Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S966493AbeAOPuE (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Mon, 15 Jan 2018 10:50:04 -0500
Received: from mout.kundenserver.de ([212.227.17.10]:54898 "EHLO
        mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934920AbeAOPt6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Jan 2018 10:49:58 -0500
From: Arnd Bergmann <arnd@arndb.de>
To: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>,
        Pablo Neira Ayuso <pablo@netfilter.org>,
        Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
        Florian Westphal <fw@strlen.de>,
        "David S. Miller" <davem@davemloft.net>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Arnd Bergmann <arnd@arndb.de>, netfilter-devel@vger.kernel.org,
        coreteam@netfilter.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: [PATCH net-next 2/2] netfilter: nf_defrag: move NF_CONNTRACK bits into #ifdef
Date: Mon, 15 Jan 2018 16:49:06 +0100
Message-Id: <20180115154918.4176669-2-arnd@arndb.de>
X-Mailer: git-send-email 2.9.0
In-Reply-To: <20180115154918.4176669-1-arnd@arndb.de>
References: <20180115154918.4176669-1-arnd@arndb.de>
X-Provags-ID: V03:K0:QAXX7GnLdrScys7zsROL816K4N+D7ePLK24bZjBorIwPBGI3YN9
 wnmIVpFvQOgdhY9LNpH6QrlQIHiCu9lG62po1IVZNPx8UVosk1JgxM+EANizARW/O7d2TYS
 8n8QaXZCNu4IW72SNbwg7W7FbQZeS+nDQSUlVMXJMQ0GymCRGX62vq7ogDiPGXmJMb10Ub3
 ZC+PPLFHdCOvXsxkh7+8g==
X-UI-Out-Filterresults: notjunk:1;V01:K0:uH0vtpYUeME=:k/iEJcn7ZaNXSYkJNFQwzC
 LfoZmNxs7ne+jRsDuSrvBGePQq8NGGE7Jnl8ThSGZolq4tJSwFkVipw27BYJApv92jH5zpGh+
 sQvh+dxaqCauyhR6e6oMpWwtPr3xuSHId+jFWGd02a+7ZEMeXHhE2XoLP6dNB/59k0//KwNHj
 lf0rhTOIuRCGtU4ZudqxQBP3zx+TdLGxVx+Gw3NefsUAq+VSbaj2Bo8PrtMPYG1WYW6SebGwc
 OfOzx7hbK65I9kKsvP9OYgviyF9hiBZYv4w2a3Y+KrXT7rsqPWWw5IGq8CllG1YoED7mhgERZ
 nDnxlC8YCc+JI1JJyKw6nk0RikC+dX1iZAwXPqgOvCIBiYVjFkTxqQFQpQ8MwTOIyugW/vIS6
 bQNEnwUsjWSvILFVkDBKjiWmCkXvlsWcd6a/W0uAQXsOpmb9d/FT2WsTc4TLY6KQvnRjXWD4x
 JODY89Z+FUHb9ilSyQHbInDO1f19piWTch+aQL3WAFliFYPxdI1H/j937sJWS5t1wh1xDwbDr
 h0ifoCCCC3mXyNrShHt6Tks95oweHCDGnLLSb8OC/gUPBcfw58MO1MEZdHUi7sJuiJIUi/81f
 L/L6OxbiT23L0fWmF5P/OeRrDjDndpKIy2POZVoixKVF6WcfJhfzRAoVjfHzM8xqNbioHRNGX
 9lmbmhj9TcMDLs5du0nz5TD2nFsIFx7ZIPVqmydTHwzy3eNLcvdf3jvg4rTAs56MVB2xHtOjJ
 0f1h9Sv4S4gP0TWe1pB1/87S+kWRkFl7aQioDg==
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

We cannot access the skb->_nfct field when CONFIG_NF_CONNTRACK is
disabled:

net/ipv4/netfilter/nf_defrag_ipv4.c: In function 'ipv4_conntrack_defrag':
net/ipv4/netfilter/nf_defrag_ipv4.c:83:9: error: 'struct sk_buff' has no member named '_nfct'
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: In function 'ipv6_defrag':
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct'

Both functions already have an #ifdef for this, so let's move the
check in there.

Fixes: 902d6a4c2a4f ("netfilter: nf_defrag: Skip defrag if NOTRACK is set")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
Please double-check what the right behavior for !CONFIG_NF_CONNTRACK
should be, I was only guessing here.
---
 net/ipv4/netfilter/nf_defrag_ipv4.c       | 4 +++-
 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index cbd987f6b1f8..a0d3ad60a411 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -78,9 +78,11 @@ static unsigned int ipv4_conntrack_defrag(void *priv,
 	if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
 		return NF_ACCEPT;
 #endif
+	if (skb->_nfct == IP_CT_UNTRACKED)
+		return NF_ACCEPT;
 #endif
 	/* Gather fragments. */
-	if (skb->_nfct != IP_CT_UNTRACKED && ip_is_fragment(ip_hdr(skb))) {
+	if (ip_is_fragment(ip_hdr(skb))) {
 		enum ip_defrag_users user =
 			nf_ct_defrag_user(state->hook, skb);
 
diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
index 87b503a8f5ef..c87b48359e8f 100644
--- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
@@ -63,10 +63,10 @@ static unsigned int ipv6_defrag(void *priv,
 	/* Previously seen (loopback)?	*/
 	if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
 		return NF_ACCEPT;
-#endif
 
 	if (skb->_nfct == IP_CT_UNTRACKED)
 		return NF_ACCEPT;
+#endif
 
 	err = nf_ct_frag6_gather(state->net, skb,
 				 nf_ct6_defrag_user(state->hook, skb));
-- 
2.9.0