diff options
| author | KOVACS Krisztian <hidden@balabit.hu> | 2010-12-15 17:53:41 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-12-15 17:53:41 -0500 |
| commit | ae90bdeaeac6b964b7a1e853a90a19f358a9ac20 (patch) | |
| tree | 9607a9fd194d3745a184d37d1b1bf1b9a703dd68 /include | |
| parent | f1c722295e029eace7960fc687efd5afd67dc555 (diff) | |
netfilter: fix compilation when conntrack is disabled but tproxy is enabled
The IPv6 tproxy patches split IPv6 defragmentation off of conntrack, but
failed to update the #ifdef stanzas guarding the defragmentation related
fields and code in skbuff and conntrack related code in nf_defrag_ipv6.c.
This patch adds the required #ifdefs so that IPv6 tproxy can truly be used
without connection tracking.
Original report:
http://marc.info/?l=linux-netdev&m=129010118516341&w=2
Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
Acked-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/skbuff.h | 15 | ||||
| -rw-r--r-- | include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 10 | ||||
| -rw-r--r-- | include/net/netfilter/ipv6/nf_defrag_ipv6.h | 10 |
3 files changed, 25 insertions, 10 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index e6ba898de61c..4f2db79a2abb 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
| @@ -255,6 +255,11 @@ typedef unsigned int sk_buff_data_t; | |||
| 255 | typedef unsigned char *sk_buff_data_t; | 255 | typedef unsigned char *sk_buff_data_t; |
| 256 | #endif | 256 | #endif |
| 257 | 257 | ||
| 258 | #if defined(CONFIG_NF_DEFRAG_IPV4) || defined(CONFIG_NF_DEFRAG_IPV4_MODULE) || \ | ||
| 259 | defined(CONFIG_NF_DEFRAG_IPV6) || defined(CONFIG_NF_DEFRAG_IPV6_MODULE) | ||
| 260 | #define NET_SKBUFF_NF_DEFRAG_NEEDED 1 | ||
| 261 | #endif | ||
| 262 | |||
| 258 | /** | 263 | /** |
| 259 | * struct sk_buff - socket buffer | 264 | * struct sk_buff - socket buffer |
| 260 | * @next: Next buffer in list | 265 | * @next: Next buffer in list |
| @@ -362,6 +367,8 @@ struct sk_buff { | |||
| 362 | void (*destructor)(struct sk_buff *skb); | 367 | void (*destructor)(struct sk_buff *skb); |
| 363 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 368 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
| 364 | struct nf_conntrack *nfct; | 369 | struct nf_conntrack *nfct; |
| 370 | #endif | ||
| 371 | #ifdef NET_SKBUFF_NF_DEFRAG_NEEDED | ||
| 365 | struct sk_buff *nfct_reasm; | 372 | struct sk_buff *nfct_reasm; |
| 366 | #endif | 373 | #endif |
| 367 | #ifdef CONFIG_BRIDGE_NETFILTER | 374 | #ifdef CONFIG_BRIDGE_NETFILTER |
| @@ -2051,6 +2058,8 @@ static inline void nf_conntrack_get(struct nf_conntrack *nfct) | |||
| 2051 | if (nfct) | 2058 | if (nfct) |
| 2052 | atomic_inc(&nfct->use); | 2059 | atomic_inc(&nfct->use); |
| 2053 | } | 2060 | } |
| 2061 | #endif | ||
| 2062 | #ifdef NET_SKBUFF_NF_DEFRAG_NEEDED | ||
| 2054 | static inline void nf_conntrack_get_reasm(struct sk_buff *skb) | 2063 | static inline void nf_conntrack_get_reasm(struct sk_buff *skb) |
| 2055 | { | 2064 | { |
| 2056 | if (skb) | 2065 | if (skb) |
| @@ -2079,6 +2088,8 @@ static inline void nf_reset(struct sk_buff *skb) | |||
| 2079 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 2088 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
| 2080 | nf_conntrack_put(skb->nfct); | 2089 | nf_conntrack_put(skb->nfct); |
| 2081 | skb->nfct = NULL; | 2090 | skb->nfct = NULL; |
| 2091 | #endif | ||
| 2092 | #ifdef NET_SKBUFF_NF_DEFRAG_NEEDED | ||
| 2082 | nf_conntrack_put_reasm(skb->nfct_reasm); | 2093 | nf_conntrack_put_reasm(skb->nfct_reasm); |
| 2083 | skb->nfct_reasm = NULL; | 2094 | skb->nfct_reasm = NULL; |
| 2084 | #endif | 2095 | #endif |
| @@ -2095,6 +2106,8 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) | |||
| 2095 | dst->nfct = src->nfct; | 2106 | dst->nfct = src->nfct; |
| 2096 | nf_conntrack_get(src->nfct); | 2107 | nf_conntrack_get(src->nfct); |
| 2097 | dst->nfctinfo = src->nfctinfo; | 2108 | dst->nfctinfo = src->nfctinfo; |
| 2109 | #endif | ||
| 2110 | #ifdef NET_SKBUFF_NF_DEFRAG_NEEDED | ||
| 2098 | dst->nfct_reasm = src->nfct_reasm; | 2111 | dst->nfct_reasm = src->nfct_reasm; |
| 2099 | nf_conntrack_get_reasm(src->nfct_reasm); | 2112 | nf_conntrack_get_reasm(src->nfct_reasm); |
| 2100 | #endif | 2113 | #endif |
| @@ -2108,6 +2121,8 @@ static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src) | |||
| 2108 | { | 2121 | { |
| 2109 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 2122 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
| 2110 | nf_conntrack_put(dst->nfct); | 2123 | nf_conntrack_put(dst->nfct); |
| 2124 | #endif | ||
| 2125 | #ifdef NET_SKBUFF_NF_DEFRAG_NEEDED | ||
| 2111 | nf_conntrack_put_reasm(dst->nfct_reasm); | 2126 | nf_conntrack_put_reasm(dst->nfct_reasm); |
| 2112 | #endif | 2127 | #endif |
| 2113 | #ifdef CONFIG_BRIDGE_NETFILTER | 2128 | #ifdef CONFIG_BRIDGE_NETFILTER |
diff --git a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h index 1ee717eb5b09..a4c993685795 100644 --- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h +++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h | |||
| @@ -7,16 +7,6 @@ extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6; | |||
| 7 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6; | 7 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6; |
| 8 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6; | 8 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6; |
| 9 | 9 | ||
| 10 | extern int nf_ct_frag6_init(void); | ||
| 11 | extern void nf_ct_frag6_cleanup(void); | ||
| 12 | extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user); | ||
| 13 | extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, | ||
| 14 | struct net_device *in, | ||
| 15 | struct net_device *out, | ||
| 16 | int (*okfn)(struct sk_buff *)); | ||
| 17 | |||
| 18 | struct inet_frags_ctl; | ||
| 19 | |||
| 20 | #include <linux/sysctl.h> | 10 | #include <linux/sysctl.h> |
| 21 | extern struct ctl_table nf_ct_ipv6_sysctl_table[]; | 11 | extern struct ctl_table nf_ct_ipv6_sysctl_table[]; |
| 22 | 12 | ||
diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h index 94dd54d76b48..fd79c9a1779d 100644 --- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h +++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h | |||
| @@ -3,4 +3,14 @@ | |||
| 3 | 3 | ||
| 4 | extern void nf_defrag_ipv6_enable(void); | 4 | extern void nf_defrag_ipv6_enable(void); |
| 5 | 5 | ||
| 6 | extern int nf_ct_frag6_init(void); | ||
| 7 | extern void nf_ct_frag6_cleanup(void); | ||
| 8 | extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb, u32 user); | ||
| 9 | extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, | ||
| 10 | struct net_device *in, | ||
| 11 | struct net_device *out, | ||
| 12 | int (*okfn)(struct sk_buff *)); | ||
| 13 | |||
| 14 | struct inet_frags_ctl; | ||
| 15 | |||
| 6 | #endif /* _NF_DEFRAG_IPV6_H */ | 16 | #endif /* _NF_DEFRAG_IPV6_H */ |