From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [PATCH nf-next 22/29] netfilter: wrap some nat-related conntrack code in a CONFIG_NF_NAT check.
Date: Sun, 1 Sep 2019 21:51:18 +0100 [thread overview]
Message-ID: <20190901205126.6935-23-jeremy@azazel.net> (raw)
In-Reply-To: <20190901205126.6935-1-jeremy@azazel.net>
nf_conntrack_update uses nf_nat_hook to do some nat stuff. However, it
will only be not NULL if CONFIG_NF_NAT is enabled. Wrap the code in a
CONFIG_NF_NAT check to skip it altogether.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
net/netfilter/nf_conntrack_core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 81a8ef42b88d..c597b3e8450b 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1885,7 +1885,9 @@ static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
struct nf_conntrack_tuple_hash *h;
struct nf_conntrack_tuple tuple;
enum ip_conntrack_info ctinfo;
+#if IS_ENABLED(CONFIG_NF_NAT)
struct nf_nat_hook *nat_hook;
+#endif
unsigned int status;
struct nf_conn *ct;
int dataoff;
@@ -1935,6 +1937,7 @@ static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
ct = nf_ct_tuplehash_to_ctrack(h);
nf_ct_set(skb, ct, ctinfo);
+#if IS_ENABLED(CONFIG_NF_NAT)
nat_hook = rcu_dereference(nf_nat_hook);
if (!nat_hook)
return 0;
@@ -1948,6 +1951,7 @@ static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST,
IP_CT_DIR_ORIGINAL) == NF_DROP)
return -1;
+#endif
return 0;
}
--
2.23.0.rc1
next prev parent reply other threads:[~2019-09-01 21:01 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-01 20:50 [PATCH nf-next 00/29] Add config option checks to netfilter headers Jeremy Sowden
2019-09-01 20:50 ` [PATCH nf-next 01/29] netfilter: add include guard to nf_conntrack_h323_types.h Jeremy Sowden
2019-09-01 20:50 ` [PATCH nf-next 02/29] netfilter: add include guard to nf_conntrack_labels.h Jeremy Sowden
2019-09-01 20:50 ` [PATCH nf-next 03/29] netfilter: fix include guard comment Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 04/29] netfilter: add GPL-2.0 SPDX ID's to a couple of headers Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 05/29] netfilter: remove trailing white-space Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 06/29] netfilter: fix Kconfig formatting error Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 07/29] netfilter: remove stray semicolons Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 08/29] netfilter: remove unused function declarations Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 09/29] netfilter: remove unused includes Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 10/29] netfilter: include the right header in nf_conntrack_zones.h Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 11/29] netfilter: added missing includes Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 12/29] netfilter: inline three headers Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 13/29] netfilter: remove superfluous header Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 14/29] netfilter: move inline function to a more appropriate header Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 15/29] netfilter: move code between synproxy headers Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 16/29] netfilter: move struct definition function to a more appropriate header Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 17/29] netfilter: use consistent style when defining inline functions in nf_conntrack_ecache.h Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 18/29] netfilter: replace defined(CONFIG...) || defined(CONFIG...MODULE) with IS_ENABLED(CONFIG...) Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 19/29] netfilter: wrap union nf_conntrack_proto members in CONFIG_NF_CT_PROTO_* check Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 20/29] netfilter: wrap inline synproxy function in CONFIG_NETFILTER_SYNPROXY check Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 21/29] netfilter: wrap inline timeout function in CONFIG_NETFILTER_TIMEOUT check Jeremy Sowden
2019-09-01 20:51 ` Jeremy Sowden [this message]
2019-09-01 20:51 ` [PATCH nf-next 23/29] netfilter: wrap some ipv6 tables code in a CONFIG_NF_TABLES_IPV6 check Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 24/29] netfilter: wrap some conntrack code in a CONFIG_NF_CONNTRACK check Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 25/29] netfilter: add CONFIG_NETFILTER check to linux/netfilter.h Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 26/29] netfilter: add NF_TPROXY config option Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 27/29] netfilter: add IP_SET_BITMAP " Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 28/29] netfilter: add IP_SET_HASH " Jeremy Sowden
2019-09-01 20:51 ` [PATCH nf-next 29/29] netfilter: wrap headers in CONFIG checks Jeremy Sowden
2019-09-02 6:28 ` kbuild test robot
2019-09-02 6:38 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190901205126.6935-23-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).