diff options
| author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2006-12-12 03:28:40 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-13 19:48:20 -0500 |
| commit | fe0b9294c9f951a64c768f8a5879154235efe63f (patch) | |
| tree | cf8c5ad0a4fd2d8b8c799ba3feda347ade47e2b8 | |
| parent | 083e69e99e1c728d360c6346456daa4d4c19e25c (diff) | |
[NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/netfilter/nf_conntrack_compat.h | 10 | ||||
| -rw-r--r-- | net/netfilter/xt_connmark.c | 7 | ||||
| -rw-r--r-- | net/netfilter/xt_conntrack.c | 8 | ||||
| -rw-r--r-- | net/netfilter/xt_helper.c | 8 | ||||
| -rw-r--r-- | net/netfilter/xt_state.c | 7 |
5 files changed, 16 insertions, 24 deletions
diff --git a/include/net/netfilter/nf_conntrack_compat.h b/include/net/netfilter/nf_conntrack_compat.h index f1b1482d7200..b9ce5c80d9d5 100644 --- a/include/net/netfilter/nf_conntrack_compat.h +++ b/include/net/netfilter/nf_conntrack_compat.h | |||
| @@ -64,6 +64,16 @@ static inline int nf_ct_get_ctinfo(const struct sk_buff *skb, | |||
| 64 | return (ct != NULL); | 64 | return (ct != NULL); |
| 65 | } | 65 | } |
| 66 | 66 | ||
| 67 | static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto) | ||
| 68 | { | ||
| 69 | need_conntrack(); | ||
| 70 | return l3proto == PF_INET ? 0 : -1; | ||
| 71 | } | ||
| 72 | |||
| 73 | static inline void nf_ct_l3proto_module_put(unsigned short l3proto) | ||
| 74 | { | ||
| 75 | } | ||
| 76 | |||
| 67 | #else /* CONFIG_IP_NF_CONNTRACK */ | 77 | #else /* CONFIG_IP_NF_CONNTRACK */ |
| 68 | 78 | ||
| 69 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> | 79 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index a8f03057dbde..36c2defff238 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
| @@ -63,22 +63,18 @@ checkentry(const char *tablename, | |||
| 63 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); | 63 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); |
| 64 | return 0; | 64 | return 0; |
| 65 | } | 65 | } |
| 66 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 67 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 66 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
| 68 | printk(KERN_WARNING "can't load nf_conntrack support for " | 67 | printk(KERN_WARNING "can't load conntrack support for " |
| 69 | "proto=%d\n", match->family); | 68 | "proto=%d\n", match->family); |
| 70 | return 0; | 69 | return 0; |
| 71 | } | 70 | } |
| 72 | #endif | ||
| 73 | return 1; | 71 | return 1; |
| 74 | } | 72 | } |
| 75 | 73 | ||
| 76 | static void | 74 | static void |
| 77 | destroy(const struct xt_match *match, void *matchinfo) | 75 | destroy(const struct xt_match *match, void *matchinfo) |
| 78 | { | 76 | { |
| 79 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 80 | nf_ct_l3proto_module_put(match->family); | 77 | nf_ct_l3proto_module_put(match->family); |
| 81 | #endif | ||
| 82 | } | 78 | } |
| 83 | 79 | ||
| 84 | #ifdef CONFIG_COMPAT | 80 | #ifdef CONFIG_COMPAT |
| @@ -140,7 +136,6 @@ static struct xt_match xt_connmark_match[] = { | |||
| 140 | 136 | ||
| 141 | static int __init xt_connmark_init(void) | 137 | static int __init xt_connmark_init(void) |
| 142 | { | 138 | { |
| 143 | need_conntrack(); | ||
| 144 | return xt_register_matches(xt_connmark_match, | 139 | return xt_register_matches(xt_connmark_match, |
| 145 | ARRAY_SIZE(xt_connmark_match)); | 140 | ARRAY_SIZE(xt_connmark_match)); |
| 146 | } | 141 | } |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 0ea501a2fda5..3dc2357b8de8 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
| @@ -20,6 +20,7 @@ | |||
| 20 | 20 | ||
| 21 | #include <linux/netfilter/x_tables.h> | 21 | #include <linux/netfilter/x_tables.h> |
| 22 | #include <linux/netfilter/xt_conntrack.h> | 22 | #include <linux/netfilter/xt_conntrack.h> |
| 23 | #include <net/netfilter/nf_conntrack_compat.h> | ||
| 23 | 24 | ||
| 24 | MODULE_LICENSE("GPL"); | 25 | MODULE_LICENSE("GPL"); |
| 25 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); | 26 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); |
| @@ -228,21 +229,17 @@ checkentry(const char *tablename, | |||
| 228 | void *matchinfo, | 229 | void *matchinfo, |
| 229 | unsigned int hook_mask) | 230 | unsigned int hook_mask) |
| 230 | { | 231 | { |
| 231 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 232 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 232 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
| 233 | printk(KERN_WARNING "can't load nf_conntrack support for " | 233 | printk(KERN_WARNING "can't load conntrack support for " |
| 234 | "proto=%d\n", match->family); | 234 | "proto=%d\n", match->family); |
| 235 | return 0; | 235 | return 0; |
| 236 | } | 236 | } |
| 237 | #endif | ||
| 238 | return 1; | 237 | return 1; |
| 239 | } | 238 | } |
| 240 | 239 | ||
| 241 | static void destroy(const struct xt_match *match, void *matchinfo) | 240 | static void destroy(const struct xt_match *match, void *matchinfo) |
| 242 | { | 241 | { |
| 243 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 244 | nf_ct_l3proto_module_put(match->family); | 242 | nf_ct_l3proto_module_put(match->family); |
| 245 | #endif | ||
| 246 | } | 243 | } |
| 247 | 244 | ||
| 248 | static struct xt_match conntrack_match = { | 245 | static struct xt_match conntrack_match = { |
| @@ -257,7 +254,6 @@ static struct xt_match conntrack_match = { | |||
| 257 | 254 | ||
| 258 | static int __init xt_conntrack_init(void) | 255 | static int __init xt_conntrack_init(void) |
| 259 | { | 256 | { |
| 260 | need_conntrack(); | ||
| 261 | return xt_register_match(&conntrack_match); | 257 | return xt_register_match(&conntrack_match); |
| 262 | } | 258 | } |
| 263 | 259 | ||
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 5d7818b73e3a..04bc32ba7195 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | #endif | 24 | #endif |
| 25 | #include <linux/netfilter/x_tables.h> | 25 | #include <linux/netfilter/x_tables.h> |
| 26 | #include <linux/netfilter/xt_helper.h> | 26 | #include <linux/netfilter/xt_helper.h> |
| 27 | #include <net/netfilter/nf_conntrack_compat.h> | ||
| 27 | 28 | ||
| 28 | MODULE_LICENSE("GPL"); | 29 | MODULE_LICENSE("GPL"); |
| 29 | MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); | 30 | MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); |
| @@ -143,13 +144,11 @@ static int check(const char *tablename, | |||
| 143 | { | 144 | { |
| 144 | struct xt_helper_info *info = matchinfo; | 145 | struct xt_helper_info *info = matchinfo; |
| 145 | 146 | ||
| 146 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 147 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 147 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
| 148 | printk(KERN_WARNING "can't load nf_conntrack support for " | 148 | printk(KERN_WARNING "can't load conntrack support for " |
| 149 | "proto=%d\n", match->family); | 149 | "proto=%d\n", match->family); |
| 150 | return 0; | 150 | return 0; |
| 151 | } | 151 | } |
| 152 | #endif | ||
| 153 | info->name[29] = '\0'; | 152 | info->name[29] = '\0'; |
| 154 | return 1; | 153 | return 1; |
| 155 | } | 154 | } |
| @@ -157,9 +156,7 @@ static int check(const char *tablename, | |||
| 157 | static void | 156 | static void |
| 158 | destroy(const struct xt_match *match, void *matchinfo) | 157 | destroy(const struct xt_match *match, void *matchinfo) |
| 159 | { | 158 | { |
| 160 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 161 | nf_ct_l3proto_module_put(match->family); | 159 | nf_ct_l3proto_module_put(match->family); |
| 162 | #endif | ||
| 163 | } | 160 | } |
| 164 | 161 | ||
| 165 | static struct xt_match xt_helper_match[] = { | 162 | static struct xt_match xt_helper_match[] = { |
| @@ -185,7 +182,6 @@ static struct xt_match xt_helper_match[] = { | |||
| 185 | 182 | ||
| 186 | static int __init xt_helper_init(void) | 183 | static int __init xt_helper_init(void) |
| 187 | { | 184 | { |
| 188 | need_conntrack(); | ||
| 189 | return xt_register_matches(xt_helper_match, | 185 | return xt_register_matches(xt_helper_match, |
| 190 | ARRAY_SIZE(xt_helper_match)); | 186 | ARRAY_SIZE(xt_helper_match)); |
| 191 | } | 187 | } |
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c index d9010b16a1f9..df37b912163a 100644 --- a/net/netfilter/xt_state.c +++ b/net/netfilter/xt_state.c | |||
| @@ -50,22 +50,18 @@ static int check(const char *tablename, | |||
| 50 | void *matchinfo, | 50 | void *matchinfo, |
| 51 | unsigned int hook_mask) | 51 | unsigned int hook_mask) |
| 52 | { | 52 | { |
| 53 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 54 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 53 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
| 55 | printk(KERN_WARNING "can't load nf_conntrack support for " | 54 | printk(KERN_WARNING "can't load conntrack support for " |
| 56 | "proto=%d\n", match->family); | 55 | "proto=%d\n", match->family); |
| 57 | return 0; | 56 | return 0; |
| 58 | } | 57 | } |
| 59 | #endif | ||
| 60 | return 1; | 58 | return 1; |
| 61 | } | 59 | } |
| 62 | 60 | ||
| 63 | static void | 61 | static void |
| 64 | destroy(const struct xt_match *match, void *matchinfo) | 62 | destroy(const struct xt_match *match, void *matchinfo) |
| 65 | { | 63 | { |
| 66 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
| 67 | nf_ct_l3proto_module_put(match->family); | 64 | nf_ct_l3proto_module_put(match->family); |
| 68 | #endif | ||
| 69 | } | 65 | } |
| 70 | 66 | ||
| 71 | static struct xt_match xt_state_match[] = { | 67 | static struct xt_match xt_state_match[] = { |
| @@ -91,7 +87,6 @@ static struct xt_match xt_state_match[] = { | |||
| 91 | 87 | ||
| 92 | static int __init xt_state_init(void) | 88 | static int __init xt_state_init(void) |
| 93 | { | 89 | { |
| 94 | need_conntrack(); | ||
| 95 | return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match)); | 90 | return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match)); |
| 96 | } | 91 | } |
| 97 | 92 | ||