Add some #ifdefs to unconditionally return false in
ip_set_get_ip6_port() when CONFIG_IPV6=n and convert
to ipv6_skip_exthdr() to avoid pulling in the ip6_tables
module when loading ipset.
A slightly more code-saving alternative would be to add
a dummy inline function or ifdef the callsites. Please
let me know which way you prefer.
diff --git a/net/netfilter/ipset/ip_set_getport.c b/net/netfilter/ipset/ip_set_getport.c
index 4dd2785..5ea0736 100644
--- a/net/netfilter/ipset/ip_set_getport.c
+++ b/net/netfilter/ipset/ip_set_getport.c
@@ -13,6 +13,7 @@
#include <linux/icmpv6.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <net/ip.h>
+#include <net/ipv6.h>
#include <linux/netfilter/ipset/ip_set_getport.h>
@@ -97,15 +98,19 @@ bool
ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
__be16 *port, u8 *proto)
{
- unsigned int protooff = 0;
- int protocol;
- unsigned short fragoff;
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+ int protoff;
+ u8 nexthdr;
- protocol = ipv6_find_hdr(skb, &protooff, -1, &fragoff);
- if (protocol <= 0 || fragoff)
+ nexthdr = ipv6_hdr(skb)->nexthdr;
+ protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
+ if (protoff < 0)
return false;
- return get_port(skb, protocol, protooff, src, port, proto);
+ return get_port(skb, nexthdr, protoff, src, port, proto);
+#else
+ return false;
+#endif
}
EXPORT_SYMBOL_GPL(ip_set_get_ip6_port);
