From patchwork Mon Jan 15 15:49:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 124535 Delivered-To: patch@linaro.org Received: by 10.46.64.148 with SMTP id r20csp711102lje; Mon, 15 Jan 2018 07:50:07 -0800 (PST) X-Google-Smtp-Source: ACJfBotv5DsZ1fGCf+QjoyrQ0S4CGwtZvhAVr5W3ELOg+W7YRmr0IuT7ubuIvPjJppXWMP4kqRk5 X-Received: by 10.98.93.65 with SMTP id r62mr22792405pfb.55.1516031406856; Mon, 15 Jan 2018 07:50:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516031406; cv=none; d=google.com; s=arc-20160816; b=bpKrzu53iVHJ7CKxxy78Nmkosrdz9JqXVyH3O2kD5PaB0zb687NH3gtZlgkzXNq/f1 f5i1eTRnGvcAaqurBa5+w593lEkSBB8T98BvFkDoCWedVWwzS3UKdaecndM7um9KjBJC zlbR7qXVivN99B5diTm9kPsTD1UuS4dPA91d+jsVIYui8pPkpXPqToU4HrgAKLzFr0p9 W9jwWJiU3RFlq71CFGZ3uqDuo/3oHdn3IklWZYzpkF1v0FI6hn+okej2JcgYB/IIzESx JSsWBaWg3JliQkdjjQUDRO0aftm6H8T5+FDEWKjZz51h99bAAwn0NmuWkPTuS47QWdTT i7YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=979S9Wtm0QxrmTSEU17/2UZVkxHeTxpGZnrgu2C6Iuk=; b=Aks2CpR5FT+Xqd0lYs+bObteqsDfyqNsBEhEQHOiBLaqiPa6jgEftkR6NtOs2QOY6Y kDj7ROAJJBzoHhSYCWovgPlgpMWfSdMbyC5o3DtODfpkib7N5Vi5tsb0SxKmu4eyIAed JdhcI7bcp2HhVJ+LfXdNBXtsNKBdm+6C2cnr4mH8Q3tn3V9Vji6ONg+GAI/FTSXT/Iog hUnghrb8fByHeBk4L4lk0IWPFSPB5jhGlV+HJuOP10ILkV4B8+dgt0M4OiU+O5Yd9AK+ RoJUXmRzdiAmFqUTTiBTRR8C5sQob8Ena6DEN9lrOsCYsPwbL0351yM03KSNbhRNSskS teFA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t70si15582506pgd.13.2018.01.15.07.50.06; Mon, 15 Jan 2018 07:50:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966493AbeAOPuE (ORCPT + 28 others); Mon, 15 Jan 2018 10:50:04 -0500 Received: from mout.kundenserver.de ([212.227.17.10]:54898 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934920AbeAOPt6 (ORCPT ); Mon, 15 Jan 2018 10:49:58 -0500 Received: from wuerfel.lan ([95.208.111.237]) by mrelayeu.kundenserver.de (mreue104 [212.227.15.145]) with ESMTPA (Nemesis) id 0Lm4GH-1fARhR43VJ-00ZhCC; Mon, 15 Jan 2018 16:49:37 +0100 From: Arnd Bergmann To: Subash Abhinov Kasiviswanathan , Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI Cc: Arnd Bergmann , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH net-next 2/2] netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef Date: Mon, 15 Jan 2018 16:49:06 +0100 Message-Id: <20180115154918.4176669-2-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20180115154918.4176669-1-arnd@arndb.de> References: <20180115154918.4176669-1-arnd@arndb.de> X-Provags-ID: V03:K0:QAXX7GnLdrScys7zsROL816K4N+D7ePLK24bZjBorIwPBGI3YN9 wnmIVpFvQOgdhY9LNpH6QrlQIHiCu9lG62po1IVZNPx8UVosk1JgxM+EANizARW/O7d2TYS 8n8QaXZCNu4IW72SNbwg7W7FbQZeS+nDQSUlVMXJMQ0GymCRGX62vq7ogDiPGXmJMb10Ub3 ZC+PPLFHdCOvXsxkh7+8g== X-UI-Out-Filterresults: notjunk:1; V01:K0:uH0vtpYUeME=:k/iEJcn7ZaNXSYkJNFQwzC LfoZmNxs7ne+jRsDuSrvBGePQq8NGGE7Jnl8ThSGZolq4tJSwFkVipw27BYJApv92jH5zpGh+ sQvh+dxaqCauyhR6e6oMpWwtPr3xuSHId+jFWGd02a+7ZEMeXHhE2XoLP6dNB/59k0//KwNHj lf0rhTOIuRCGtU4ZudqxQBP3zx+TdLGxVx+Gw3NefsUAq+VSbaj2Bo8PrtMPYG1WYW6SebGwc OfOzx7hbK65I9kKsvP9OYgviyF9hiBZYv4w2a3Y+KrXT7rsqPWWw5IGq8CllG1YoED7mhgERZ nDnxlC8YCc+JI1JJyKw6nk0RikC+dX1iZAwXPqgOvCIBiYVjFkTxqQFQpQ8MwTOIyugW/vIS6 bQNEnwUsjWSvILFVkDBKjiWmCkXvlsWcd6a/W0uAQXsOpmb9d/FT2WsTc4TLY6KQvnRjXWD4x JODY89Z+FUHb9ilSyQHbInDO1f19piWTch+aQL3WAFliFYPxdI1H/j937sJWS5t1wh1xDwbDr h0ifoCCCC3mXyNrShHt6Tks95oweHCDGnLLSb8OC/gUPBcfw58MO1MEZdHUi7sJuiJIUi/81f L/L6OxbiT23L0fWmF5P/OeRrDjDndpKIy2POZVoixKVF6WcfJhfzRAoVjfHzM8xqNbioHRNGX 9lmbmhj9TcMDLs5du0nz5TD2nFsIFx7ZIPVqmydTHwzy3eNLcvdf3jvg4rTAs56MVB2xHtOjJ 0f1h9Sv4S4gP0TWe1pB1/87S+kWRkFl7aQioDg== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We cannot access the skb->_nfct field when CONFIG_NF_CONNTRACK is disabled: net/ipv4/netfilter/nf_defrag_ipv4.c: In function 'ipv4_conntrack_defrag': net/ipv4/netfilter/nf_defrag_ipv4.c:83:9: error: 'struct sk_buff' has no member named '_nfct' net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: In function 'ipv6_defrag': net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct' Both functions already have an #ifdef for this, so let's move the check in there. Fixes: 902d6a4c2a4f ("netfilter: nf_defrag: Skip defrag if NOTRACK is set") Signed-off-by: Arnd Bergmann --- Please double-check what the right behavior for !CONFIG_NF_CONNTRACK should be, I was only guessing here. --- net/ipv4/netfilter/nf_defrag_ipv4.c | 4 +++- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) -- 2.9.0 diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index cbd987f6b1f8..a0d3ad60a411 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c @@ -78,9 +78,11 @@ static unsigned int ipv4_conntrack_defrag(void *priv, if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb))) return NF_ACCEPT; #endif + if (skb->_nfct == IP_CT_UNTRACKED) + return NF_ACCEPT; #endif /* Gather fragments. */ - if (skb->_nfct != IP_CT_UNTRACKED && ip_is_fragment(ip_hdr(skb))) { + if (ip_is_fragment(ip_hdr(skb))) { enum ip_defrag_users user = nf_ct_defrag_user(state->hook, skb); diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c index 87b503a8f5ef..c87b48359e8f 100644 --- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c +++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c @@ -63,10 +63,10 @@ static unsigned int ipv6_defrag(void *priv, /* Previously seen (loopback)? */ if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb))) return NF_ACCEPT; -#endif if (skb->_nfct == IP_CT_UNTRACKED) return NF_ACCEPT; +#endif err = nf_ct_frag6_gather(state->net, skb, nf_ct6_defrag_user(state->hook, skb));