diff mbox

[nf-next] netfilter: nf_queue: get rid of dependency on IP6_NF_IPTABLES

Message ID 1473602728-33502-1-git-send-email-zlpnobody@163.com
State Accepted
Delegated to: Pablo Neira
Headers show

Commit Message

Liping Zhang Sept. 11, 2016, 2:05 p.m. UTC 
From: Liping Zhang <liping.zhang@spreadtrum.com>

hash_v6 is used by both nftables and ip6tables, so depend on
IP6_NF_IPTABLES is not properly.

Actually, it only parses ipv6hdr and computes a hash value, so
even if IPV6 is disabled, there's no side effect too, remove it.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
---
 include/net/netfilter/nf_queue.h | 4 ----
 1 file changed, 4 deletions(-)

Comments

Pablo Neira Ayuso Sept. 12, 2016, 5:50 p.m. UTC | #1 
On Sun, Sep 11, 2016 at 10:05:27PM +0800, Liping Zhang wrote:
> From: Liping Zhang <liping.zhang@spreadtrum.com>
> 
> hash_v6 is used by both nftables and ip6tables, so depend on
> IP6_NF_IPTABLES is not properly.
> 
> Actually, it only parses ipv6hdr and computes a hash value, so
> even if IPV6 is disabled, there's no side effect too, remove it.

Applied, thanks.

We have nft_queue support for bridge now, but nfqueue_hash() takes a
pkt->pf parameter expecting NFPROTO_IPV4 or NFPROTO_IPV6.

So nft_queue hashing with bridge is currently broken.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Liping Zhang Sept. 13, 2016, 5:45 a.m. UTC | #2 
2016-09-13 1:50 GMT+08:00 Pablo Neira Ayuso <pablo@netfilter.org>:
> We have nft_queue support for bridge now, but nfqueue_hash() takes a
> pkt->pf parameter expecting NFPROTO_IPV4 or NFPROTO_IPV6.
>
> So nft_queue hashing with bridge is currently broken.

Yes, I will send another patch to do this :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso Sept. 13, 2016, 9:10 a.m. UTC | #3 
On Tue, Sep 13, 2016 at 01:45:38PM +0800, Liping Zhang wrote:
> 2016-09-13 1:50 GMT+08:00 Pablo Neira Ayuso <pablo@netfilter.org>:
> > We have nft_queue support for bridge now, but nfqueue_hash() takes a
> > pkt->pf parameter expecting NFPROTO_IPV4 or NFPROTO_IPV6.
> >
> > So nft_queue hashing with bridge is currently broken.
> 
> Yes, I will send another patch to do this :)

Sure, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
index 0dbce55..cc8a11f 100644
--- a/include/net/netfilter/nf_queue.h
+++ b/include/net/netfilter/nf_queue.h
@@ -54,7 +54,6 @@  static inline u32 hash_v4(const struct sk_buff *skb, u32 jhash_initval)
 			(__force u32)iph->saddr, iph->protocol, jhash_initval);
 }
 
-#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
 static inline u32 hash_v6(const struct sk_buff *skb, u32 jhash_initval)
 {
 	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
@@ -77,7 +76,6 @@  static inline u32 hash_v6(const struct sk_buff *skb, u32 jhash_initval)
 
 	return jhash_3words(a, b, c, jhash_initval);
 }
-#endif
 
 static inline u32
 nfqueue_hash(const struct sk_buff *skb, u16 queue, u16 queues_total, u8 family,
@@ -85,10 +83,8 @@  nfqueue_hash(const struct sk_buff *skb, u16 queue, u16 queues_total, u8 family,
 {
 	if (family == NFPROTO_IPV4)
 		queue += ((u64) hash_v4(skb, jhash_initval) * queues_total) >> 32;
-#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
 	else if (family == NFPROTO_IPV6)
 		queue += ((u64) hash_v6(skb, jhash_initval) * queues_total) >> 32;
-#endif
 
 	return queue;
 }