aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>2006-12-12 03:28:40 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-13 19:48:20 -0500
commitfe0b9294c9f951a64c768f8a5879154235efe63f (patch)
treecf8c5ad0a4fd2d8b8c799ba3feda347ade47e2b8
parent083e69e99e1c728d360c6346456daa4d4c19e25c (diff)
[NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible functions. As a result we can remove '#ifdef' surrounds and direct call of need_conntrack(). Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/netfilter/nf_conntrack_compat.h10
-rw-r--r--net/netfilter/xt_connmark.c7
-rw-r--r--net/netfilter/xt_conntrack.c8
-rw-r--r--net/netfilter/xt_helper.c8
-rw-r--r--net/netfilter/xt_state.c7
5 files changed, 16 insertions, 24 deletions
diff --git a/include/net/netfilter/nf_conntrack_compat.h b/include/net/netfilter/nf_conntrack_compat.h
index f1b1482d7200..b9ce5c80d9d5 100644
--- a/include/net/netfilter/nf_conntrack_compat.h
+++ b/include/net/netfilter/nf_conntrack_compat.h
@@ -64,6 +64,16 @@ static inline int nf_ct_get_ctinfo(const struct sk_buff *skb,
64 return (ct != NULL); 64 return (ct != NULL);
65} 65}
66 66
67static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto)
68{
69 need_conntrack();
70 return l3proto == PF_INET ? 0 : -1;
71}
72
73static inline void nf_ct_l3proto_module_put(unsigned short l3proto)
74{
75}
76
67#else /* CONFIG_IP_NF_CONNTRACK */ 77#else /* CONFIG_IP_NF_CONNTRACK */
68 78
69#include <net/netfilter/ipv4/nf_conntrack_ipv4.h> 79#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index a8f03057dbde..36c2defff238 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -63,22 +63,18 @@ checkentry(const char *tablename,
63 printk(KERN_WARNING "connmark: only support 32bit mark\n"); 63 printk(KERN_WARNING "connmark: only support 32bit mark\n");
64 return 0; 64 return 0;
65 } 65 }
66#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
67 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 66 if (nf_ct_l3proto_try_module_get(match->family) < 0) {
68 printk(KERN_WARNING "can't load nf_conntrack support for " 67 printk(KERN_WARNING "can't load conntrack support for "
69 "proto=%d\n", match->family); 68 "proto=%d\n", match->family);
70 return 0; 69 return 0;
71 } 70 }
72#endif
73 return 1; 71 return 1;
74} 72}
75 73
76static void 74static void
77destroy(const struct xt_match *match, void *matchinfo) 75destroy(const struct xt_match *match, void *matchinfo)
78{ 76{
79#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
80 nf_ct_l3proto_module_put(match->family); 77 nf_ct_l3proto_module_put(match->family);
81#endif
82} 78}
83 79
84#ifdef CONFIG_COMPAT 80#ifdef CONFIG_COMPAT
@@ -140,7 +136,6 @@ static struct xt_match xt_connmark_match[] = {
140 136
141static int __init xt_connmark_init(void) 137static int __init xt_connmark_init(void)
142{ 138{
143 need_conntrack();
144 return xt_register_matches(xt_connmark_match, 139 return xt_register_matches(xt_connmark_match,
145 ARRAY_SIZE(xt_connmark_match)); 140 ARRAY_SIZE(xt_connmark_match));
146} 141}
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 0ea501a2fda5..3dc2357b8de8 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -20,6 +20,7 @@
20 20
21#include <linux/netfilter/x_tables.h> 21#include <linux/netfilter/x_tables.h>
22#include <linux/netfilter/xt_conntrack.h> 22#include <linux/netfilter/xt_conntrack.h>
23#include <net/netfilter/nf_conntrack_compat.h>
23 24
24MODULE_LICENSE("GPL"); 25MODULE_LICENSE("GPL");
25MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); 26MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
@@ -228,21 +229,17 @@ checkentry(const char *tablename,
228 void *matchinfo, 229 void *matchinfo,
229 unsigned int hook_mask) 230 unsigned int hook_mask)
230{ 231{
231#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
232 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 232 if (nf_ct_l3proto_try_module_get(match->family) < 0) {
233 printk(KERN_WARNING "can't load nf_conntrack support for " 233 printk(KERN_WARNING "can't load conntrack support for "
234 "proto=%d\n", match->family); 234 "proto=%d\n", match->family);
235 return 0; 235 return 0;
236 } 236 }
237#endif
238 return 1; 237 return 1;
239} 238}
240 239
241static void destroy(const struct xt_match *match, void *matchinfo) 240static void destroy(const struct xt_match *match, void *matchinfo)
242{ 241{
243#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
244 nf_ct_l3proto_module_put(match->family); 242 nf_ct_l3proto_module_put(match->family);
245#endif
246} 243}
247 244
248static struct xt_match conntrack_match = { 245static struct xt_match conntrack_match = {
@@ -257,7 +254,6 @@ static struct xt_match conntrack_match = {
257 254
258static int __init xt_conntrack_init(void) 255static int __init xt_conntrack_init(void)
259{ 256{
260 need_conntrack();
261 return xt_register_match(&conntrack_match); 257 return xt_register_match(&conntrack_match);
262} 258}
263 259
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c
index 5d7818b73e3a..04bc32ba7195 100644
--- a/net/netfilter/xt_helper.c
+++ b/net/netfilter/xt_helper.c
@@ -24,6 +24,7 @@
24#endif 24#endif
25#include <linux/netfilter/x_tables.h> 25#include <linux/netfilter/x_tables.h>
26#include <linux/netfilter/xt_helper.h> 26#include <linux/netfilter/xt_helper.h>
27#include <net/netfilter/nf_conntrack_compat.h>
27 28
28MODULE_LICENSE("GPL"); 29MODULE_LICENSE("GPL");
29MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); 30MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
@@ -143,13 +144,11 @@ static int check(const char *tablename,
143{ 144{
144 struct xt_helper_info *info = matchinfo; 145 struct xt_helper_info *info = matchinfo;
145 146
146#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
147 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 147 if (nf_ct_l3proto_try_module_get(match->family) < 0) {
148 printk(KERN_WARNING "can't load nf_conntrack support for " 148 printk(KERN_WARNING "can't load conntrack support for "
149 "proto=%d\n", match->family); 149 "proto=%d\n", match->family);
150 return 0; 150 return 0;
151 } 151 }
152#endif
153 info->name[29] = '\0'; 152 info->name[29] = '\0';
154 return 1; 153 return 1;
155} 154}
@@ -157,9 +156,7 @@ static int check(const char *tablename,
157static void 156static void
158destroy(const struct xt_match *match, void *matchinfo) 157destroy(const struct xt_match *match, void *matchinfo)
159{ 158{
160#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
161 nf_ct_l3proto_module_put(match->family); 159 nf_ct_l3proto_module_put(match->family);
162#endif
163} 160}
164 161
165static struct xt_match xt_helper_match[] = { 162static struct xt_match xt_helper_match[] = {
@@ -185,7 +182,6 @@ static struct xt_match xt_helper_match[] = {
185 182
186static int __init xt_helper_init(void) 183static int __init xt_helper_init(void)
187{ 184{
188 need_conntrack();
189 return xt_register_matches(xt_helper_match, 185 return xt_register_matches(xt_helper_match,
190 ARRAY_SIZE(xt_helper_match)); 186 ARRAY_SIZE(xt_helper_match));
191} 187}
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c
index d9010b16a1f9..df37b912163a 100644
--- a/net/netfilter/xt_state.c
+++ b/net/netfilter/xt_state.c
@@ -50,22 +50,18 @@ static int check(const char *tablename,
50 void *matchinfo, 50 void *matchinfo,
51 unsigned int hook_mask) 51 unsigned int hook_mask)
52{ 52{
53#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
54 if (nf_ct_l3proto_try_module_get(match->family) < 0) { 53 if (nf_ct_l3proto_try_module_get(match->family) < 0) {
55 printk(KERN_WARNING "can't load nf_conntrack support for " 54 printk(KERN_WARNING "can't load conntrack support for "
56 "proto=%d\n", match->family); 55 "proto=%d\n", match->family);
57 return 0; 56 return 0;
58 } 57 }
59#endif
60 return 1; 58 return 1;
61} 59}
62 60
63static void 61static void
64destroy(const struct xt_match *match, void *matchinfo) 62destroy(const struct xt_match *match, void *matchinfo)
65{ 63{
66#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
67 nf_ct_l3proto_module_put(match->family); 64 nf_ct_l3proto_module_put(match->family);
68#endif
69} 65}
70 66
71static struct xt_match xt_state_match[] = { 67static struct xt_match xt_state_match[] = {
@@ -91,7 +87,6 @@ static struct xt_match xt_state_match[] = {
91 87
92static int __init xt_state_init(void) 88static int __init xt_state_init(void)
93{ 89{
94 need_conntrack();
95 return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match)); 90 return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match));
96} 91}
97 92