All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH net-net] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
@ 2020-09-01 14:56 Eelco Chaudron
  2020-09-07 10:19 ` Simon Horman
  2020-09-08 10:22 ` Pablo Neira Ayuso
  0 siblings, 2 replies; 3+ messages in thread
From: Eelco Chaudron @ 2020-09-01 14:56 UTC (permalink / raw)
  To: netdev

The openvswitch module fails initialization when used in a kernel
without IPv6 enabled. nf_conncount_init() fails because the ct code
unconditionally tries to initialize the netns IPv6 related bit,
regardless of the build option. The change below ignores the IPv6
part if not enabled.

Note that the corresponding _put() function already has this IPv6
configuration check.

Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit")
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
---
 net/netfilter/nf_conntrack_proto.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 95f79980348c..47e9319d2cf3 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -565,6 +565,7 @@ static int nf_ct_netns_inet_get(struct net *net)
 	int err;
 
 	err = nf_ct_netns_do_get(net, NFPROTO_IPV4);
+#if IS_ENABLED(CONFIG_IPV6)
 	if (err < 0)
 		goto err1;
 	err = nf_ct_netns_do_get(net, NFPROTO_IPV6);
@@ -575,6 +576,7 @@ static int nf_ct_netns_inet_get(struct net *net)
 err2:
 	nf_ct_netns_put(net, NFPROTO_IPV4);
 err1:
+#endif
 	return err;
 }
 


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH net-net] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
  2020-09-01 14:56 [PATCH net-net] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled Eelco Chaudron
@ 2020-09-07 10:19 ` Simon Horman
  2020-09-08 10:22 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Simon Horman @ 2020-09-07 10:19 UTC (permalink / raw)
  To: Eelco Chaudron; +Cc: Pablo Neira Ayuso, netdev, netfilter-devel

+ Pablo, netfilter-devel@vger.kernel.org

On Tue, Sep 01, 2020 at 04:56:02PM +0200, Eelco Chaudron wrote:
> The openvswitch module fails initialization when used in a kernel
> without IPv6 enabled. nf_conncount_init() fails because the ct code
> unconditionally tries to initialize the netns IPv6 related bit,
> regardless of the build option. The change below ignores the IPv6
> part if not enabled.
> 
> Note that the corresponding _put() function already has this IPv6
> configuration check.
> 
> Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit")
> Signed-off-by: Eelco Chaudron <echaudro@redhat.com>

Reviewed-by: Simon Horman <simon.horman@netronome.com>

> ---
>  net/netfilter/nf_conntrack_proto.c |    2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
> index 95f79980348c..47e9319d2cf3 100644
> --- a/net/netfilter/nf_conntrack_proto.c
> +++ b/net/netfilter/nf_conntrack_proto.c
> @@ -565,6 +565,7 @@ static int nf_ct_netns_inet_get(struct net *net)
>  	int err;
>  
>  	err = nf_ct_netns_do_get(net, NFPROTO_IPV4);
> +#if IS_ENABLED(CONFIG_IPV6)
>  	if (err < 0)
>  		goto err1;
>  	err = nf_ct_netns_do_get(net, NFPROTO_IPV6);
> @@ -575,6 +576,7 @@ static int nf_ct_netns_inet_get(struct net *net)
>  err2:
>  	nf_ct_netns_put(net, NFPROTO_IPV4);
>  err1:
> +#endif
>  	return err;
>  }
>  
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH net-net] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
  2020-09-01 14:56 [PATCH net-net] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled Eelco Chaudron
  2020-09-07 10:19 ` Simon Horman
@ 2020-09-08 10:22 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2020-09-08 10:22 UTC (permalink / raw)
  To: Eelco Chaudron; +Cc: netdev, netfilter-devel

On Tue, Sep 01, 2020 at 04:56:02PM +0200, Eelco Chaudron wrote:
> The openvswitch module fails initialization when used in a kernel
> without IPv6 enabled. nf_conncount_init() fails because the ct code
> unconditionally tries to initialize the netns IPv6 related bit,
> regardless of the build option. The change below ignores the IPv6
> part if not enabled.
> 
> Note that the corresponding _put() function already has this IPv6
> configuration check.

Applied to nf.git

Please, Cc: netfilter-devel@vger.kernel.org next time.

Thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-09-08 10:22 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-01 14:56 [PATCH net-net] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled Eelco Chaudron
2020-09-07 10:19 ` Simon Horman
2020-09-08 10:22 ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.