From: Joe Conley <joe.conley@xxxxxxxxxxxxx>
Two missing ifdef checks for CONFIG_NF_CONNTRACK_MARK were causing
EOPNOTSUPP to be returned. Every single place that cda[CTA_MARK] or cda[CTA_MARK_MASK]
was checked was inside a #ifdef for CONFIG_NF_CONNTRACK_MARK except for these
two places. The reason for this change stems from this commit:
866476f323465a8afef10b14b48d5136bf5c51fe (netfilter: conntrack: Flush connections with a given mark)
This allows conntrack -L to be ran succesfully when CONFIG_NF_CONNTRACK_MARK
is not enabled.
Signed-off-by: Joe Conley <joe.conley@xxxxxxxxxxxxx>
---
net/netfilter/nf_conntrack_netlink.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 2754045..94146bd 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1107,13 +1107,13 @@ static int ctnetlink_flush_conntrack(struct net *net,
u32 portid, int report)
{
struct ctnetlink_filter *filter = NULL;
-
+#ifdef CONFIG_NF_CONNTRACK_MARK
if (cda[CTA_MARK] && cda[CTA_MARK_MASK]) {
filter = ctnetlink_alloc_filter(cda);
if (IS_ERR(filter))
return PTR_ERR(filter);
}
-
+#endif
nf_ct_iterate_cleanup(net, ctnetlink_filter_match, filter,
portid, report);
kfree(filter);
@@ -1192,7 +1192,7 @@ static int ctnetlink_get_conntrack(struct net *net, struct sock *ctnl,
.dump = ctnetlink_dump_table,
.done = ctnetlink_done,
};
-
+#ifdef CONFIG_NF_CONNTRACK_MARK
if (cda[CTA_MARK] && cda[CTA_MARK_MASK]) {
struct ctnetlink_filter *filter;
@@ -1202,6 +1202,7 @@ static int ctnetlink_get_conntrack(struct net *net, struct sock *ctnl,
c.data = filter;
}
+#endif
return netlink_dump_start(ctnl, skb, nlh, &c);
}
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
