lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets

Browse Source 
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Yasuyuki Kozakai
2006-12-12 00:28:40 -08:00
committed by David S. Miller
parent 083e69e99e
commit fe0b9294c9
5 changed files with 16 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
include/net/netfilter/nf_conntrack_compat.h
View File

@@ -64,6 +64,16 @@ static inline int nf_ct_get_ctinfo(const struct sk_buff *skb,
return (ct != NULL); return (ct != NULL);
} }
static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto)
{
need_conntrack();
return l3proto == PF_INET ? 0 : -1;
}
static inline void nf_ct_l3proto_module_put(unsigned short l3proto)
{
}
#else /* CONFIG_IP_NF_CONNTRACK */ #else /* CONFIG_IP_NF_CONNTRACK */
#include <net/netfilter/ipv4/nf_conntrack_ipv4.h> #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>

7
net/netfilter/xt_connmark.c
View File

@@ -63,22 +63,18 @@ checkentry(const char *tablename,
printk(KERN_WARNING "connmark: only support 32bit mark\n"); printk(KERN_WARNING "connmark: only support 32bit mark\n");
return 0; return 0;
} }
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) { if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load nf_conntrack support for " printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family); "proto=%d\n", match->family);
return 0; return 0;
} }
#endif
return 1; return 1;
} }
static void static void
destroy(const struct xt_match *match, void *matchinfo) destroy(const struct xt_match *match, void *matchinfo)
{ {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family); nf_ct_l3proto_module_put(match->family);
#endif
} }
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
@@ -140,7 +136,6 @@ static struct xt_match xt_connmark_match[] = {
static int __init xt_connmark_init(void) static int __init xt_connmark_init(void)
{ {
need_conntrack();
return xt_register_matches(xt_connmark_match, return xt_register_matches(xt_connmark_match,
ARRAY_SIZE(xt_connmark_match)); ARRAY_SIZE(xt_connmark_match));
} }

8
net/netfilter/xt_conntrack.c
View File

@@ -20,6 +20,7 @@
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_conntrack.h> #include <linux/netfilter/xt_conntrack.h>
#include <net/netfilter/nf_conntrack_compat.h>
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
@@ -228,21 +229,17 @@ checkentry(const char *tablename,
void *matchinfo, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) { if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load nf_conntrack support for " printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family); "proto=%d\n", match->family);
return 0; return 0;
} }
#endif
return 1; return 1;
} }
static void destroy(const struct xt_match *match, void *matchinfo) static void destroy(const struct xt_match *match, void *matchinfo)
{ {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family); nf_ct_l3proto_module_put(match->family);
#endif
} }
static struct xt_match conntrack_match = { static struct xt_match conntrack_match = {
@@ -257,7 +254,6 @@ static struct xt_match conntrack_match = {
static int __init xt_conntrack_init(void) static int __init xt_conntrack_init(void)
{ {
need_conntrack();
return xt_register_match(&conntrack_match); return xt_register_match(&conntrack_match);
} }

8
net/netfilter/xt_helper.c
View File

@@ -24,6 +24,7 @@
#endif #endif
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_helper.h> #include <linux/netfilter/xt_helper.h>
#include <net/netfilter/nf_conntrack_compat.h>
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
@@ -143,13 +144,11 @@ static int check(const char *tablename,
{ {
struct xt_helper_info *info = matchinfo; struct xt_helper_info *info = matchinfo;
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) { if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load nf_conntrack support for " printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family); "proto=%d\n", match->family);
return 0; return 0;
} }
#endif
info->name[29] = '\0'; info->name[29] = '\0';
return 1; return 1;
} }
@@ -157,9 +156,7 @@ static int check(const char *tablename,
static void static void
destroy(const struct xt_match *match, void *matchinfo) destroy(const struct xt_match *match, void *matchinfo)
{ {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family); nf_ct_l3proto_module_put(match->family);
#endif
} }
static struct xt_match xt_helper_match[] = { static struct xt_match xt_helper_match[] = {
@@ -185,7 +182,6 @@ static struct xt_match xt_helper_match[] = {
static int __init xt_helper_init(void) static int __init xt_helper_init(void)
{ {
need_conntrack();
return xt_register_matches(xt_helper_match, return xt_register_matches(xt_helper_match,
ARRAY_SIZE(xt_helper_match)); ARRAY_SIZE(xt_helper_match));
} }

7
net/netfilter/xt_state.c
View File

@@ -50,22 +50,18 @@ static int check(const char *tablename,
void *matchinfo, void *matchinfo,
unsigned int hook_mask) unsigned int hook_mask)
{ {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (nf_ct_l3proto_try_module_get(match->family) < 0) { if (nf_ct_l3proto_try_module_get(match->family) < 0) {
printk(KERN_WARNING "can't load nf_conntrack support for " printk(KERN_WARNING "can't load conntrack support for "
"proto=%d\n", match->family); "proto=%d\n", match->family);
return 0; return 0;
} }
#endif
return 1; return 1;
} }
static void static void
destroy(const struct xt_match *match, void *matchinfo) destroy(const struct xt_match *match, void *matchinfo)
{ {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family); nf_ct_l3proto_module_put(match->family);
#endif
} }
static struct xt_match xt_state_match[] = { static struct xt_match xt_state_match[] = {
@@ -91,7 +87,6 @@ static struct xt_match xt_state_match[] = {
static int __init xt_state_init(void) static int __init xt_state_init(void)
{ {
need_conntrack();
return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match)); return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match));
} }