Commit 41e4b391 authored by Arnd Bergmann's avatar Arnd Bergmann Committed by Pablo Neira Ayuso

netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef

We cannot access the skb->_nfct field when CONFIG_NF_CONNTRACK is
disabled:

net/ipv4/netfilter/nf_defrag_ipv4.c: In function 'ipv4_conntrack_defrag':
net/ipv4/netfilter/nf_defrag_ipv4.c:83:9: error: 'struct sk_buff' has no member named '_nfct'
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: In function 'ipv6_defrag':
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct'

Both functions already have an #ifdef for this, so let's move the
check in there.

Fixes: 902d6a4c ("netfilter: nf_defrag: Skip defrag if NOTRACK is set")
Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent b069b37a
...@@ -78,9 +78,11 @@ static unsigned int ipv4_conntrack_defrag(void *priv, ...@@ -78,9 +78,11 @@ static unsigned int ipv4_conntrack_defrag(void *priv,
if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb))) if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
return NF_ACCEPT; return NF_ACCEPT;
#endif #endif
if (skb->_nfct == IP_CT_UNTRACKED)
return NF_ACCEPT;
#endif #endif
/* Gather fragments. */ /* Gather fragments. */
if (skb->_nfct != IP_CT_UNTRACKED && ip_is_fragment(ip_hdr(skb))) { if (ip_is_fragment(ip_hdr(skb))) {
enum ip_defrag_users user = enum ip_defrag_users user =
nf_ct_defrag_user(state->hook, skb); nf_ct_defrag_user(state->hook, skb);
......
...@@ -63,10 +63,10 @@ static unsigned int ipv6_defrag(void *priv, ...@@ -63,10 +63,10 @@ static unsigned int ipv6_defrag(void *priv,
/* Previously seen (loopback)? */ /* Previously seen (loopback)? */
if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb))) if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
return NF_ACCEPT; return NF_ACCEPT;
#endif
if (skb->_nfct == IP_CT_UNTRACKED) if (skb->_nfct == IP_CT_UNTRACKED)
return NF_ACCEPT; return NF_ACCEPT;
#endif
err = nf_ct_frag6_gather(state->net, skb, err = nf_ct_frag6_gather(state->net, skb,
nf_ct6_defrag_user(state->hook, skb)); nf_ct6_defrag_user(state->hook, skb));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment