[NETFILTER]: nf_conntrack: don't use nfct in skb if conntrack is disabled
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
e6f689db51
commit
5f79e0f916
|
@ -281,9 +281,6 @@ extern void nf_reinject(struct sk_buff *skb,
|
||||||
struct nf_info *info,
|
struct nf_info *info,
|
||||||
unsigned int verdict);
|
unsigned int verdict);
|
||||||
|
|
||||||
extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *);
|
|
||||||
extern void nf_ct_attach(struct sk_buff *, struct sk_buff *);
|
|
||||||
|
|
||||||
/* FIXME: Before cache is ever used, this must be implemented for real. */
|
/* FIXME: Before cache is ever used, this must be implemented for real. */
|
||||||
extern void nf_invalidate_cache(int pf);
|
extern void nf_invalidate_cache(int pf);
|
||||||
|
|
||||||
|
@ -388,11 +385,17 @@ static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb,
|
||||||
{
|
{
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
|
|
||||||
struct flowi;
|
struct flowi;
|
||||||
static inline void
|
static inline void
|
||||||
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {}
|
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {}
|
||||||
#endif /*CONFIG_NETFILTER*/
|
#endif /*CONFIG_NETFILTER*/
|
||||||
|
|
||||||
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
|
extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *);
|
||||||
|
extern void nf_ct_attach(struct sk_buff *, struct sk_buff *);
|
||||||
|
#else
|
||||||
|
static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /*__KERNEL__*/
|
#endif /*__KERNEL__*/
|
||||||
#endif /*__LINUX_NETFILTER_H*/
|
#endif /*__LINUX_NETFILTER_H*/
|
||||||
|
|
|
@ -87,11 +87,12 @@
|
||||||
|
|
||||||
struct net_device;
|
struct net_device;
|
||||||
|
|
||||||
#ifdef CONFIG_NETFILTER
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
struct nf_conntrack {
|
struct nf_conntrack {
|
||||||
atomic_t use;
|
atomic_t use;
|
||||||
void (*destroy)(struct nf_conntrack *);
|
void (*destroy)(struct nf_conntrack *);
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_BRIDGE_NETFILTER
|
#ifdef CONFIG_BRIDGE_NETFILTER
|
||||||
struct nf_bridge_info {
|
struct nf_bridge_info {
|
||||||
|
@ -106,8 +107,6 @@ struct nf_bridge_info {
|
||||||
};
|
};
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
struct sk_buff_head {
|
struct sk_buff_head {
|
||||||
/* These two members must be first. */
|
/* These two members must be first. */
|
||||||
struct sk_buff *next;
|
struct sk_buff *next;
|
||||||
|
@ -276,15 +275,13 @@ struct sk_buff {
|
||||||
__be16 protocol;
|
__be16 protocol;
|
||||||
|
|
||||||
void (*destructor)(struct sk_buff *skb);
|
void (*destructor)(struct sk_buff *skb);
|
||||||
#ifdef CONFIG_NETFILTER
|
|
||||||
struct nf_conntrack *nfct;
|
|
||||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
|
struct nf_conntrack *nfct;
|
||||||
struct sk_buff *nfct_reasm;
|
struct sk_buff *nfct_reasm;
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_BRIDGE_NETFILTER
|
#ifdef CONFIG_BRIDGE_NETFILTER
|
||||||
struct nf_bridge_info *nf_bridge;
|
struct nf_bridge_info *nf_bridge;
|
||||||
#endif
|
#endif
|
||||||
#endif /* CONFIG_NETFILTER */
|
|
||||||
#ifdef CONFIG_NET_SCHED
|
#ifdef CONFIG_NET_SCHED
|
||||||
__u16 tc_index; /* traffic control index */
|
__u16 tc_index; /* traffic control index */
|
||||||
#ifdef CONFIG_NET_CLS_ACT
|
#ifdef CONFIG_NET_CLS_ACT
|
||||||
|
@ -1558,7 +1555,7 @@ static inline unsigned int skb_checksum_complete(struct sk_buff *skb)
|
||||||
__skb_checksum_complete(skb);
|
__skb_checksum_complete(skb);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_NETFILTER
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
static inline void nf_conntrack_put(struct nf_conntrack *nfct)
|
static inline void nf_conntrack_put(struct nf_conntrack *nfct)
|
||||||
{
|
{
|
||||||
if (nfct && atomic_dec_and_test(&nfct->use))
|
if (nfct && atomic_dec_and_test(&nfct->use))
|
||||||
|
@ -1569,7 +1566,6 @@ static inline void nf_conntrack_get(struct nf_conntrack *nfct)
|
||||||
if (nfct)
|
if (nfct)
|
||||||
atomic_inc(&nfct->use);
|
atomic_inc(&nfct->use);
|
||||||
}
|
}
|
||||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
|
||||||
static inline void nf_conntrack_get_reasm(struct sk_buff *skb)
|
static inline void nf_conntrack_get_reasm(struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
if (skb)
|
if (skb)
|
||||||
|
@ -1595,9 +1591,9 @@ static inline void nf_bridge_get(struct nf_bridge_info *nf_bridge)
|
||||||
#endif /* CONFIG_BRIDGE_NETFILTER */
|
#endif /* CONFIG_BRIDGE_NETFILTER */
|
||||||
static inline void nf_reset(struct sk_buff *skb)
|
static inline void nf_reset(struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
nf_conntrack_put(skb->nfct);
|
nf_conntrack_put(skb->nfct);
|
||||||
skb->nfct = NULL;
|
skb->nfct = NULL;
|
||||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
|
||||||
nf_conntrack_put_reasm(skb->nfct_reasm);
|
nf_conntrack_put_reasm(skb->nfct_reasm);
|
||||||
skb->nfct_reasm = NULL;
|
skb->nfct_reasm = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
@ -1610,10 +1606,10 @@ static inline void nf_reset(struct sk_buff *skb)
|
||||||
/* Note: This doesn't put any conntrack and bridge info in dst. */
|
/* Note: This doesn't put any conntrack and bridge info in dst. */
|
||||||
static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
|
static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
|
||||||
{
|
{
|
||||||
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
dst->nfct = src->nfct;
|
dst->nfct = src->nfct;
|
||||||
nf_conntrack_get(src->nfct);
|
nf_conntrack_get(src->nfct);
|
||||||
dst->nfctinfo = src->nfctinfo;
|
dst->nfctinfo = src->nfctinfo;
|
||||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
|
||||||
dst->nfct_reasm = src->nfct_reasm;
|
dst->nfct_reasm = src->nfct_reasm;
|
||||||
nf_conntrack_get_reasm(src->nfct_reasm);
|
nf_conntrack_get_reasm(src->nfct_reasm);
|
||||||
#endif
|
#endif
|
||||||
|
@ -1625,8 +1621,8 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
|
||||||
|
|
||||||
static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src)
|
static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src)
|
||||||
{
|
{
|
||||||
nf_conntrack_put(dst->nfct);
|
|
||||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
|
nf_conntrack_put(dst->nfct);
|
||||||
nf_conntrack_put_reasm(dst->nfct_reasm);
|
nf_conntrack_put_reasm(dst->nfct_reasm);
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_BRIDGE_NETFILTER
|
#ifdef CONFIG_BRIDGE_NETFILTER
|
||||||
|
@ -1635,12 +1631,6 @@ static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src)
|
||||||
__nf_copy(dst, src);
|
__nf_copy(dst, src);
|
||||||
}
|
}
|
||||||
|
|
||||||
#else /* CONFIG_NETFILTER */
|
|
||||||
static inline void nf_reset(struct sk_buff *skb) {}
|
|
||||||
static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) {}
|
|
||||||
static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src) {}
|
|
||||||
#endif /* CONFIG_NETFILTER */
|
|
||||||
|
|
||||||
#ifdef CONFIG_NETWORK_SECMARK
|
#ifdef CONFIG_NETWORK_SECMARK
|
||||||
static inline void skb_copy_secmark(struct sk_buff *to, const struct sk_buff *from)
|
static inline void skb_copy_secmark(struct sk_buff *to, const struct sk_buff *from)
|
||||||
{
|
{
|
||||||
|
|
|
@ -325,15 +325,13 @@ void __kfree_skb(struct sk_buff *skb)
|
||||||
WARN_ON(in_irq());
|
WARN_ON(in_irq());
|
||||||
skb->destructor(skb);
|
skb->destructor(skb);
|
||||||
}
|
}
|
||||||
#ifdef CONFIG_NETFILTER
|
|
||||||
nf_conntrack_put(skb->nfct);
|
|
||||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
|
nf_conntrack_put(skb->nfct);
|
||||||
nf_conntrack_put_reasm(skb->nfct_reasm);
|
nf_conntrack_put_reasm(skb->nfct_reasm);
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_BRIDGE_NETFILTER
|
#ifdef CONFIG_BRIDGE_NETFILTER
|
||||||
nf_bridge_put(skb->nf_bridge);
|
nf_bridge_put(skb->nf_bridge);
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
/* XXX: IS this still necessary? - JHS */
|
/* XXX: IS this still necessary? - JHS */
|
||||||
#ifdef CONFIG_NET_SCHED
|
#ifdef CONFIG_NET_SCHED
|
||||||
skb->tc_index = 0;
|
skb->tc_index = 0;
|
||||||
|
|
|
@ -240,6 +240,7 @@ void nf_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(nf_proto_csum_replace4);
|
EXPORT_SYMBOL(nf_proto_csum_replace4);
|
||||||
|
|
||||||
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
/* This does not belong here, but locally generated errors need it if connection
|
/* This does not belong here, but locally generated errors need it if connection
|
||||||
tracking in use: without this, connection may not be in hash table, and hence
|
tracking in use: without this, connection may not be in hash table, and hence
|
||||||
manufactured ICMP or RST packets will not be associated with it. */
|
manufactured ICMP or RST packets will not be associated with it. */
|
||||||
|
@ -259,6 +260,7 @@ void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(nf_ct_attach);
|
EXPORT_SYMBOL(nf_ct_attach);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
struct proc_dir_entry *proc_net_netfilter;
|
struct proc_dir_entry *proc_net_netfilter;
|
||||||
|
|
Loading…
Reference in New Issue