Skip to content

L
linux
Commit 0abc8bf4 authored by Jeremy Sowden's avatar Jeremy Sowden Committed by Pablo Neira Ayuso
Browse files
Options

netfilter: add missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to some header-files. 

struct nf_conn contains a "struct nf_conntrack ct_general" member and
struct net contains a "struct netns_ct ct" member which are both only
defined in CONFIG_NF_CONNTRACK is enabled.  These members are used in a
number of inline functions defined in other header-files.  Added
preprocessor checks to make sure the headers will compile if
CONFIG_NF_CONNTRACK is disabled.
Signed-off-by: default avatarJeremy Sowden <jeremy@azazel.net>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 47e640af
Show whitespace changes
Inline Side-by-side
Showing with 31 additions and 0 deletions
include/net/netfilter/nf_conntrack.h
View file @ 0abc8bf4
...@@ -59,6 +59,7 @@ struct nf_conntrack_net { ...@@ -59,6 +59,7 @@ struct nf_conntrack_net {
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h> #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
struct nf_conn { struct nf_conn {
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
/* Usage count in here is 1 for hash table, 1 per skb, /* Usage count in here is 1 for hash table, 1 per skb,
* plus 1 for any connection(s) we are `master' for * plus 1 for any connection(s) we are `master' for
* *
...@@ -68,6 +69,7 @@ struct nf_conn { ...@@ -68,6 +69,7 @@ struct nf_conn {
* beware nf_ct_get() is different and don't inc refcnt. * beware nf_ct_get() is different and don't inc refcnt.
*/ */
struct nf_conntrack ct_general; struct nf_conntrack ct_general;
#endif
spinlock_t lock; spinlock_t lock;
/* jiffies32 when this ct is considered dead */ /* jiffies32 when this ct is considered dead */
...@@ -148,6 +150,8 @@ void nf_conntrack_alter_reply(struct nf_conn *ct, ...@@ -148,6 +150,8 @@ void nf_conntrack_alter_reply(struct nf_conn *ct,
int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
const struct nf_conn *ignored_conntrack); const struct nf_conn *ignored_conntrack);
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
#define NFCT_INFOMASK 7UL #define NFCT_INFOMASK 7UL
#define NFCT_PTRMASK ~(NFCT_INFOMASK) #define NFCT_PTRMASK ~(NFCT_INFOMASK)
...@@ -167,6 +171,8 @@ static inline void nf_ct_put(struct nf_conn *ct) ...@@ -167,6 +171,8 @@ static inline void nf_ct_put(struct nf_conn *ct)
nf_conntrack_put(&ct->ct_general); nf_conntrack_put(&ct->ct_general);
} }
#endif
/* Protocol module loading */ /* Protocol module loading */
int nf_ct_l3proto_try_module_get(unsigned short l3proto); int nf_ct_l3proto_try_module_get(unsigned short l3proto);
void nf_ct_l3proto_module_put(unsigned short l3proto); void nf_ct_l3proto_module_put(unsigned short l3proto);
...@@ -318,12 +324,16 @@ void nf_ct_tmpl_free(struct nf_conn *tmpl); ...@@ -318,12 +324,16 @@ void nf_ct_tmpl_free(struct nf_conn *tmpl);
u32 nf_ct_get_id(const struct nf_conn *ct); u32 nf_ct_get_id(const struct nf_conn *ct);
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
static inline void static inline void
nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info) nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info)
{ {
skb->_nfct = (unsigned long)ct | info; skb->_nfct = (unsigned long)ct | info;
} }
#endif
#define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count) #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
#define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count) #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)
#define NF_CT_STAT_ADD_ATOMIC(net, count, v) this_cpu_add((net)->ct.stat->count, (v)) #define NF_CT_STAT_ADD_ATOMIC(net, count, v) this_cpu_add((net)->ct.stat->count, (v))
......
include/net/netfilter/nf_conntrack_acct.h
View file @ 0abc8bf4
...@@ -29,6 +29,7 @@ struct nf_conn_acct *nf_conn_acct_find(const struct nf_conn *ct) ...@@ -29,6 +29,7 @@ struct nf_conn_acct *nf_conn_acct_find(const struct nf_conn *ct)
static inline static inline
struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp) struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)
{ {
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
struct net *net = nf_ct_net(ct); struct net *net = nf_ct_net(ct);
struct nf_conn_acct *acct; struct nf_conn_acct *acct;
...@@ -41,22 +42,34 @@ struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp) ...@@ -41,22 +42,34 @@ struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)
return acct; return acct;
#else
return NULL;
#endif
}; };
/* Check if connection tracking accounting is enabled */ /* Check if connection tracking accounting is enabled */
static inline bool nf_ct_acct_enabled(struct net *net) static inline bool nf_ct_acct_enabled(struct net *net)
{ {
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
return net->ct.sysctl_acct != 0; return net->ct.sysctl_acct != 0;
#else
return false;
#endif
} }
/* Enable/disable connection tracking accounting */ /* Enable/disable connection tracking accounting */
static inline void nf_ct_set_acct(struct net *net, bool enable) static inline void nf_ct_set_acct(struct net *net, bool enable)
{ {
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
net->ct.sysctl_acct = enable; net->ct.sysctl_acct = enable;
#endif
} }
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
void nf_conntrack_acct_pernet_init(struct net *net); void nf_conntrack_acct_pernet_init(struct net *net);
int nf_conntrack_acct_init(void); int nf_conntrack_acct_init(void);
void nf_conntrack_acct_fini(void); void nf_conntrack_acct_fini(void);
#endif /* IS_ENABLED(CONFIG_NF_CONNTRACK) */
#endif /* _NF_CONNTRACK_ACCT_H */ #endif /* _NF_CONNTRACK_ACCT_H */
include/net/netfilter/nf_conntrack_l4proto.h
View file @ 0abc8bf4
...@@ -176,6 +176,7 @@ void nf_ct_l4proto_log_invalid(const struct sk_buff *skb, ...@@ -176,6 +176,7 @@ void nf_ct_l4proto_log_invalid(const struct sk_buff *skb,
const char *fmt, ...) { } const char *fmt, ...) { }
#endif /* CONFIG_SYSCTL */ #endif /* CONFIG_SYSCTL */
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
static inline struct nf_generic_net *nf_generic_pernet(struct net *net) static inline struct nf_generic_net *nf_generic_pernet(struct net *net)
{ {
return &net->ct.nf_ct_proto.generic; return &net->ct.nf_ct_proto.generic;
...@@ -200,6 +201,7 @@ static inline struct nf_icmp_net *nf_icmpv6_pernet(struct net *net) ...@@ -200,6 +201,7 @@ static inline struct nf_icmp_net *nf_icmpv6_pernet(struct net *net)
{ {
return &net->ct.nf_ct_proto.icmpv6; return &net->ct.nf_ct_proto.icmpv6;
} }
#endif
#ifdef CONFIG_NF_CT_PROTO_DCCP #ifdef CONFIG_NF_CT_PROTO_DCCP
static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net) static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net)
......
include/net/netfilter/nf_conntrack_timestamp.h
View file @ 0abc8bf4
...@@ -40,12 +40,18 @@ struct nf_conn_tstamp *nf_ct_tstamp_ext_add(struct nf_conn *ct, gfp_t gfp) ...@@ -40,12 +40,18 @@ struct nf_conn_tstamp *nf_ct_tstamp_ext_add(struct nf_conn *ct, gfp_t gfp)
static inline bool nf_ct_tstamp_enabled(struct net *net) static inline bool nf_ct_tstamp_enabled(struct net *net)
{ {
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
return net->ct.sysctl_tstamp != 0; return net->ct.sysctl_tstamp != 0;
#else
return false;
#endif
} }
static inline void nf_ct_set_tstamp(struct net *net, bool enable) static inline void nf_ct_set_tstamp(struct net *net, bool enable)
{ {
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
net->ct.sysctl_tstamp = enable; net->ct.sysctl_tstamp = enable;
#endif
} }
#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP #ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7