From: Patrick McHardy <kaber@trash.net>
To: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
linux-next@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
netfilter-devel@vger.kernel.org, Netdev <netdev@vger.kernel.org>
Subject: Re: linux-next: Tree for February 18 (netfilter)
Date: Thu, 18 Feb 2010 18:45:14 +0100 [thread overview]
Message-ID: <4B7D7CAA.1070605@trash.net> (raw)
In-Reply-To: <4B7D7617.9070600@oracle.com>
[-- Attachment #1: Type: text/plain, Size: 2148 bytes --]
Randy Dunlap wrote:
> On 02/18/10 09:03, Patrick McHardy wrote:
>> Randy Dunlap wrote:
>>> On 02/18/10 01:49, Stephen Rothwell wrote:
>>>> Hi all,
>>>>
>>>> Changes since 20100217:
>>>>
>>>> The net tree lost its build failure but gained a conflict against the kvm
>>>> tree.
>>>
>>> include/net/netfilter/nf_conntrack.h:94: error: field 'ct_general' has incomplete type
>>> include/net/netfilter/nf_conntrack.h:178: error: 'const struct sk_buff' has no member named 'nfct'
>>> include/net/netfilter/nf_conntrack.h:185: error: implicit declaration of function 'nf_conntrack_put'
>>> include/net/netfilter/nf_conntrack.h:294: error: 'const struct sk_buff' has no member named 'nfct'
>>> net/ipv4/netfilter/nf_defrag_ipv4.c:45: error: 'struct sk_buff' has no member named 'nfct'
>>> net/ipv4/netfilter/nf_defrag_ipv4.c:46: error: 'struct sk_buff' has no member named 'nfct'
>>>
>>> CONFIG_NF_CONNTRACK is not enabled
>>> but CONFIG_NF_DEFRAG_IPV4=y. It is "select"ed by
>>> NETFILTER_XT_MATCH_SOCKET and NETFILTER_XT_TARGET_TPROXY,
>>> both of which are enabled.
>>>
>>> Hm, NETFILTER_XT_MATCH_SOCKET depends on !NF_CONNTRACK || NF_CONNTRACK.
>>> Maybe NETFILTER_XT_TARGET_TPROXY needs to do that also. No, that would
>>> go against that config option's help text:
>> No, the problem is use of skb->nfct without CONFIG_NF_CONNTRACK.
>>
>> This patch should fix it.
>
> Nope:
>
> In file included from /lnx/src/NEXT/linux-next-20100218/include/net/netfilter/nf_conntrack_extend.h:4,
> from /lnx/src/NEXT/linux-next-20100218/include/net/netfilter/nf_conntrack_zones.h:4,
> from /lnx/src/NEXT/linux-next-20100218/net/ipv4/netfilter/nf_defrag_ipv4.c:19:
> /lnx/src/NEXT/linux-next-20100218/include/net/netfilter/nf_conntrack.h:94: error: field 'ct_general' has incomplete type
> /lnx/src/NEXT/linux-next-20100218/include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get':
Ah I see, we must not include nf_conntrack.h at all. Eventually
we need to fix this properly by making nf_conntrack.h usable
even with NF_CONNTRACK=n, but that's a more complicated change.
This patch works fine for me using your config:
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1766 bytes --]
diff --git a/include/net/netfilter/nf_conntrack_zones.h b/include/net/netfilter/nf_conntrack_zones.h
index 0bbb2bd..034efe8 100644
--- a/include/net/netfilter/nf_conntrack_zones.h
+++ b/include/net/netfilter/nf_conntrack_zones.h
@@ -1,10 +1,11 @@
#ifndef _NF_CONNTRACK_ZONES_H
#define _NF_CONNTRACK_ZONES_H
-#include <net/netfilter/nf_conntrack_extend.h>
-
#define NF_CT_DEFAULT_ZONE 0
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+#include <net/netfilter/nf_conntrack_extend.h>
+
struct nf_conntrack_zone {
u16 id;
};
@@ -20,4 +21,5 @@ static inline u16 nf_ct_zone(const struct nf_conn *ct)
return NF_CT_DEFAULT_ZONE;
}
+#endif /* CONFIG_NF_CONNTRACK || CONFIG_NF_CONNTRACK_MODULE */
#endif /* _NF_CONNTRACK_ZONES_H */
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index d498a70..cb763ae 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -16,9 +16,11 @@
#include <linux/netfilter_bridge.h>
#include <linux/netfilter_ipv4.h>
-#include <net/netfilter/nf_conntrack_zones.h>
#include <net/netfilter/ipv4/nf_defrag_ipv4.h>
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
#include <net/netfilter/nf_conntrack.h>
+#endif
+#include <net/netfilter/nf_conntrack_zones.h>
/* Returns new sk_buff, or NULL */
static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
@@ -42,8 +44,10 @@ static enum ip_defrag_users nf_ct_defrag_user(unsigned int hooknum,
{
u16 zone = NF_CT_DEFAULT_ZONE;
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (skb->nfct)
zone = nf_ct_zone((struct nf_conn *)skb->nfct);
+#endif
#ifdef CONFIG_BRIDGE_NETFILTER
if (skb->nf_bridge &&
next prev parent reply other threads:[~2010-02-18 17:45 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-18 9:49 linux-next: Tree for February 18 Stephen Rothwell
2010-02-18 16:35 ` linux-next: Tree for February 18 (media/video/gspca) Randy Dunlap
2010-02-18 16:38 ` linux-next: Tree for February 18 (staging) Randy Dunlap
2010-02-18 16:54 ` linux-next: Tree for February 18 (netfilter) Randy Dunlap
2010-02-18 17:03 ` Patrick McHardy
2010-02-18 17:17 ` Randy Dunlap
2010-02-18 17:45 ` Patrick McHardy [this message]
2010-02-18 17:50 ` Randy Dunlap
2010-02-18 18:04 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B7D7CAA.1070605@trash.net \
--to=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=randy.dunlap@oracle.com \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.