/kernel/linux-rk35xx-vendor.config:904-906
Timestamp: 2025-08-11T22:00:13.411Z
Learning: In the linux-rk35xx-vendor kernel, the LTE driver options (CONFIG_LTE, CONFIG_LTE_RM310, CONFIG_LTE_EM05) are defined as boolean in drivers/net/lte/Kconfig and cannot be built as modules - they must be either built-in (=y) or disabled.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
📚 Learning: 2025-07-27T15:56:34.414Z 
Learnt from: pyavitz
PR: armbian/build#8421
File: config/kernel/linux-sunxi64-edge.config:438-439
Timestamp: 2025-07-27T15:56:34.414Z
Learning: CONFIG_NET_SCH_DEFAULT is a boolean kernel configuration option (=y or =n) that enables/disables the ability to override the default network queueing discipline at runtime. When set to 'y', it allows setting the actual qdisc name via /proc/sys/net/core/default_qdisc at runtime, not in the kernel config file itself.

Applied to files:

  • lib/functions/compilation/armbian-kernel.sh
🧬 Code graph analysis (1)
lib/functions/compilation/armbian-kernel.sh (1)
lib/functions/compilation/kernel-config.sh (1)
  • call_extensions_kernel_config (88-111)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Generate artifacts / JSON matrix: 17/16 :: 17 artifact chunks, 16 image chunks
🔇 Additional comments (1)
lib/functions/compilation/armbian-kernel.sh (1)

224-232: LGTM: IPv4 filter/mangle tables covered.

Adding IP_NF_FILTER and IP_NF_MANGLE fixes common iptables flows.

@igorpecovnik igorpecovnik removed the Build Executing build train (permission needed) label Sep 26, 2025
@github-actions github-actions bot added the Ready to merge Reviewed, tested and ready for merge label Sep 26, 2025
@github-actions GitHub Actions
Copy link
Contributor

✅ This PR has been reviewed and approved — all set for merge!

@github-actions github-actions bot removed the Needs review Seeking for review label Sep 26, 2025
@igorpecovnik igorpecovnik merged commit dd4b5e9 into armbian:main Sep 27, 2025
1606 of 1617 checks passed
@tabrisnet tabrisnet deleted the tabrisnet_nftables_modules branch September 27, 2025 11:44
@tabrisnet tabrisnet mentioned this pull request Sep 27, 2025
Draft
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@igorpecovnik igorpecovnik igorpecovnik approved these changes

@AGM1968 AGM1968 Awaiting requested review from AGM1968

@chraac chraac Awaiting requested review from chraac

@EvilOlaf EvilOlaf Awaiting requested review from EvilOlaf

@rpardini rpardini Awaiting requested review from rpardini

@teknoid teknoid Awaiting requested review from teknoid

@leggewie leggewie Awaiting requested review from leggewie

Assignees
No one assigned
Labels
11 Milestone: Fourth quarter release Framework Framework components Ready to merge Reviewed, tested and ready for merge size/large PR with 250 lines or more
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tabrisnet @igorpecovnik @EvilOlaf