netfilter: conntrack: fix IPV6=n builds (81e01647) · Commits · 戴 / test

Stephen Rothwell reports: After merging the netfilter-next tree, today's linux-next build (powerpc ppc64_defconfig) failed like this: ERROR: "nf_conntrack_invert_icmpv6_tuple" [nf_conntrack.ko] undefined! ERROR: "nf_conntrack_icmpv6_packet" [nf_conntrack.ko] undefined! ERROR: "nf_conntrack_icmpv6_init_net" [nf_conntrack.ko] undefined! ERROR: "icmpv6_pkt_to_tuple" [nf_conntrack.ko] undefined! ERROR: "nf_ct_gre_keymap_destroy" [nf_conntrack.ko] undefined! icmpv6 related errors are due to lack of IS_ENABLED(CONFIG_IPV6) (no icmpv6 support is builtin if kernel has CONFIG_IPV6=n), the nf_ct_gre_keymap_destroy error is due to lack of PROTO_GRE check. Fixes: ("netfilter: conntrack: handle builtin l4proto packet functions via direct calls") Fixes: ("netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls") Fixes: ("netfilter: conntrack: remove invert_tuple callback") Fixes: ("netfilter: conntrack: remove l4proto init and get_net callbacks") Fixes: ("netfilter: conntrack: remove l4proto destroy hook") Reported-by:

Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:

Florian Westphal <fw@strlen.de> Signed-off-by:

Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/nf_conntrack_core.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -274,8 +274,10 @@ nf_ct_get_tuple(const struct sk_buff *skb,
		tuple->dst.dir = IP_CT_DIR_ORIGINAL;

		switch (protonum) {
		#if IS_ENABLED(CONFIG_IPV6)
		case IPPROTO_ICMPV6:
		return icmpv6_pkt_to_tuple(skb, dataoff, net, tuple);
		#endif
		case IPPROTO_ICMP:
		return icmp_pkt_to_tuple(skb, dataoff, net, tuple);
		#ifdef CONFIG_NF_CT_PROTO_GRE
		@@ -412,8 +414,10 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
		switch (orig->dst.protonum) {
		case IPPROTO_ICMP:
		return nf_conntrack_invert_icmp_tuple(inverse, orig);
		#if IS_ENABLED(CONFIG_IPV6)
		case IPPROTO_ICMPV6:
		return nf_conntrack_invert_icmpv6_tuple(inverse, orig);
		#endif
		}

		inverse->src.u.all = orig->dst.u.all;
		@@ -526,10 +530,12 @@ EXPORT_SYMBOL_GPL(nf_ct_tmpl_free);

		static void destroy_gre_conntrack(struct nf_conn *ct)
		{
		#ifdef CONFIG_NF_CT_PROTO_GRE
		struct nf_conn *master = ct->master;

		if (master)
		nf_ct_gre_keymap_destroy(master);
		#endif
		}

		static void
		@@ -1553,8 +1559,10 @@ static int nf_conntrack_handle_packet(struct nf_conn *ct,
		ctinfo, state);
		case IPPROTO_ICMP:
		return nf_conntrack_icmp_packet(ct, skb, ctinfo, state);
		#if IS_ENABLED(CONFIG_IPV6)
		case IPPROTO_ICMPV6:
		return nf_conntrack_icmpv6_packet(ct, skb, ctinfo, state);
		#endif
		#ifdef CONFIG_NF_CT_PROTO_UDPLITE
		case IPPROTO_UDPLITE:
		return nf_conntrack_udplite_packet(ct, skb, dataoff,

net/netfilter/nf_conntrack_proto.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -597,7 +597,9 @@ void nf_conntrack_proto_pernet_init(struct net *net)
		nf_conntrack_udp_init_net(net);
		nf_conntrack_tcp_init_net(net);
		nf_conntrack_icmp_init_net(net);
		#if IS_ENABLED(CONFIG_IPV6)
		nf_conntrack_icmpv6_init_net(net);
		#endif
		#ifdef CONFIG_NF_CT_PROTO_DCCP
		nf_conntrack_dccp_init_net(net);
		#endif

Admin message