Randy Dunlap wrote:
> On 02/18/10 01:49, Stephen Rothwell wrote:
>> Hi all,
>>
>> Changes since 20100217:
>>
>> The net tree lost its build failure but gained a conflict against the kvm
>> tree.
>
>
> include/net/netfilter/nf_conntrack.h:94: error: field 'ct_general' has incomplete type
> include/net/netfilter/nf_conntrack.h:178: error: 'const struct sk_buff' has no member named 'nfct'
> include/net/netfilter/nf_conntrack.h:185: error: implicit declaration of function 'nf_conntrack_put'
> include/net/netfilter/nf_conntrack.h:294: error: 'const struct sk_buff' has no member named 'nfct'
> net/ipv4/netfilter/nf_defrag_ipv4.c:45: error: 'struct sk_buff' has no member named 'nfct'
> net/ipv4/netfilter/nf_defrag_ipv4.c:46: error: 'struct sk_buff' has no member named 'nfct'
>
> CONFIG_NF_CONNTRACK is not enabled
> but CONFIG_NF_DEFRAG_IPV4=y. It is "select"ed by
> NETFILTER_XT_MATCH_SOCKET and NETFILTER_XT_TARGET_TPROXY,
> both of which are enabled.
>
> Hm, NETFILTER_XT_MATCH_SOCKET depends on !NF_CONNTRACK || NF_CONNTRACK.
> Maybe NETFILTER_XT_TARGET_TPROXY needs to do that also. No, that would
> go against that config option's help text:
No, the problem is use of skb->nfct without CONFIG_NF_CONNTRACK.
This patch should fix it.
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index d498a70..b822ade 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -42,8 +42,10 @@ static enum ip_defrag_users nf_ct_defrag_user(unsigned int hooknum,
{
u16 zone = NF_CT_DEFAULT_ZONE;
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
if (skb->nfct)
zone = nf_ct_zone((struct nf_conn *)skb->nfct);
+#endif
#ifdef CONFIG_BRIDGE_NETFILTER
if (skb->nf_bridge &&
