| Message ID | 1389314142-17969-9-git-send-email-pablo@netfilter.org |
|---|---|
| State | Awaiting Upstream |
| Headers | show |
On Fri, Jan 10, 2014 at 11:40:38PM +0300, Sergei Shtylyov wrote: > On 01/10/2014 03:35 AM, Pablo Neira Ayuso wrote: > > >From: Patrick McHardy <kaber@trash.net> > > >The ct expression can currently not be used in the inet family since > >we don't have a conntrack module for NFPROTO_INET, so > >nf_ct_l3proto_try_module_get() fails. Add some manual handling to > >load the modules for both NFPROTO_IPV4 and NFPROTO_IPV6 if the > >ct expression is used in the inet family. > > >Signed-off-by: Patrick McHardy <kaber@trash.net> > >Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > >--- > > net/netfilter/nft_ct.c | 39 ++++++++++++++++++++++++++++++++++++--- > > 1 file changed, 36 insertions(+), 3 deletions(-) > > >diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c > >index 955f4e6..3727a32 100644 > >--- a/net/netfilter/nft_ct.c > >+++ b/net/netfilter/nft_ct.c > [...] > >+static void nft_ct_l3proto_module_put(uint8_t family) > >+{ > >+ if (family == NFPROTO_INET) { > >+ nf_ct_l3proto_module_put(NFPROTO_IPV4); > >+ nf_ct_l3proto_module_put(NFPROTO_IPV6); > >+ } else > >+ nf_ct_l3proto_module_put(family); > > According to Documentation/CodingStyle, there should be {} in the > *else* arm, as the other arm of *if* statement has it. I can see you're looking out for the important stuff. I consistently used this style in nftables so I'm not going to change it here. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Patrick McHardy <kaber@trash.net> Date: Fri, 10 Jan 2014 19:42:36 +0000 > I can see you're looking out for the important stuff. I consistently > used this style in nftables so I'm not going to change it here. Patrick, please follow the coding style conventions of the kernel, these issues are important for long term sanity of the kernel tree. It helps people who are looking at the netfilter code who perhaps do not do so usually. Do you really want to use a different style and therefore make your code harder to read for them? Really? Your code being consistent with your code only is less important than all of the networking looking the same. Thank you. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jan 10, 2014 at 02:48:13PM -0500, David Miller wrote: > From: Patrick McHardy <kaber@trash.net> > Date: Fri, 10 Jan 2014 19:42:36 +0000 > > > I can see you're looking out for the important stuff. I consistently > > used this style in nftables so I'm not going to change it here. > > Patrick, please follow the coding style conventions of the kernel, > these issues are important for long term sanity of the kernel tree. > > It helps people who are looking at the netfilter code who perhaps > do not do so usually. Do you really want to use a different style > and therefore make your code harder to read for them? Really? > > Your code being consistent with your code only is less important than > all of the networking looking the same. > > Thank you. I agree to this, in fact style divergences really bother me since they divert my attention :) I considered consistency more important for minor stuff like this, but I really don't mind to add extra braces. But I guess we both agree that its not worth sending patches just to change this but just fix this up next time that line is touched. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 01/10/2014 03:35 AM, Pablo Neira Ayuso wrote: > From: Patrick McHardy <kaber@trash.net> > The ct expression can currently not be used in the inet family since > we don't have a conntrack module for NFPROTO_INET, so > nf_ct_l3proto_try_module_get() fails. Add some manual handling to > load the modules for both NFPROTO_IPV4 and NFPROTO_IPV6 if the > ct expression is used in the inet family. > Signed-off-by: Patrick McHardy <kaber@trash.net> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > --- > net/netfilter/nft_ct.c | 39 ++++++++++++++++++++++++++++++++++++--- > 1 file changed, 36 insertions(+), 3 deletions(-) > diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c > index 955f4e6..3727a32 100644 > --- a/net/netfilter/nft_ct.c > +++ b/net/netfilter/nft_ct.c [...] > +static void nft_ct_l3proto_module_put(uint8_t family) > +{ > + if (family == NFPROTO_INET) { > + nf_ct_l3proto_module_put(NFPROTO_IPV4); > + nf_ct_l3proto_module_put(NFPROTO_IPV6); > + } else > + nf_ct_l3proto_module_put(family); According to Documentation/CodingStyle, there should be {} in the *else* arm, as the other arm of *if* statement has it. > +} > + WBR, Sergei -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 955f4e6..3727a32 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -129,6 +129,39 @@ static const struct nla_policy nft_ct_policy[NFTA_CT_MAX + 1] = { [NFTA_CT_DIRECTION] = { .type = NLA_U8 }, }; +static int nft_ct_l3proto_try_module_get(uint8_t family) +{ + int err; + + if (family == NFPROTO_INET) { + err = nf_ct_l3proto_try_module_get(NFPROTO_IPV4); + if (err < 0) + goto err1; + err = nf_ct_l3proto_try_module_get(NFPROTO_IPV6); + if (err < 0) + goto err2; + } else { + err = nf_ct_l3proto_try_module_get(family); + if (err < 0) + goto err1; + } + return 0; + +err2: + nf_ct_l3proto_module_put(NFPROTO_IPV4); +err1: + return err; +} + +static void nft_ct_l3proto_module_put(uint8_t family) +{ + if (family == NFPROTO_INET) { + nf_ct_l3proto_module_put(NFPROTO_IPV4); + nf_ct_l3proto_module_put(NFPROTO_IPV6); + } else + nf_ct_l3proto_module_put(family); +} + static int nft_ct_init(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nlattr * const tb[]) @@ -179,7 +212,7 @@ static int nft_ct_init(const struct nft_ctx *ctx, return -EOPNOTSUPP; } - err = nf_ct_l3proto_try_module_get(ctx->afi->family); + err = nft_ct_l3proto_try_module_get(ctx->afi->family); if (err < 0) return err; priv->family = ctx->afi->family; @@ -195,7 +228,7 @@ static int nft_ct_init(const struct nft_ctx *ctx, return 0; err1: - nf_ct_l3proto_module_put(ctx->afi->family); + nft_ct_l3proto_module_put(ctx->afi->family); return err; } @@ -203,7 +236,7 @@ static void nft_ct_destroy(const struct nft_expr *expr) { struct nft_ct *priv = nft_expr_priv(expr); - nf_ct_l3proto_module_put(priv->family); + nft_ct_l3proto_module_put(priv->family); } static int nft_ct_dump(struct sk_buff *skb, const struct nft_expr *expr)