Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe0b9294c9f951a64c768f8a5879154235efe63f
Commit:     fe0b9294c9f951a64c768f8a5879154235efe63f
Parent:     083e69e99e1c728d360c6346456daa4d4c19e25c
Author:     Yasuyuki Kozakai <[EMAIL PROTECTED]>
AuthorDate: Tue Dec 12 00:28:40 2006 -0800
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Wed Dec 13 16:48:20 2006 -0800

    [NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets
    
    To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
    functions. As a result we can remove '#ifdef' surrounds and direct call of
    need_conntrack().
    
    Signed-off-by: Yasuyuki Kozakai <[EMAIL PROTECTED]>
    Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
---
 include/net/netfilter/nf_conntrack_compat.h |   10 ++++++++++
 net/netfilter/xt_connmark.c                 |    7 +------
 net/netfilter/xt_conntrack.c                |    8 ++------
 net/netfilter/xt_helper.c                   |    8 ++------
 net/netfilter/xt_state.c                    |    7 +------
 5 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/include/net/netfilter/nf_conntrack_compat.h 
b/include/net/netfilter/nf_conntrack_compat.h
index f1b1482..b9ce5c8 100644
--- a/include/net/netfilter/nf_conntrack_compat.h
+++ b/include/net/netfilter/nf_conntrack_compat.h
@@ -64,6 +64,16 @@ static inline int nf_ct_get_ctinfo(const struct sk_buff *skb,
        return (ct != NULL);
 }
 
+static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto)
+{
+       need_conntrack();
+       return l3proto == PF_INET ? 0 : -1;
+}
+
+static inline void nf_ct_l3proto_module_put(unsigned short l3proto)
+{
+}
+
 #else /* CONFIG_IP_NF_CONNTRACK */
 
 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index a8f0305..36c2def 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -63,22 +63,18 @@ checkentry(const char *tablename,
                printk(KERN_WARNING "connmark: only support 32bit mark\n");
                return 0;
        }
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        return 1;
 }
 
 static void
 destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 #ifdef CONFIG_COMPAT
@@ -140,7 +136,6 @@ static struct xt_match xt_connmark_match[] = {
 
 static int __init xt_connmark_init(void)
 {
-       need_conntrack();
        return xt_register_matches(xt_connmark_match,
                                   ARRAY_SIZE(xt_connmark_match));
 }
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 0ea501a..3dc2357 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -20,6 +20,7 @@
 
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_conntrack.h>
+#include <net/netfilter/nf_conntrack_compat.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Marc Boucher <[EMAIL PROTECTED]>");
@@ -228,21 +229,17 @@ checkentry(const char *tablename,
           void *matchinfo,
           unsigned int hook_mask)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        return 1;
 }
 
 static void destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 static struct xt_match conntrack_match = {
@@ -257,7 +254,6 @@ static struct xt_match conntrack_match = {
 
 static int __init xt_conntrack_init(void)
 {
-       need_conntrack();
        return xt_register_match(&conntrack_match);
 }
 
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c
index 5d7818b..04bc32b 100644
--- a/net/netfilter/xt_helper.c
+++ b/net/netfilter/xt_helper.c
@@ -24,6 +24,7 @@
 #endif
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_helper.h>
+#include <net/netfilter/nf_conntrack_compat.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Martin Josefsson <[EMAIL PROTECTED]>");
@@ -143,13 +144,11 @@ static int check(const char *tablename,
 {
        struct xt_helper_info *info = matchinfo;
 
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        info->name[29] = '\0';
        return 1;
 }
@@ -157,9 +156,7 @@ static int check(const char *tablename,
 static void
 destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 static struct xt_match xt_helper_match[] = {
@@ -185,7 +182,6 @@ static struct xt_match xt_helper_match[] = {
 
 static int __init xt_helper_init(void)
 {
-       need_conntrack();
        return xt_register_matches(xt_helper_match,
                                   ARRAY_SIZE(xt_helper_match));
 }
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c
index d9010b1..df37b91 100644
--- a/net/netfilter/xt_state.c
+++ b/net/netfilter/xt_state.c
@@ -50,22 +50,18 @@ static int check(const char *tablename,
                 void *matchinfo,
                 unsigned int hook_mask)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        if (nf_ct_l3proto_try_module_get(match->family) < 0) {
-               printk(KERN_WARNING "can't load nf_conntrack support for "
+               printk(KERN_WARNING "can't load conntrack support for "
                                    "proto=%d\n", match->family);
                return 0;
        }
-#endif
        return 1;
 }
 
 static void
 destroy(const struct xt_match *match, void *matchinfo)
 {
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        nf_ct_l3proto_module_put(match->family);
-#endif
 }
 
 static struct xt_match xt_state_match[] = {
@@ -91,7 +87,6 @@ static struct xt_match xt_state_match[] = {
 
 static int __init xt_state_init(void)
 {
-       need_conntrack();
        return xt_register_matches(xt_state_match, ARRAY_SIZE(xt_state_match));
 }
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to