tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets

To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Yasuyuki Kozakai and committed by David S. Miller fe0b9294 083e69e9

+16 -24
unified split
+10
include/net/netfilter/nf_conntrack_compat.h
··· 64 64 return (ct != NULL); 65 65 } 66 66 67 + static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto) 68 + { 69 + need_conntrack(); 70 + return l3proto == PF_INET ? 0 : -1; 71 + } 72 + 73 + static inline void nf_ct_l3proto_module_put(unsigned short l3proto) 74 + { 75 + } 76 + 67 77 #else /* CONFIG_IP_NF_CONNTRACK */ 68 78 69 79 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
+1 -6
net/netfilter/xt_connmark.c
··· 63 63 printk(KERN_WARNING "connmark: only support 32bit mark\n"); 64 64 return 0; 65 65 } 66 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 67 66 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 68 - printk(KERN_WARNING "can't load nf_conntrack support for " 67 + printk(KERN_WARNING "can't load conntrack support for " 69 68 "proto=%d\n", match->family); 70 69 return 0; 71 70 } 72 - #endif 73 71 return 1; 74 72 } 75 73 76 74 static void 77 75 destroy(const struct xt_match *match, void *matchinfo) 78 76 { 79 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 80 77 nf_ct_l3proto_module_put(match->family); 81 - #endif 82 78 } 83 79 84 80 #ifdef CONFIG_COMPAT ··· 136 140 137 141 static int __init xt_connmark_init(void) 138 142 { 139 - need_conntrack(); 140 143 return xt_register_matches(xt_connmark_match, 141 144 ARRAY_SIZE(xt_connmark_match)); 142 145 }
+2 -6
net/netfilter/xt_conntrack.c
··· 20 20 21 21 #include <linux/netfilter/x_tables.h> 22 22 #include <linux/netfilter/xt_conntrack.h> 23 + #include <net/netfilter/nf_conntrack_compat.h> 23 24 24 25 MODULE_LICENSE("GPL"); 25 26 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); ··· 229 228 void *matchinfo, 230 229 unsigned int hook_mask) 231 230 { 232 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 233 231 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 234 - printk(KERN_WARNING "can't load nf_conntrack support for " 232 + printk(KERN_WARNING "can't load conntrack support for " 235 233 "proto=%d\n", match->family); 236 234 return 0; 237 235 } 238 - #endif 239 236 return 1; 240 237 } 241 238 242 239 static void destroy(const struct xt_match *match, void *matchinfo) 243 240 { 244 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 245 241 nf_ct_l3proto_module_put(match->family); 246 - #endif 247 242 } 248 243 249 244 static struct xt_match conntrack_match = { ··· 254 257 255 258 static int __init xt_conntrack_init(void) 256 259 { 257 - need_conntrack(); 258 260 return xt_register_match(&conntrack_match); 259 261 } 260 262
+2 -6
net/netfilter/xt_helper.c
··· 24 24 #endif 25 25 #include <linux/netfilter/x_tables.h> 26 26 #include <linux/netfilter/xt_helper.h> 27 + #include <net/netfilter/nf_conntrack_compat.h> 27 28 28 29 MODULE_LICENSE("GPL"); 29 30 MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); ··· 144 143 { 145 144 struct xt_helper_info *info = matchinfo; 146 145 147 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 148 146 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 149 - printk(KERN_WARNING "can't load nf_conntrack support for " 147 + printk(KERN_WARNING "can't load conntrack support for " 150 148 "proto=%d\n", match->family); 151 149 return 0; 152 150 } 153 - #endif 154 151 info->name[29] = '\0'; 155 152 return 1; 156 153 } ··· 156 157 static void 157 158 destroy(const struct xt_match *match, void *matchinfo) 158 159 { 159 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 160 160 nf_ct_l3proto_module_put(match->family); 161 - #endif 162 161 } 163 162 164 163 static struct xt_match xt_helper_match[] = { ··· 182 185 183 186 static int __init xt_helper_init(void) 184 187 { 185 - need_conntrack(); 186 188 return xt_register_matches(xt_helper_match, 187 189 ARRAY_SIZE(xt_helper_match)); 188 190 }
+1 -6
net/netfilter/xt_state.c
··· 50 50 void *matchinfo, 51 51 unsigned int hook_mask) 52 52 { 53 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 54 53 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 55 - printk(KERN_WARNING "can't load nf_conntrack support for " 54 + printk(KERN_WARNING "can't load conntrack support for " 56 55 "proto=%d\n", match->family); 57 56 return 0; 58 57 } 59 - #endif 60 58 return 1; 61 59 } 62 60 63 61 static void 64 62 destroy(const struct xt_match *match, void *matchinfo) 65 63 { 66 - #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 67 64 nf_ct_l3proto_module_put(match->family); 68 - #endif 69 65 } 70 66 71 67 static struct xt_match xt_state_match[] = { ··· 87 91 88 92 static int __init xt_state_init(void) 89 93 { 90 - need_conntrack(); 91 94 return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match)); 92 95 } 93 96