From patchwork Mon Jul 9 21:35:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 941696 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=arndb.de Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41Pdtr0vkCz9s0W for ; Tue, 10 Jul 2018 07:36:20 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933418AbeGIVgC (ORCPT ); Mon, 9 Jul 2018 17:36:02 -0400 Received: from mout.kundenserver.de ([217.72.192.73]:48841 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933060AbeGIVgB (ORCPT ); Mon, 9 Jul 2018 17:36:01 -0400 Received: from wuerfel.lan ([46.223.138.35]) by mrelayeu.kundenserver.de (mreue104 [212.227.15.145]) with ESMTPA (Nemesis) id 0LgGqC-1gQ0vR1ZsS-00nlbT; Mon, 09 Jul 2018 23:35:41 +0200 From: Arnd Bergmann To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: Arnd Bergmann , "David S. Miller" , =?utf-8?b?TcOhdMOpIEVja2w=?= , Flavio Leitner , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] netfilter: NFT_SOCKET don't use NF_SOCKET_IPV6 without NF_TABLES_IPV6 Date: Mon, 9 Jul 2018 23:35:09 +0200 Message-Id: <20180709213537.2748896-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K1:EQnLo/RcaPkyTdZHLouXT0pY33lEG1+rT6qlW/G50yhH0N3q2YT p0I54FxVSBmJMuk8RFeree0wCKeIk3yTNkGYeS+2fFwc5E9fDe43jdAj78aZ1Rtir25+kVO PgjUP8v0ZQg8G8gE1NADQHr/3i4oaxWJtHWwe361aX3QUALn+dzgIrRhWHH3Bnf+ixmBVjK wnFOqoTyA8hDnvKOkQapw== X-UI-Out-Filterresults: notjunk:1; V01:K0:lBtSqEWjSnw=:M//ey0M6FvrjCLrsCkclLO OU3fuiJFkfYwivpmecVmqtHTMQwdch8FvNRCV1r7t4cRJbnPoWVmJX5B5PTpCxLjfyQhdui8Z SH3JkfmZh6D9N4YwOIK5JEQH0TXOO36iYkrb6WVj7DTPXFOSJJGrtgtuVq1XnBIgfAhC5QtLk MTJdh48CdGxEpItIL/FXy4KolHlAVAgJ5B1m9YpJMqNDusVkAcM/tTgV9nUItRQwGPKPafVuQ Yd60cmqklXxWQ0rPrgSqJsCw+k81i1sBXwy2hNseAvY0wy571zGmvDD7R0nihYqB7kA7Rc9yo f4rSXMkq9y3rhZBmf0Y4fTU1QwfsnnYpN2i7HfVuwkmE57FOJc6s7CsMgLi9/73xpOTlMLvL8 80zhFvoUATgA4CfptU3IC1pi8xilJknRk7F+Nkoq6eL6RiycFvciK//KYKlLc4I/bwh4Soyi0 uc1UrComr6w09WogtRW9il7Rc2c5kYMi5ls+uO00WDlHEMF1fG4E3eS8mNUEKALLolyZYYVCD Ecuhnwzj7chgs16GA4Yfptsgp/L+M39M4BL81/Y1PPGv987NQ2zbfp2FvA+snEvGi3nF3BDkc vXuStWhf4TzwV9WXAAGsoP7J2xwzx0hSGKA4s2A3gR6S4rmWDC24AoZFFjQ/JaQ8ajYqtid8p tktQ4LNasMUOjrg5IDsyjOoEORNRw+kPs6bD33L7UIWVYqx9BAdAy1yHp9/piIiTnCjc= Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org It is now possible to build the nft_socket module as built-in when NF_TABLES_IPV6 is disabled, and have NF_SOCKET_IPV6=m set manually. In this case, the NF_SOCKET_IPV6 functionality will be useless according to the explanation in commit 35bf1ccecaaa ("netfilter: Kconfig: Change IPv6 select dependencies"), but on top of that it also causes a link error: net/netfilter/nft_socket.o: In function `nft_socket_eval': nft_socket.c:(.text+0x162): undefined reference to `nf_sk_lookup_slow_v6' This changes the compile-time check so we don't attempt to use the NF_SOCKET_IPV6 code when it cannot be used, and make it all compile again. That may lead to unexpected behavior when a user enables NF_SOCKET_IPV6 but cannot use it, but seems to be the logical conclusion of the 35bf1ccecaaa change. Fixes: 35bf1ccecaaa ("netfilter: Kconfig: Change IPv6 select dependencies") Signed-off-by: Arnd Bergmann --- --- net/netfilter/nft_socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c index 998c2b546f6d..e43c1939d25f 100644 --- a/net/netfilter/nft_socket.c +++ b/net/netfilter/nft_socket.c @@ -31,7 +31,7 @@ static void nft_socket_eval(const struct nft_expr *expr, case NFPROTO_IPV4: sk = nf_sk_lookup_slow_v4(nft_net(pkt), skb, nft_in(pkt)); break; -#if IS_ENABLED(CONFIG_NF_SOCKET_IPV6) +#if IS_ENABLED(CONFIG_NF_TABLES_IPV6) case NFPROTO_IPV6: sk = nf_sk_lookup_slow_v6(nft_net(pkt), skb, nft_in(pkt)); break; @@ -77,7 +77,7 @@ static int nft_socket_init(const struct nft_ctx *ctx, switch(ctx->family) { case NFPROTO_IPV4: -#if IS_ENABLED(CONFIG_NF_SOCKET_IPV6) +#if IS_ENABLED(CONFIG_NF_TABLES_IPV6) case NFPROTO_IPV6: #endif case NFPROTO_INET: