From: Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx> While looking at the kasan warning, I noticed there're 2 more warnings when CONFIG_NF_DEFRAG_IPV6 and CONFIG_NF_DEFRAG_IPV4 are not defined. 1. net/bridge//br_netfilter_hooks.c: In function ‘br_nf_dev_queue_xmit’: net/bridge//br_netfilter_hooks.c:730:25: warning: variable ‘nf_bridge’ set but not used [-Wunused-but-set-variable] - Introduced by commit efb6de9b4ba0 ("netfilter: bridge: forward IPv6 fragmented packets") 2. net/bridge//br_netfilter_hooks.c: In function ‘br_nf_dev_queue_xmit’: net/bridge//br_netfilter_hooks.c:797:2: warning: label ‘drop’ defined but not used [-Wunused-label] - Introduced by commit dd302b59bde0 ("netfilter: bridge: don't leak skb in error paths") Simply pull the code inside the respective ifdefs. Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx> --- Compile-tested only. Patch applies to DaveM's net-next and also to git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git net/bridge/br_netfilter_hooks.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 13f03671c88d..adf50432b189 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c @@ -727,7 +727,6 @@ static unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb) static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) { - struct nf_bridge_info *nf_bridge; unsigned int mtu_reserved; mtu_reserved = nf_bridge_mtu_reduction(skb); @@ -737,18 +736,20 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff return br_dev_queue_push_xmit(net, sk, skb); } - nf_bridge = nf_bridge_info_get(skb); - #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) /* This is wrong! We should preserve the original fragment * boundaries by preserving frag_list rather than refragmenting. */ if (skb->protocol == htons(ETH_P_IP)) { + struct nf_bridge_info *nf_bridge; struct brnf_frag_data *data; - if (br_validate_ipv4(net, skb)) - goto drop; + if (br_validate_ipv4(net, skb)) { + kfree_skb(skb); + return 0; + } + nf_bridge = nf_bridge_info_get(skb); IPCB(skb)->frag_max_size = nf_bridge->frag_max_size; nf_bridge_update_protocol(skb); @@ -769,11 +770,15 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) if (skb->protocol == htons(ETH_P_IPV6)) { const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); + struct nf_bridge_info *nf_bridge; struct brnf_frag_data *data; - if (br_validate_ipv6(net, skb)) - goto drop; + if (br_validate_ipv6(net, skb)) { + kfree_skb(skb); + return 0; + } + nf_bridge = nf_bridge_info_get(skb); IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size; nf_bridge_update_protocol(skb); @@ -794,9 +799,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff #endif nf_bridge_info_free(skb); return br_dev_queue_push_xmit(net, sk, skb); - drop: - kfree_skb(skb); - return 0; } /* PF_BRIDGE/POST_ROUTING ********************************************/ -- 2.4.3 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html