netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef
We cannot access the skb->_nfct field when CONFIG_NF_CONNTRACK is disabled: net/ipv4/netfilter/nf_defrag_ipv4.c: In function 'ipv4_conntrack_defrag': net/ipv4/netfilter/nf_defrag_ipv4.c:83:9: error: 'struct sk_buff' has no member named '_nfct' net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: In function 'ipv6_defrag': net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct' Both functions already have an #ifdef for this, so let's move the check in there. Fixes: 902d6a4c2a4f ("netfilter: nf_defrag: Skip defrag if NOTRACK is set") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
b069b37adb
commit
41e4b39115
@ -78,9 +78,11 @@ static unsigned int ipv4_conntrack_defrag(void *priv,
|
||||
if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
|
||||
return NF_ACCEPT;
|
||||
#endif
|
||||
if (skb->_nfct == IP_CT_UNTRACKED)
|
||||
return NF_ACCEPT;
|
||||
#endif
|
||||
/* Gather fragments. */
|
||||
if (skb->_nfct != IP_CT_UNTRACKED && ip_is_fragment(ip_hdr(skb))) {
|
||||
if (ip_is_fragment(ip_hdr(skb))) {
|
||||
enum ip_defrag_users user =
|
||||
nf_ct_defrag_user(state->hook, skb);
|
||||
|
||||
|
@ -63,10 +63,10 @@ static unsigned int ipv6_defrag(void *priv,
|
||||
/* Previously seen (loopback)? */
|
||||
if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
|
||||
return NF_ACCEPT;
|
||||
#endif
|
||||
|
||||
if (skb->_nfct == IP_CT_UNTRACKED)
|
||||
return NF_ACCEPT;
|
||||
#endif
|
||||
|
||||
err = nf_ct_frag6_gather(state->net, skb,
|
||||
nf_ct6_defrag_user(state->hook, skb));
|
||||
|
Loading…
x
Reference in New Issue
Block a user