diff options
author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2006-12-12 03:28:40 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-13 19:48:20 -0500 |
commit | fe0b9294c9f951a64c768f8a5879154235efe63f (patch) | |
tree | cf8c5ad0a4fd2d8b8c799ba3feda347ade47e2b8 | |
parent | 083e69e99e1c728d360c6346456daa4d4c19e25c (diff) |
[NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/netfilter/nf_conntrack_compat.h | 10 | ||||
-rw-r--r-- | net/netfilter/xt_connmark.c | 7 | ||||
-rw-r--r-- | net/netfilter/xt_conntrack.c | 8 | ||||
-rw-r--r-- | net/netfilter/xt_helper.c | 8 | ||||
-rw-r--r-- | net/netfilter/xt_state.c | 7 |
5 files changed, 16 insertions, 24 deletions
diff --git a/include/net/netfilter/nf_conntrack_compat.h b/include/net/netfilter/nf_conntrack_compat.h index f1b1482d7200..b9ce5c80d9d5 100644 --- a/include/net/netfilter/nf_conntrack_compat.h +++ b/include/net/netfilter/nf_conntrack_compat.h | |||
@@ -64,6 +64,16 @@ static inline int nf_ct_get_ctinfo(const struct sk_buff *skb, | |||
64 | return (ct != NULL); | 64 | return (ct != NULL); |
65 | } | 65 | } |
66 | 66 | ||
67 | static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto) | ||
68 | { | ||
69 | need_conntrack(); | ||
70 | return l3proto == PF_INET ? 0 : -1; | ||
71 | } | ||
72 | |||
73 | static inline void nf_ct_l3proto_module_put(unsigned short l3proto) | ||
74 | { | ||
75 | } | ||
76 | |||
67 | #else /* CONFIG_IP_NF_CONNTRACK */ | 77 | #else /* CONFIG_IP_NF_CONNTRACK */ |
68 | 78 | ||
69 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> | 79 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index a8f03057dbde..36c2defff238 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
@@ -63,22 +63,18 @@ checkentry(const char *tablename, | |||
63 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); | 63 | printk(KERN_WARNING "connmark: only support 32bit mark\n"); |
64 | return 0; | 64 | return 0; |
65 | } | 65 | } |
66 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
67 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 66 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
68 | printk(KERN_WARNING "can't load nf_conntrack support for " | 67 | printk(KERN_WARNING "can't load conntrack support for " |
69 | "proto=%d\n", match->family); | 68 | "proto=%d\n", match->family); |
70 | return 0; | 69 | return 0; |
71 | } | 70 | } |
72 | #endif | ||
73 | return 1; | 71 | return 1; |
74 | } | 72 | } |
75 | 73 | ||
76 | static void | 74 | static void |
77 | destroy(const struct xt_match *match, void *matchinfo) | 75 | destroy(const struct xt_match *match, void *matchinfo) |
78 | { | 76 | { |
79 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
80 | nf_ct_l3proto_module_put(match->family); | 77 | nf_ct_l3proto_module_put(match->family); |
81 | #endif | ||
82 | } | 78 | } |
83 | 79 | ||
84 | #ifdef CONFIG_COMPAT | 80 | #ifdef CONFIG_COMPAT |
@@ -140,7 +136,6 @@ static struct xt_match xt_connmark_match[] = { | |||
140 | 136 | ||
141 | static int __init xt_connmark_init(void) | 137 | static int __init xt_connmark_init(void) |
142 | { | 138 | { |
143 | need_conntrack(); | ||
144 | return xt_register_matches(xt_connmark_match, | 139 | return xt_register_matches(xt_connmark_match, |
145 | ARRAY_SIZE(xt_connmark_match)); | 140 | ARRAY_SIZE(xt_connmark_match)); |
146 | } | 141 | } |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 0ea501a2fda5..3dc2357b8de8 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
@@ -20,6 +20,7 @@ | |||
20 | 20 | ||
21 | #include <linux/netfilter/x_tables.h> | 21 | #include <linux/netfilter/x_tables.h> |
22 | #include <linux/netfilter/xt_conntrack.h> | 22 | #include <linux/netfilter/xt_conntrack.h> |
23 | #include <net/netfilter/nf_conntrack_compat.h> | ||
23 | 24 | ||
24 | MODULE_LICENSE("GPL"); | 25 | MODULE_LICENSE("GPL"); |
25 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); | 26 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); |
@@ -228,21 +229,17 @@ checkentry(const char *tablename, | |||
228 | void *matchinfo, | 229 | void *matchinfo, |
229 | unsigned int hook_mask) | 230 | unsigned int hook_mask) |
230 | { | 231 | { |
231 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
232 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 232 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
233 | printk(KERN_WARNING "can't load nf_conntrack support for " | 233 | printk(KERN_WARNING "can't load conntrack support for " |
234 | "proto=%d\n", match->family); | 234 | "proto=%d\n", match->family); |
235 | return 0; | 235 | return 0; |
236 | } | 236 | } |
237 | #endif | ||
238 | return 1; | 237 | return 1; |
239 | } | 238 | } |
240 | 239 | ||
241 | static void destroy(const struct xt_match *match, void *matchinfo) | 240 | static void destroy(const struct xt_match *match, void *matchinfo) |
242 | { | 241 | { |
243 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
244 | nf_ct_l3proto_module_put(match->family); | 242 | nf_ct_l3proto_module_put(match->family); |
245 | #endif | ||
246 | } | 243 | } |
247 | 244 | ||
248 | static struct xt_match conntrack_match = { | 245 | static struct xt_match conntrack_match = { |
@@ -257,7 +254,6 @@ static struct xt_match conntrack_match = { | |||
257 | 254 | ||
258 | static int __init xt_conntrack_init(void) | 255 | static int __init xt_conntrack_init(void) |
259 | { | 256 | { |
260 | need_conntrack(); | ||
261 | return xt_register_match(&conntrack_match); | 257 | return xt_register_match(&conntrack_match); |
262 | } | 258 | } |
263 | 259 | ||
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 5d7818b73e3a..04bc32ba7195 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #endif | 24 | #endif |
25 | #include <linux/netfilter/x_tables.h> | 25 | #include <linux/netfilter/x_tables.h> |
26 | #include <linux/netfilter/xt_helper.h> | 26 | #include <linux/netfilter/xt_helper.h> |
27 | #include <net/netfilter/nf_conntrack_compat.h> | ||
27 | 28 | ||
28 | MODULE_LICENSE("GPL"); | 29 | MODULE_LICENSE("GPL"); |
29 | MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); | 30 | MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); |
@@ -143,13 +144,11 @@ static int check(const char *tablename, | |||
143 | { | 144 | { |
144 | struct xt_helper_info *info = matchinfo; | 145 | struct xt_helper_info *info = matchinfo; |
145 | 146 | ||
146 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
147 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 147 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
148 | printk(KERN_WARNING "can't load nf_conntrack support for " | 148 | printk(KERN_WARNING "can't load conntrack support for " |
149 | "proto=%d\n", match->family); | 149 | "proto=%d\n", match->family); |
150 | return 0; | 150 | return 0; |
151 | } | 151 | } |
152 | #endif | ||
153 | info->name[29] = '\0'; | 152 | info->name[29] = '\0'; |
154 | return 1; | 153 | return 1; |
155 | } | 154 | } |
@@ -157,9 +156,7 @@ static int check(const char *tablename, | |||
157 | static void | 156 | static void |
158 | destroy(const struct xt_match *match, void *matchinfo) | 157 | destroy(const struct xt_match *match, void *matchinfo) |
159 | { | 158 | { |
160 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
161 | nf_ct_l3proto_module_put(match->family); | 159 | nf_ct_l3proto_module_put(match->family); |
162 | #endif | ||
163 | } | 160 | } |
164 | 161 | ||
165 | static struct xt_match xt_helper_match[] = { | 162 | static struct xt_match xt_helper_match[] = { |
@@ -185,7 +182,6 @@ static struct xt_match xt_helper_match[] = { | |||
185 | 182 | ||
186 | static int __init xt_helper_init(void) | 183 | static int __init xt_helper_init(void) |
187 | { | 184 | { |
188 | need_conntrack(); | ||
189 | return xt_register_matches(xt_helper_match, | 185 | return xt_register_matches(xt_helper_match, |
190 | ARRAY_SIZE(xt_helper_match)); | 186 | ARRAY_SIZE(xt_helper_match)); |
191 | } | 187 | } |
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c index d9010b16a1f9..df37b912163a 100644 --- a/net/netfilter/xt_state.c +++ b/net/netfilter/xt_state.c | |||
@@ -50,22 +50,18 @@ static int check(const char *tablename, | |||
50 | void *matchinfo, | 50 | void *matchinfo, |
51 | unsigned int hook_mask) | 51 | unsigned int hook_mask) |
52 | { | 52 | { |
53 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
54 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { | 53 | if (nf_ct_l3proto_try_module_get(match->family) < 0) { |
55 | printk(KERN_WARNING "can't load nf_conntrack support for " | 54 | printk(KERN_WARNING "can't load conntrack support for " |
56 | "proto=%d\n", match->family); | 55 | "proto=%d\n", match->family); |
57 | return 0; | 56 | return 0; |
58 | } | 57 | } |
59 | #endif | ||
60 | return 1; | 58 | return 1; |
61 | } | 59 | } |
62 | 60 | ||
63 | static void | 61 | static void |
64 | destroy(const struct xt_match *match, void *matchinfo) | 62 | destroy(const struct xt_match *match, void *matchinfo) |
65 | { | 63 | { |
66 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
67 | nf_ct_l3proto_module_put(match->family); | 64 | nf_ct_l3proto_module_put(match->family); |
68 | #endif | ||
69 | } | 65 | } |
70 | 66 | ||
71 | static struct xt_match xt_state_match[] = { | 67 | static struct xt_match xt_state_match[] = { |
@@ -91,7 +87,6 @@ static struct xt_match xt_state_match[] = { | |||
91 | 87 | ||
92 | static int __init xt_state_init(void) | 88 | static int __init xt_state_init(void) |
93 | { | 89 | { |
94 | need_conntrack(); | ||
95 | return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match)); | 90 | return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match)); |
96 | } | 91 | } |
97 | 92 | ||