]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Tue, 12 Dec 2006 08:28:40 +0000 (00:28 -0800)
committerDavid S. Miller <davem@sunset.davemloft.net>
Thu, 14 Dec 2006 00:48:20 +0000 (16:48 -0800)
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/netfilter/nf_conntrack_compat.h
net/netfilter/xt_connmark.c
net/netfilter/xt_conntrack.c
net/netfilter/xt_helper.c
net/netfilter/xt_state.c

index f1b1482d7200a3a8a1d67e4c6cc41ba62167f125..b9ce5c80d9d5cc83087593f25b6e186ffdebb75d 100644 (file)
@@ -64,6 +64,16 @@ static inline int nf_ct_get_ctinfo(const struct sk_buff *skb,
        return (ct != NULL);
 }
 
+static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto)
+{
+       need_conntrack();
+       return l3proto == PF_INET ? 0 : -1;
+}
+
+static inline void nf_ct_l3proto_module_put(unsigned short l3proto)
+{
+}
+
 #else /* CONFIG_IP_NF_CONNTRACK */
 
 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
index a8f03057dbdedd8c4887b0585ab48e60d1bd5b03..36c2defff238b193d7377b7e81dfa18d4705b007 100644 (file)
@@ -63,22 +63,18 @@ checkentry(const char *tablename,
                printk(KERN_WARNING "connmark: only support 32bit mark\n");
                return 0;
        }
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        return 1;
 }
 
 static void
 destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 #ifdef CONFIG_COMPAT
@@ -140,7 +136,6 @@ static struct xt_match xt_connmark_match[] = {
 
 static int __init xt_connmark_init(void)
 {
-       need_conntrack();
        return xt_register_matches(xt_connmark_match,
                                   ARRAY_SIZE(xt_connmark_match));
 }
index 0ea501a2fda5b03458ef0bdc510e36ef7f28660a..3dc2357b8de88dd163e62a18a90d17bee52db27e 100644 (file)
@@ -20,6 +20,7 @@
 
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_conntrack.h>
+#include <net/netfilter/nf_conntrack_compat.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
@@ -228,21 +229,17 @@ checkentry(const char *tablename,
           void *matchinfo,
           unsigned int hook_mask)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        return 1;
 }
 
 static void destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 static struct xt_match conntrack_match = {
@@ -257,7 +254,6 @@ static struct xt_match conntrack_match = {
 
 static int __init xt_conntrack_init(void)
 {
-       need_conntrack();
        return xt_register_match(&conntrack_match);
 }
 
index 5d7818b73e3acf1547d264717c7381297fe4c510..04bc32ba719566651a8fc1c23c1498bca02da6ca 100644 (file)
@@ -24,6 +24,7 @@
 #endif
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_helper.h>
+#include <net/netfilter/nf_conntrack_compat.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
@@ -143,13 +144,11 @@ static int check(const char *tablename,
 {
        struct xt_helper_info *info = matchinfo;
 
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        info->name[29] = '\0';
        return 1;
 }
@@ -157,9 +156,7 @@ static int check(const char *tablename,
 static void
 destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 static struct xt_match xt_helper_match[] = {
@@ -185,7 +182,6 @@ static struct xt_match xt_helper_match[] = {
 
 static int __init xt_helper_init(void)
 {
-       need_conntrack();
        return xt_register_matches(xt_helper_match,
                                   ARRAY_SIZE(xt_helper_match));
 }
index d9010b16a1f97a4c7e3c5ba604c51c4f1d8e3642..df37b912163a61cd16d40ebcd7f5bf00bd08d6a5 100644 (file)
@@ -50,22 +50,18 @@ static int check(const char *tablename,
                 void *matchinfo,
                 unsigned int hook_mask)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        return 1;
 }
 
 static void
 destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 static struct xt_match xt_state_match[] = {
@@ -91,7 +87,6 @@ static struct xt_match xt_state_match[] = {
 
 static int __init xt_state_init(void)
 {
-       need_conntrack();
        return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match));
 }