From patchwork Fri Jan 19 19:10:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 125211 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp432165ljf; Fri, 19 Jan 2018 11:12:09 -0800 (PST) X-Google-Smtp-Source: ACJfBotE1pGBBGQ3xweuFHzOCwVFy3YDGbNeq89jg+JIPYwpRJd0ihrltcRGPvOYet0uVpU3gY1H X-Received: by 10.99.96.23 with SMTP id u23mr41333831pgb.355.1516389129448; Fri, 19 Jan 2018 11:12:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516389129; cv=none; d=google.com; s=arc-20160816; b=NwiqWnqHqGvTa2AIu9vD0PMVlN31T7Mb+2gwhNBDR/OUcemkwtL0mlMXKdsQ422st/ mNQwzyrxJPwFGo1DtVgUKq6/6fJBjQJMHhC4lzLLJeGz5TrdGIpP4LVPm1gTquLxGo63 9BpIXw4nncwHTbQ3ky4Q2kkout613TkhS4YvWKYFOdzoxSmAFBIkaTrnHNSt5oM/lK8G 0cOTVo60/J++lgyqCSQ1VrCDKowHmsnFs1eo2T+HwUSZOHlpE9DGfASvDs+rhcGLL4k2 9FkqPxEGHSe36SaADv3XI9VzIZ27j2/nl/4hVyox9EVTfU2mndwGvTZ+8Og1f5z2N5dI AYcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=kukqr+FDkaQTVOHF8oDWv3nZqUZlMTBCJnz9BHoU4ug=; b=GqNO50LbJR3Rj8rDUP4puNcMDwJsJuIgLoehQG3NRIMRjp1xuRiA1rnwKWdaYz39YM KlXFBb8mKTDmfFPitFmODQW3rqrN7PVhpQ96oevlsbsUrFSQFoV/ow1mCIa/2zptLwNh QLMUrqcJEE/MiGKckDXV8nJVCky5OzIBWBIAnom6CjjptAR53PSsOa3eG7jrT32doUFR KaPWAnb7Ios7Q8yD55ObHIb2byZT7ld6mjCveGPpc/VJydckOlUlBVBZ5WFeTGFS03xM WGcX0GW80RGvPiEAg0tQNepYa6+AsUFE9ph98TPQ08QDu3cPf7BJHqTCXbfICVCOANF3 suWw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e8-v6si1033185plt.399.2018.01.19.11.12.09; Fri, 19 Jan 2018 11:12:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932440AbeASTMH (ORCPT + 7 others); Fri, 19 Jan 2018 14:12:07 -0500 Received: from mail.us.es ([193.147.175.20]:45188 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932488AbeASTLM (ORCPT ); Fri, 19 Jan 2018 14:11:12 -0500 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 1AFF72EFED3 for ; Fri, 19 Jan 2018 20:11:07 +0100 (CET) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 08C69DA860 for ; Fri, 19 Jan 2018 20:11:07 +0100 (CET) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id F2557DA85D; Fri, 19 Jan 2018 20:11:06 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 08B4ADA852; Fri, 19 Jan 2018 20:11:05 +0100 (CET) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Fri, 19 Jan 2018 20:11:05 +0100 (CET) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (barqueta.lsi.us.es [150.214.188.150]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id E5B5841E4817; Fri, 19 Jan 2018 20:11:04 +0100 (CET) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 21/32] netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef Date: Fri, 19 Jan 2018 20:10:30 +0100 Message-Id: <20180119191041.25804-22-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180119191041.25804-1-pablo@netfilter.org> References: <20180119191041.25804-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Arnd Bergmann We cannot access the skb->_nfct field when CONFIG_NF_CONNTRACK is disabled: net/ipv4/netfilter/nf_defrag_ipv4.c: In function 'ipv4_conntrack_defrag': net/ipv4/netfilter/nf_defrag_ipv4.c:83:9: error: 'struct sk_buff' has no member named '_nfct' net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: In function 'ipv6_defrag': net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct' Both functions already have an #ifdef for this, so let's move the check in there. Fixes: 902d6a4c2a4f ("netfilter: nf_defrag: Skip defrag if NOTRACK is set") Signed-off-by: Arnd Bergmann Signed-off-by: Pablo Neira Ayuso --- net/ipv4/netfilter/nf_defrag_ipv4.c | 4 +++- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) -- 2.11.0 diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index cbd987f6b1f8..a0d3ad60a411 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c @@ -78,9 +78,11 @@ static unsigned int ipv4_conntrack_defrag(void *priv, if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb))) return NF_ACCEPT; #endif + if (skb->_nfct == IP_CT_UNTRACKED) + return NF_ACCEPT; #endif /* Gather fragments. */ - if (skb->_nfct != IP_CT_UNTRACKED && ip_is_fragment(ip_hdr(skb))) { + if (ip_is_fragment(ip_hdr(skb))) { enum ip_defrag_users user = nf_ct_defrag_user(state->hook, skb); diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c index 87b503a8f5ef..c87b48359e8f 100644 --- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c +++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c @@ -63,10 +63,10 @@ static unsigned int ipv6_defrag(void *priv, /* Previously seen (loopback)? */ if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb))) return NF_ACCEPT; -#endif if (skb->_nfct == IP_CT_UNTRACKED) return NF_ACCEPT; +#endif err = nf_ct_frag6_gather(state->net, skb, nf_ct6_defrag_user(state->hook, skb));