netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>,
	Jozsef Kadlecsik <kadlec@netfilter.org>,
	Florian Westphal <fw@strlen.de>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [PATCH nf-next v2 23/30] netfilter: wrap some nat-related conntrack code in a CONFIG_NF_NAT check.
Date: Tue,  3 Sep 2019 00:06:43 +0100	[thread overview]
Message-ID: <20190902230650.14621-24-jeremy@azazel.net> (raw)
In-Reply-To: <20190902230650.14621-1-jeremy@azazel.net>

nf_conntrack_update uses nf_nat_hook to do some nat stuff.  However, it
will only be not NULL if CONFIG_NF_NAT is enabled.  Wrap the code in a
CONFIG_NF_NAT check to skip it altogether.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nf_conntrack_core.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 81a8ef42b88d..c597b3e8450b 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1885,7 +1885,9 @@ static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
 	struct nf_conntrack_tuple_hash *h;
 	struct nf_conntrack_tuple tuple;
 	enum ip_conntrack_info ctinfo;
+#if IS_ENABLED(CONFIG_NF_NAT)
 	struct nf_nat_hook *nat_hook;
+#endif
 	unsigned int status;
 	struct nf_conn *ct;
 	int dataoff;
@@ -1935,6 +1937,7 @@ static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
 	ct = nf_ct_tuplehash_to_ctrack(h);
 	nf_ct_set(skb, ct, ctinfo);
 
+#if IS_ENABLED(CONFIG_NF_NAT)
 	nat_hook = rcu_dereference(nf_nat_hook);
 	if (!nat_hook)
 		return 0;
@@ -1948,6 +1951,7 @@ static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
 	    nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST,
 				IP_CT_DIR_ORIGINAL) == NF_DROP)
 		return -1;
+#endif
 
 	return 0;
 }
-- 
2.23.0.rc1


  parent reply	other threads:[~2019-09-02 23:32 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-02 23:06 [PATCH nf-next v2 00/30] Add config option checks to netfilter headers Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 01/30] netfilter: add include guard to nf_conntrack_h323_types.h Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 02/30] netfilter: add include guard to nf_conntrack_labels.h Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 03/30] netfilter: fix include guard comment Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 04/30] netfilter: add GPL-2.0 SPDX ID's to a couple of headers Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 05/30] netfilter: remove trailing white-space Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 06/30] netfilter: fix Kconfig formatting error Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 07/30] netfilter: remove stray semicolons Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 08/30] netfilter: remove unused function declarations Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 09/30] netfilter: remove unused includes Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 10/30] netfilter: include the right header in nf_conntrack_zones.h Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 11/30] netfilter: fix inclusions of <linux/netfilter/nf_nat.h> Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 12/30] netfilter: added missing includes Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 13/30] netfilter: inline three headers Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 14/30] netfilter: remove superfluous header Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 15/30] netfilter: move inline function to a more appropriate header Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 16/30] netfilter: move code between synproxy headers Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 17/30] netfilter: move struct definition function to a more appropriate header Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 18/30] netfilter: use consistent style when defining inline functions in nf_conntrack_ecache.h Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 19/30] netfilter: replace defined(CONFIG...) || defined(CONFIG...MODULE) with IS_ENABLED(CONFIG...) Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 20/30] netfilter: wrap union nf_conntrack_proto members in CONFIG_NF_CT_PROTO_* check Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 21/30] netfilter: wrap inline synproxy function in CONFIG_NETFILTER_SYNPROXY check Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 22/30] netfilter: wrap inline timeout function in CONFIG_NETFILTER_TIMEOUT check Jeremy Sowden
2019-09-02 23:06 ` Jeremy Sowden [this message]
2019-09-02 23:06 ` [PATCH nf-next v2 24/30] netfilter: wrap some ipv6 tables code in a CONFIG_NF_TABLES_IPV6 check Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 25/30] netfilter: wrap some conntrack code in a CONFIG_NF_CONNTRACK check Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 26/30] netfilter: add CONFIG_NETFILTER check to linux/netfilter.h Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 27/30] netfilter: add NF_TPROXY config option Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 28/30] netfilter: add IP_SET_BITMAP " Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 29/30] netfilter: add IP_SET_HASH " Jeremy Sowden
2019-09-02 23:06 ` [PATCH nf-next v2 30/30] netfilter: wrap headers in CONFIG checks Jeremy Sowden
2019-09-04 13:50   ` kbuild test robot
2019-09-04 19:05 ` [PATCH nf-next v2 00/30] Add config option checks to netfilter headers Pablo Neira Ayuso
2019-09-07 19:16   ` Jeremy Sowden
2019-09-08 18:14     ` Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190902230650.14621-24-jeremy@azazel.net \
    --to=jeremy@azazel.net \
    --cc=fw@strlen.de \
    --cc=kadlec@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).