On Mon, Jul 08, 2019 at 11:51:17AM +0300, Paul Blakey wrote:
..
> +static int tcf_ct_handle_fragments(struct net *net, struct sk_buff *skb,
> + u8 family, u16 zone)
> +{
> + enum ip_conntrack_info ctinfo;
> + struct nf_conn *ct;
> + int err = 0;
> + bool frag;
> +
> + /* Previously seen (loopback)? Ignore. */
> + ct = nf_ct_get(skb, &ctinfo);
> + if ((ct && !nf_ct_is_template(ct)) || ctinfo == IP_CT_UNTRACKED)
> + return 0;
> +
> + if (family == NFPROTO_IPV4)
> + err = tcf_ct_ipv4_is_fragment(skb, &frag);
> + else
> + err = tcf_ct_ipv6_is_fragment(skb, &frag);
> + if (err || !frag)
> + return err;
> +
> + skb_get(skb);
> +
> + if (family == NFPROTO_IPV4) {
> + enum ip_defrag_users user = IP_DEFRAG_CONNTRACK_IN + zone;
> +
> + memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
> + local_bh_disable();
> + err = ip_defrag(net, skb, user);
> + local_bh_enable();
> + if (err && err != -EINPROGRESS)
> + goto out_free;
> + } else { /* NFPROTO_IPV6 */
> + enum ip6_defrag_users user = IP6_DEFRAG_CONNTRACK_IN + zone;
> +
> + memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
> + err = nf_ct_frag6_gather(net, skb, user);
This doesn't build without IPv6 enabled.
ERROR: "nf_ct_frag6_gather" [net/sched/act_ct.ko] undefined!
We need to (copy and pasted):
@@ -179,7 +179,9 @@ static int tcf_ct_handle_fragments(struct net *net, struct
sk_buff *skb,
local_bh_enable();
if (err && err != -EINPROGRESS)
goto out_free;
- } else { /* NFPROTO_IPV6 */
+ }
+#if IS_ENABLED(IPV6)
+ else { /* NFPROTO_IPV6 */
enum ip6_defrag_users user = IP6_DEFRAG_CONNTRACK_IN + zone;
memset(IP6CB(skb), 0, sizeof(struct inet6_skb_parm));
@@ -187,6 +189,7 @@ static int tcf_ct_handle_fragments(struct net *net, struct
sk_buff *skb,
if (err && err != -EINPROGRESS)
goto out_free;
}
+#endif
skb_clear_hash(skb);
skb->ignore_df = 1;
> + if (err && err != -EINPROGRESS)
> + goto out_free;
> + }
> +
> + skb_clear_hash(skb);
> + skb->ignore_df = 1;
> + return err;
> +
> +out_free:
> + kfree_skb(skb);
> + return err;
> +}
