From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 20/26] netfilter: synproxy: fix building syncookie calls
Date: Tue, 25 Jun 2019 02:12:27 +0200 [thread overview]
Message-ID: <20190625001233.22057-21-pablo@netfilter.org> (raw)
In-Reply-To: <20190625001233.22057-1-pablo@netfilter.org>
From: Arnd Bergmann <arnd@arndb.de>
When either CONFIG_IPV6 or CONFIG_SYN_COOKIES are disabled, the kernel
fails to build:
include/linux/netfilter_ipv6.h:180:9: error: implicit declaration of function '__cookie_v6_init_sequence'
[-Werror,-Wimplicit-function-declaration]
return __cookie_v6_init_sequence(iph, th, mssp);
include/linux/netfilter_ipv6.h:194:9: error: implicit declaration of function '__cookie_v6_check'
[-Werror,-Wimplicit-function-declaration]
return __cookie_v6_check(iph, th, cookie);
net/ipv6/netfilter.c:237:26: error: use of undeclared identifier '__cookie_v6_init_sequence'; did you mean 'cookie_init_sequence'?
net/ipv6/netfilter.c:238:21: error: use of undeclared identifier '__cookie_v6_check'; did you mean '__cookie_v4_check'?
Fix the IS_ENABLED() checks to match the function declaration
and definitions for these.
Fixes: 3006a5224f15 ("netfilter: synproxy: remove module dependency on IPv6 SYNPROXY")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/linux/netfilter_ipv6.h | 14 ++++++++------
net/ipv6/netfilter.c | 2 ++
2 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index 35b12525ee45..22e6398bc482 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -163,31 +163,33 @@ static inline u32 nf_ipv6_cookie_init_sequence(const struct ipv6hdr *iph,
const struct tcphdr *th,
u16 *mssp)
{
+#if IS_ENABLED(CONFIG_SYN_COOKIES)
#if IS_MODULE(CONFIG_IPV6)
const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();
if (v6_ops)
return v6_ops->cookie_init_sequence(iph, th, mssp);
-
- return 0;
-#else
+#elif IS_BUILTIN(CONFIG_IPV6)
return __cookie_v6_init_sequence(iph, th, mssp);
#endif
+#endif
+ return 0;
}
static inline int nf_cookie_v6_check(const struct ipv6hdr *iph,
const struct tcphdr *th, __u32 cookie)
{
+#if IS_ENABLED(CONFIG_SYN_COOKIES)
#if IS_MODULE(CONFIG_IPV6)
const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();
if (v6_ops)
return v6_ops->cookie_v6_check(iph, th, cookie);
-
- return 0;
-#else
+#elif IS_BUILTIN(CONFIG_IPV6)
return __cookie_v6_check(iph, th, cookie);
#endif
+#endif
+ return 0;
}
__sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index dffb10fdc3e8..61819ed858b1 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -234,9 +234,11 @@ static const struct nf_ipv6_ops ipv6ops = {
.route_me_harder = ip6_route_me_harder,
.dev_get_saddr = ipv6_dev_get_saddr,
.route = __nf_ip6_route,
+#if IS_ENABLED(CONFIG_SYN_COOKIES)
.cookie_init_sequence = __cookie_v6_init_sequence,
.cookie_v6_check = __cookie_v6_check,
#endif
+#endif
.route_input = ip6_route_input,
.fragment = ip6_fragment,
.reroute = nf_ip6_reroute,
--
2.11.0
next prev parent reply other threads:[~2019-06-25 0:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-25 0:12 [PATCH 00/26] Netfilter updates for net-next Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 01/26] netfilter: ipv6: Fix undefined symbol nf_ct_frag6_gather Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 02/26] netfilter: ipset: remove useless memset() calls Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 03/26] netfilter: ipset: merge uadd and udel functions Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 04/26] netfilter: ipset: fix a missing check of nla_parse Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 05/26] netfilter: ipset: Fix the last missing check of nla_parse_deprecated() Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 06/26] netfilter: ipset: Fix error path in set_target_v3_checkentry() Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 07/26] ipset: Fix memory accounting for hash types on resize Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 08/26] Update my email address Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 09/26] netfilter: nft_ct: add ct expectations support Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 10/26] netfilter: conntrack: small conntrack lookup optimization Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 11/26] netfilter: xt_owner: bail out with EINVAL in case of unsupported flags Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 12/26] netfilter: bridge: port sysctls to use brnf_net Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 13/26] netfilter: bridge: namespace bridge netfilter sysctls Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 14/26] netfilter: synproxy: add common uapi for SYNPROXY infrastructure Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 15/26] netfilter: synproxy: remove module dependency on IPv6 SYNPROXY Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 16/26] netfilter: synproxy: extract SYNPROXY infrastructure from {ipt, ip6t}_SYNPROXY Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 17/26] netfilter: synproxy: ensure zero is returned on non-error return path Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 18/26] netfilter: nft_ct: fix null pointer in ct expectations support Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 19/26] netfilter: nf_tables: enable set expiration time for set elements Pablo Neira Ayuso
2019-06-25 0:12 ` Pablo Neira Ayuso [this message]
2019-06-25 0:12 ` [PATCH 21/26] netfilter: synproxy: use nf_cookie_v6_check() from core Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 22/26] netfilter: bridge: prevent UAF in brnf_exit_net() Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 23/26] netfilter: fix nf_conntrack_bridge/ipv6 link error Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 24/26] netfilter: bridge: Fix non-untagged fragment packet Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 25/26] netfilter: synproxy: fix manual bump of the reference counter Pablo Neira Ayuso
2019-06-25 0:12 ` [PATCH 26/26] netfilter: nf_tables: add support for matching IPv4 options Pablo Neira Ayuso
2019-06-25 19:46 ` [PATCH 00/26] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190625001233.22057-21-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.