[Devel] [PATCH RHEL7 COMMIT] netfilter: core: Fix compilation with NFT disabled

Fri, 10 Mar 2023 06:08:42 -0800 

The commit is pushed to "branch-rh7-3.10.0-1160.88.1.vz7.195.x-ovz" and will 
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.88.1.el7
------>
commit 4e0a0fd01d32cc6baeb19175962da8f5617d10b5
Author: Konstantin Khorenko <khore...@virtuozzo.com>
Date:   Fri Mar 10 17:04:44 2023 +0300

    netfilter: core: Fix compilation with NFT disabled
    
    (struct net)->nft is available only in case
      defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
    
    So need to put nf_tables_allow_nat_conflict() under same ifdef.
    
    Fixes: 1818f06a5eaa ("netfilter: core: fix NAT hooks collision check")
    
    Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com>
---
 net/netfilter/core.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 6628d73ec5b8..fc27a0e20d4f 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -91,6 +91,7 @@ static DEFINE_MUTEX(nf_hook_mutex);
  * 
https://github.com/torvalds/linux/commit/ae6153b50f9bf75a4952050f32fe168f68cdd657
  * ("netfilter: nf_tables: permit second nat hook if colliding hook is going 
away")
  */
+#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
 static bool nf_tables_allow_nat_conflict(const struct net *net,
                                         const struct nft_base_chain *basechain)
 {
@@ -126,6 +127,7 @@ static bool nf_tables_allow_nat_conflict(const struct net 
*net,
 
        return ret;
 }
+#endif
 
 int nf_register_hook(struct nf_hook_ops *reg)
 {
@@ -135,6 +137,7 @@ int nf_register_hook(struct nf_hook_ops *reg)
        list_for_each_entry(elem, &nf_hooks[reg->pf][reg->hooknum], list) {
                if (reg->priority < elem->priority)
                        break;
+#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
                else if ((reg->priority == elem->priority) && reg->is_nft_ops) {
                        const struct nft_chain *c;
                        struct nft_base_chain *basechain;
@@ -163,6 +166,7 @@ int nf_register_hook(struct nf_hook_ops *reg)
                                return -EBUSY;
                        }
                }
+#endif
        }
        list_add_rcu(&reg->list, elem->list.prev);
        mutex_unlock(&nf_hook_mutex);
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to