From: kaber@trash.net
To: davem@davemloft.net
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH 24/26] netfilter: ipset: fix linking with CONFIG_IPV6=n
Date: Thu, 3 Feb 2011 00:12:02 +0100 [thread overview]
Message-ID: <1296688324-7830-25-git-send-email-kaber@trash.net> (raw)
In-Reply-To: <1296688324-7830-1-git-send-email-kaber@trash.net>
From: Patrick McHardy <kaber@trash.net>
Add a dummy ip_set_get_ip6_port function that unconditionally
returns false for CONFIG_IPV6=n and convert the real function
to ipv6_skip_exthdr() to avoid pulling in the ip6_tables module
when loading ipset.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
include/linux/netfilter/ipset/ip_set_getport.h | 10 ++++++++++
net/netfilter/ipset/ip_set_getport.c | 15 +++++++++------
2 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set_getport.h b/include/linux/netfilter/ipset/ip_set_getport.h
index 694c433..3882a81 100644
--- a/include/linux/netfilter/ipset/ip_set_getport.h
+++ b/include/linux/netfilter/ipset/ip_set_getport.h
@@ -3,8 +3,18 @@
extern bool ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
__be16 *port, u8 *proto);
+
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
extern bool ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
__be16 *port, u8 *proto);
+#else
+static inline bool ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
+ __be16 *port, u8 *proto)
+{
+ return false;
+}
+#endif
+
extern bool ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src,
__be16 *port);
diff --git a/net/netfilter/ipset/ip_set_getport.c b/net/netfilter/ipset/ip_set_getport.c
index 4dd2785..8d52272 100644
--- a/net/netfilter/ipset/ip_set_getport.c
+++ b/net/netfilter/ipset/ip_set_getport.c
@@ -13,6 +13,7 @@
#include <linux/icmpv6.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <net/ip.h>
+#include <net/ipv6.h>
#include <linux/netfilter/ipset/ip_set_getport.h>
@@ -93,21 +94,23 @@ ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
}
EXPORT_SYMBOL_GPL(ip_set_get_ip4_port);
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
bool
ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
__be16 *port, u8 *proto)
{
- unsigned int protooff = 0;
- int protocol;
- unsigned short fragoff;
+ int protoff;
+ u8 nexthdr;
- protocol = ipv6_find_hdr(skb, &protooff, -1, &fragoff);
- if (protocol <= 0 || fragoff)
+ nexthdr = ipv6_hdr(skb)->nexthdr;
+ protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
+ if (protoff < 0)
return false;
- return get_port(skb, protocol, protooff, src, port, proto);
+ return get_port(skb, nexthdr, protoff, src, port, proto);
}
EXPORT_SYMBOL_GPL(ip_set_get_ip6_port);
+#endif
bool
ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port)
--
1.7.2.3
next prev parent reply other threads:[~2011-02-02 23:12 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-02 23:11 [PATCH 00/26] netfilter: netfilter update kaber
2011-02-02 23:11 ` [PATCH 01/26] netfilter: NFNL_SUBSYS_IPSET id and NLA_PUT_NET* macros kaber
2011-02-02 23:11 ` [PATCH 02/26] netfilter: ipset: IP set core support kaber
2011-02-02 23:11 ` [PATCH 03/26] netfilter: ipset: bitmap:ip set type support kaber
2011-02-02 23:11 ` [PATCH 04/26] netfilter: ipset: bitmap:ip,mac " kaber
2011-02-02 23:11 ` [PATCH 05/26] netfilter: ipset; bitmap:port set " kaber
2011-02-02 23:11 ` [PATCH 06/26] netfilter: ipset: hash:ip " kaber
2011-02-02 23:11 ` [PATCH 07/26] netfilter: ipset: hash:ip,port " kaber
2011-02-02 23:11 ` [PATCH 08/26] netfilter: ipset: hash:ip,port,ip " kaber
2011-02-02 23:11 ` [PATCH 09/26] netfilter: ipset: hash:ip,port,net " kaber
2011-02-02 23:11 ` [PATCH 10/26] netfilter: ipset: hash:net " kaber
2011-02-02 23:11 ` [PATCH 11/26] netfilter: ipset: hash:net,port " kaber
2011-02-02 23:11 ` [PATCH 12/26] netfilter: ipset: list:set " kaber
2011-02-02 23:11 ` [PATCH 13/26] netfilter: xtables: "set" match and "SET" target support kaber
2011-02-02 23:11 ` [PATCH 14/26] netfilter: ipset: use nla_parse_nested() kaber
2011-02-02 23:11 ` [PATCH 15/26] netfilter: ipset: remove unnecessary includes kaber
2011-02-02 23:11 ` [PATCH 16/26] netfilter: ctnetlink: fix ctnetlink_parse_tuple() warning kaber
2011-02-02 23:11 ` [PATCH 17/26] IPVS: use z modifier for sizeof() argument kaber
2011-02-02 23:11 ` [PATCH 18/26] IPVS: remove duplicate initialisation or rs_table kaber
2011-02-02 23:11 ` [PATCH 19/26] IPVS: Remove unused variables kaber
2011-02-02 23:11 ` [PATCH 20/26] IPVS: Allow compilation with CONFIG_SYSCTL disabled kaber
2011-02-02 23:11 ` [PATCH 21/26] IPVS: Remove ip_vs_sync_cleanup from section __exit kaber
2011-02-02 23:12 ` [PATCH 22/26] netfilter: ipset: install ipset related header files kaber
2011-02-02 23:12 ` [PATCH 23/26] netfilter: ipset: add missing break statemtns in ip_set_get_ip_port() kaber
2011-02-02 23:12 ` kaber [this message]
2011-02-02 23:12 ` [PATCH 25/26] netfilter: ipset: send error message manually kaber
2011-02-02 23:12 ` [PATCH 26/26] netfilter: xtables: add device group match kaber
2011-02-02 23:24 ` [PATCH 00/26] netfilter: netfilter update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1296688324-7830-25-git-send-email-kaber@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).