diff options
author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2007-03-23 14:17:07 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-04-26 01:27:44 -0400 |
commit | 5f79e0f916a3bdeccc910fdf466bca582a9b2cca (patch) | |
tree | ef6cb09587609597e611ad38c313df88d8ff2e8b /include | |
parent | e6f689db51a789807edede411b32eb7c9e457948 (diff) |
[NETFILTER]: nf_conntrack: don't use nfct in skb if conntrack is disabled
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter.h | 11 | ||||
-rw-r--r-- | include/linux/skbuff.h | 24 |
2 files changed, 14 insertions, 21 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 70d3b4f1e48d..4777f1b619ce 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
@@ -281,9 +281,6 @@ extern void nf_reinject(struct sk_buff *skb, | |||
281 | struct nf_info *info, | 281 | struct nf_info *info, |
282 | unsigned int verdict); | 282 | unsigned int verdict); |
283 | 283 | ||
284 | extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *); | ||
285 | extern void nf_ct_attach(struct sk_buff *, struct sk_buff *); | ||
286 | |||
287 | /* FIXME: Before cache is ever used, this must be implemented for real. */ | 284 | /* FIXME: Before cache is ever used, this must be implemented for real. */ |
288 | extern void nf_invalidate_cache(int pf); | 285 | extern void nf_invalidate_cache(int pf); |
289 | 286 | ||
@@ -388,11 +385,17 @@ static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb, | |||
388 | { | 385 | { |
389 | return 1; | 386 | return 1; |
390 | } | 387 | } |
391 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} | ||
392 | struct flowi; | 388 | struct flowi; |
393 | static inline void | 389 | static inline void |
394 | nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {} | 390 | nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {} |
395 | #endif /*CONFIG_NETFILTER*/ | 391 | #endif /*CONFIG_NETFILTER*/ |
396 | 392 | ||
393 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
394 | extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *); | ||
395 | extern void nf_ct_attach(struct sk_buff *, struct sk_buff *); | ||
396 | #else | ||
397 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} | ||
398 | #endif | ||
399 | |||
397 | #endif /*__KERNEL__*/ | 400 | #endif /*__KERNEL__*/ |
398 | #endif /*__LINUX_NETFILTER_H*/ | 401 | #endif /*__LINUX_NETFILTER_H*/ |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 81ac934d5964..0bedf5384850 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
@@ -87,11 +87,12 @@ | |||
87 | 87 | ||
88 | struct net_device; | 88 | struct net_device; |
89 | 89 | ||
90 | #ifdef CONFIG_NETFILTER | 90 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
91 | struct nf_conntrack { | 91 | struct nf_conntrack { |
92 | atomic_t use; | 92 | atomic_t use; |
93 | void (*destroy)(struct nf_conntrack *); | 93 | void (*destroy)(struct nf_conntrack *); |
94 | }; | 94 | }; |
95 | #endif | ||
95 | 96 | ||
96 | #ifdef CONFIG_BRIDGE_NETFILTER | 97 | #ifdef CONFIG_BRIDGE_NETFILTER |
97 | struct nf_bridge_info { | 98 | struct nf_bridge_info { |
@@ -106,8 +107,6 @@ struct nf_bridge_info { | |||
106 | }; | 107 | }; |
107 | #endif | 108 | #endif |
108 | 109 | ||
109 | #endif | ||
110 | |||
111 | struct sk_buff_head { | 110 | struct sk_buff_head { |
112 | /* These two members must be first. */ | 111 | /* These two members must be first. */ |
113 | struct sk_buff *next; | 112 | struct sk_buff *next; |
@@ -276,15 +275,13 @@ struct sk_buff { | |||
276 | __be16 protocol; | 275 | __be16 protocol; |
277 | 276 | ||
278 | void (*destructor)(struct sk_buff *skb); | 277 | void (*destructor)(struct sk_buff *skb); |
279 | #ifdef CONFIG_NETFILTER | ||
280 | struct nf_conntrack *nfct; | ||
281 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 278 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
279 | struct nf_conntrack *nfct; | ||
282 | struct sk_buff *nfct_reasm; | 280 | struct sk_buff *nfct_reasm; |
283 | #endif | 281 | #endif |
284 | #ifdef CONFIG_BRIDGE_NETFILTER | 282 | #ifdef CONFIG_BRIDGE_NETFILTER |
285 | struct nf_bridge_info *nf_bridge; | 283 | struct nf_bridge_info *nf_bridge; |
286 | #endif | 284 | #endif |
287 | #endif /* CONFIG_NETFILTER */ | ||
288 | #ifdef CONFIG_NET_SCHED | 285 | #ifdef CONFIG_NET_SCHED |
289 | __u16 tc_index; /* traffic control index */ | 286 | __u16 tc_index; /* traffic control index */ |
290 | #ifdef CONFIG_NET_CLS_ACT | 287 | #ifdef CONFIG_NET_CLS_ACT |
@@ -1558,7 +1555,7 @@ static inline unsigned int skb_checksum_complete(struct sk_buff *skb) | |||
1558 | __skb_checksum_complete(skb); | 1555 | __skb_checksum_complete(skb); |
1559 | } | 1556 | } |
1560 | 1557 | ||
1561 | #ifdef CONFIG_NETFILTER | 1558 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
1562 | static inline void nf_conntrack_put(struct nf_conntrack *nfct) | 1559 | static inline void nf_conntrack_put(struct nf_conntrack *nfct) |
1563 | { | 1560 | { |
1564 | if (nfct && atomic_dec_and_test(&nfct->use)) | 1561 | if (nfct && atomic_dec_and_test(&nfct->use)) |
@@ -1569,7 +1566,6 @@ static inline void nf_conntrack_get(struct nf_conntrack *nfct) | |||
1569 | if (nfct) | 1566 | if (nfct) |
1570 | atomic_inc(&nfct->use); | 1567 | atomic_inc(&nfct->use); |
1571 | } | 1568 | } |
1572 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
1573 | static inline void nf_conntrack_get_reasm(struct sk_buff *skb) | 1569 | static inline void nf_conntrack_get_reasm(struct sk_buff *skb) |
1574 | { | 1570 | { |
1575 | if (skb) | 1571 | if (skb) |
@@ -1595,9 +1591,9 @@ static inline void nf_bridge_get(struct nf_bridge_info *nf_bridge) | |||
1595 | #endif /* CONFIG_BRIDGE_NETFILTER */ | 1591 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
1596 | static inline void nf_reset(struct sk_buff *skb) | 1592 | static inline void nf_reset(struct sk_buff *skb) |
1597 | { | 1593 | { |
1594 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
1598 | nf_conntrack_put(skb->nfct); | 1595 | nf_conntrack_put(skb->nfct); |
1599 | skb->nfct = NULL; | 1596 | skb->nfct = NULL; |
1600 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
1601 | nf_conntrack_put_reasm(skb->nfct_reasm); | 1597 | nf_conntrack_put_reasm(skb->nfct_reasm); |
1602 | skb->nfct_reasm = NULL; | 1598 | skb->nfct_reasm = NULL; |
1603 | #endif | 1599 | #endif |
@@ -1610,10 +1606,10 @@ static inline void nf_reset(struct sk_buff *skb) | |||
1610 | /* Note: This doesn't put any conntrack and bridge info in dst. */ | 1606 | /* Note: This doesn't put any conntrack and bridge info in dst. */ |
1611 | static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) | 1607 | static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) |
1612 | { | 1608 | { |
1609 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
1613 | dst->nfct = src->nfct; | 1610 | dst->nfct = src->nfct; |
1614 | nf_conntrack_get(src->nfct); | 1611 | nf_conntrack_get(src->nfct); |
1615 | dst->nfctinfo = src->nfctinfo; | 1612 | dst->nfctinfo = src->nfctinfo; |
1616 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
1617 | dst->nfct_reasm = src->nfct_reasm; | 1613 | dst->nfct_reasm = src->nfct_reasm; |
1618 | nf_conntrack_get_reasm(src->nfct_reasm); | 1614 | nf_conntrack_get_reasm(src->nfct_reasm); |
1619 | #endif | 1615 | #endif |
@@ -1625,8 +1621,8 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) | |||
1625 | 1621 | ||
1626 | static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src) | 1622 | static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src) |
1627 | { | 1623 | { |
1628 | nf_conntrack_put(dst->nfct); | ||
1629 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 1624 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
1625 | nf_conntrack_put(dst->nfct); | ||
1630 | nf_conntrack_put_reasm(dst->nfct_reasm); | 1626 | nf_conntrack_put_reasm(dst->nfct_reasm); |
1631 | #endif | 1627 | #endif |
1632 | #ifdef CONFIG_BRIDGE_NETFILTER | 1628 | #ifdef CONFIG_BRIDGE_NETFILTER |
@@ -1635,12 +1631,6 @@ static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src) | |||
1635 | __nf_copy(dst, src); | 1631 | __nf_copy(dst, src); |
1636 | } | 1632 | } |
1637 | 1633 | ||
1638 | #else /* CONFIG_NETFILTER */ | ||
1639 | static inline void nf_reset(struct sk_buff *skb) {} | ||
1640 | static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) {} | ||
1641 | static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src) {} | ||
1642 | #endif /* CONFIG_NETFILTER */ | ||
1643 | |||
1644 | #ifdef CONFIG_NETWORK_SECMARK | 1634 | #ifdef CONFIG_NETWORK_SECMARK |
1645 | static inline void skb_copy_secmark(struct sk_buff *to, const struct sk_buff *from) | 1635 | static inline void skb_copy_secmark(struct sk_buff *to, const struct sk_buff *from) |
1646 | { | 1636 | { |