From patchwork Tue Jun 25 00:12:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 167667 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp4842146ilk; Mon, 24 Jun 2019 17:14:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqxLtCOw9xPDIpVebt7voX0neEmlNahjzK9VaWgA+rXfCeSgQ9gcGZ51V97pkL52aJWb2b1q X-Received: by 2002:a17:902:ac88:: with SMTP id h8mr73582362plr.12.1561421644419; Mon, 24 Jun 2019 17:14:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561421644; cv=none; d=google.com; s=arc-20160816; b=VRuJqIyGMNtcCn66DvU8izo1eCv15Po1Piuur9jafp1OKPfmrhFEeMhvaYRs5DpAFq 4u7bPQUvi1PeU4ff+mWSFXHInLRzAvwi90YNkSYcjxr95wquu5Kta+mrmT+pI0EmDh42 3LqFX5vXx9/nMWQ1zXSrOWYjo1lfDiLAW93uvNzctx8p1Ru6EBQn1EyGAZCJ3XwV7ymp X0cJJM4esKIKt4D0lzBzRjT+p+YN1oMzEXSWyeb9wtwp0yg+d0uVy+jGAotk7lqcaHIe yKIpNy0ZJz/UAZVFrUO57rOUac8e9MDmFVm49YzXQVc67YUorGNn01FSS2jAeqEiUFZn fcBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=YOwpzW1Wz3pmk8+JENvPzfp0R43pKD25IuCy2qFqtc0=; b=SFvaGGnhc0H2mRudD52LGeznWA+R88wacEpNIr7iK5OZAsbKpIcaZjht2molmqFH0S TYFClmXOjXimtmVEXC4P7dvrAKaWy5R9lWDdum7i3vSG/ABwVwryO8pewx6/WSWvha2p DHf8M8f0bDUV9IdX2yWXukwq7ftV7Z2kbxQ0WBdjPDY/6FN7i2a81BiivP4zuQzlq6xl 0s2fVnjdNZdjjEJr/J+qYklR3w7jmKv0wy1Yns+jnQ2J2M3QBMXzT1gdjafIyay0G/kt 79BcSPtopMht7DyHXR4DqhqFVou8E945RDqS4cpHaObPK54VnBJFbXlmzPSzb7XlKi6e xW7w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d3si11474055pgc.299.2019.06.24.17.14.04; Mon, 24 Jun 2019 17:14:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729972AbfFYAOD (ORCPT + 9 others); Mon, 24 Jun 2019 20:14:03 -0400 Received: from mail.us.es ([193.147.175.20]:38068 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729453AbfFYAMz (ORCPT ); Mon, 24 Jun 2019 20:12:55 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 746C7C04B8 for ; Tue, 25 Jun 2019 02:12:53 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 6093DDA701 for ; Tue, 25 Jun 2019 02:12:53 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id 562F7DA704; Tue, 25 Jun 2019 02:12:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 4BEFCDA701; Tue, 25 Jun 2019 02:12:51 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Tue, 25 Jun 2019 02:12:51 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 1EAFC4265A2F; Tue, 25 Jun 2019 02:12:51 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 20/26] netfilter: synproxy: fix building syncookie calls Date: Tue, 25 Jun 2019 02:12:27 +0200 Message-Id: <20190625001233.22057-21-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190625001233.22057-1-pablo@netfilter.org> References: <20190625001233.22057-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Arnd Bergmann When either CONFIG_IPV6 or CONFIG_SYN_COOKIES are disabled, the kernel fails to build: include/linux/netfilter_ipv6.h:180:9: error: implicit declaration of function '__cookie_v6_init_sequence' [-Werror,-Wimplicit-function-declaration] return __cookie_v6_init_sequence(iph, th, mssp); include/linux/netfilter_ipv6.h:194:9: error: implicit declaration of function '__cookie_v6_check' [-Werror,-Wimplicit-function-declaration] return __cookie_v6_check(iph, th, cookie); net/ipv6/netfilter.c:237:26: error: use of undeclared identifier '__cookie_v6_init_sequence'; did you mean 'cookie_init_sequence'? net/ipv6/netfilter.c:238:21: error: use of undeclared identifier '__cookie_v6_check'; did you mean '__cookie_v4_check'? Fix the IS_ENABLED() checks to match the function declaration and definitions for these. Fixes: 3006a5224f15 ("netfilter: synproxy: remove module dependency on IPv6 SYNPROXY") Signed-off-by: Arnd Bergmann Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter_ipv6.h | 14 ++++++++------ net/ipv6/netfilter.c | 2 ++ 2 files changed, 10 insertions(+), 6 deletions(-) -- 2.11.0 diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index 35b12525ee45..22e6398bc482 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h @@ -163,31 +163,33 @@ static inline u32 nf_ipv6_cookie_init_sequence(const struct ipv6hdr *iph, const struct tcphdr *th, u16 *mssp) { +#if IS_ENABLED(CONFIG_SYN_COOKIES) #if IS_MODULE(CONFIG_IPV6) const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); if (v6_ops) return v6_ops->cookie_init_sequence(iph, th, mssp); - - return 0; -#else +#elif IS_BUILTIN(CONFIG_IPV6) return __cookie_v6_init_sequence(iph, th, mssp); #endif +#endif + return 0; } static inline int nf_cookie_v6_check(const struct ipv6hdr *iph, const struct tcphdr *th, __u32 cookie) { +#if IS_ENABLED(CONFIG_SYN_COOKIES) #if IS_MODULE(CONFIG_IPV6) const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); if (v6_ops) return v6_ops->cookie_v6_check(iph, th, cookie); - - return 0; -#else +#elif IS_BUILTIN(CONFIG_IPV6) return __cookie_v6_check(iph, th, cookie); #endif +#endif + return 0; } __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index dffb10fdc3e8..61819ed858b1 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c @@ -234,9 +234,11 @@ static const struct nf_ipv6_ops ipv6ops = { .route_me_harder = ip6_route_me_harder, .dev_get_saddr = ipv6_dev_get_saddr, .route = __nf_ip6_route, +#if IS_ENABLED(CONFIG_SYN_COOKIES) .cookie_init_sequence = __cookie_v6_init_sequence, .cookie_v6_check = __cookie_v6_check, #endif +#endif .route_input = ip6_route_input, .fragment = ip6_fragment, .reroute = nf_ip6_reroute, From patchwork Tue Jun 25 00:12:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pablo Neira Ayuso X-Patchwork-Id: 167666 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp4841434ilk; Mon, 24 Jun 2019 17:13:06 -0700 (PDT) X-Google-Smtp-Source: APXvYqw5LEqHHcQ+zpfN6SWyhrwaXmk6WeMfhq0sa6Y9PubbMqgjW47e6sbffO+5+bAxSlWhMKEm X-Received: by 2002:a63:4419:: with SMTP id r25mr36920070pga.247.1561421586664; Mon, 24 Jun 2019 17:13:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561421586; cv=none; d=google.com; s=arc-20160816; b=Oatei7Ql4GakNDZzeF7esIhPfN/+HB98ShidRQKHHpDdIif2J07Wn5Ts/hXCjYiyrM huZiFu/lOHVS5+PDaSc1T7iym6oYqJPH6bsZ4qx2MJR01AI90ztbHvrcYPrlJx0k3LHC Sjozk+cBfr3eKyDJR5urnK+/dpAl3WO5+cdw1JKAYqCdSxrJ38JjQaveIEw0Sc/WSTDW T18EM0X1OtQr3hn8ZjdNjusfAbXkUR2G9NbPqCdWFv0sStDajSX0zsl7ZaY3m7PQC7wP 7/IE9qnDpCogQyNsLMyNturJayElPlR1QMWk3QzCDCtVRAGeUPZJAEoqQO3DcwPOt/Hj W6GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from; bh=XBnP4RrO3JdJdldh8HW625HeCSMS+LCnzu3W5/iz72U=; b=MOQIQrL88uZRVoYbdpJDPp2l87+vyfiixI6st2EnirW/k7DTt1v5qbq1Gr2GO9Pm6/ rUMjV54UM0XhZCh6nEDgpKFgrCrUR0TiaYTdQ/h7aldRi2srIH+K9xNm3jcEjaXohgsI hrkeuycJYE/vGTaZBHprVfu4QGfvGT2YMRH4z+F9UgIPVJsT01a7EKLh4XdOPajVcHq/ eQn8BLjanud2pRa8m9q+QGyEyHvHvR5k454sJt9GeIVXRoNjPjeYVuu2NXx4MtjDrw6F Bssu+0+cCE0CNMIYp/WPEoUvabL6n350didBahYsryvUSGtQqsgC/DmJ/6IZF+kHxrEh rQUg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k25si2446305pgb.36.2019.06.24.17.13.06; Mon, 24 Jun 2019 17:13:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729550AbfFYAM7 (ORCPT + 9 others); Mon, 24 Jun 2019 20:12:59 -0400 Received: from mail.us.es ([193.147.175.20]:38014 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729481AbfFYAM4 (ORCPT ); Mon, 24 Jun 2019 20:12:56 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id E5B42C04AC for ; Tue, 25 Jun 2019 02:12:54 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id D5F7ADA70B for ; Tue, 25 Jun 2019 02:12:54 +0200 (CEST) Received: by antivirus1-rhel7.int (Postfix, from userid 99) id CB82FDA708; Tue, 25 Jun 2019 02:12:54 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on antivirus1-rhel7.int X-Spam-Level: X-Spam-Status: No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50, SMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1 Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id C9151DA702; Tue, 25 Jun 2019 02:12:52 +0200 (CEST) Received: from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int (F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); Tue, 25 Jun 2019 02:12:52 +0200 (CEST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int) Received: from salvia.here (sys.soleta.eu [212.170.55.40]) (Authenticated sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id A07744265A2F; Tue, 25 Jun 2019 02:12:52 +0200 (CEST) X-SMTPAUTHUS: auth mail.us.es From: Pablo Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 23/26] netfilter: fix nf_conntrack_bridge/ipv6 link error Date: Tue, 25 Jun 2019 02:12:30 +0200 Message-Id: <20190625001233.22057-24-pablo@netfilter.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20190625001233.22057-1-pablo@netfilter.org> References: <20190625001233.22057-1-pablo@netfilter.org> X-Virus-Scanned: ClamAV using ClamSMTP Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Arnd Bergmann When CONFIG_IPV6 is disabled, the bridge netfilter code produces a link error: ERROR: "br_ip6_fragment" [net/bridge/netfilter/nf_conntrack_bridge.ko] undefined! ERROR: "nf_ct_frag6_gather" [net/bridge/netfilter/nf_conntrack_bridge.ko] undefined! The problem is that it assumes that whenever IPV6 is not a loadable module, we can call the functions direction. This is clearly not true when IPV6 is disabled. There are two other functions defined like this in linux/netfilter_ipv6.h, so change them all the same way. Fixes: 764dd163ac92 ("netfilter: nf_conntrack_bridge: add support for IPv6") Signed-off-by: Arnd Bergmann Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter_ipv6.h | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) -- 2.11.0 diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index 22e6398bc482..7beb681e1ce5 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h @@ -75,8 +75,10 @@ static inline int nf_ipv6_chk_addr(struct net *net, const struct in6_addr *addr, return 1; return v6_ops->chk_addr(net, addr, dev, strict); -#else +#elif IS_BUILTIN(CONFIG_IPV6) return ipv6_chk_addr(net, addr, dev, strict); +#else + return 1; #endif } @@ -113,8 +115,10 @@ static inline int nf_ipv6_br_defrag(struct net *net, struct sk_buff *skb, return 1; return v6_ops->br_defrag(net, skb, user); -#else +#elif IS_BUILTIN(CONFIG_IPV6) return nf_ct_frag6_gather(net, skb, user); +#else + return 1; #endif } @@ -138,8 +142,10 @@ static inline int nf_br_ip6_fragment(struct net *net, struct sock *sk, return 1; return v6_ops->br_fragment(net, sk, skb, data, output); -#else +#elif IS_BUILTIN(CONFIG_IPV6) return br_ip6_fragment(net, sk, skb, data, output); +#else + return 1; #endif } @@ -154,8 +160,10 @@ static inline int nf_ip6_route_me_harder(struct net *net, struct sk_buff *skb) return -EHOSTUNREACH; return v6_ops->route_me_harder(net, skb); -#else +#elif IS_BUILTIN(CONFIG_IPV6) return ip6_route_me_harder(net, skb); +#else + return -EHOSTUNREACH; #endif }