lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Mar 2016 09:10:09 +0100 From: Pablo Neira Ayuso <pablo@...filter.org> To: Arnd Bergmann <arnd@...db.de> Cc: Pravin Shelar <pshelar@...ira.com>, "David S. Miller" <davem@...emloft.net>, Thomas Graf <tgraf@...g.ch>, Joe Stringer <joestringer@...ira.com>, Paolo Abeni <pabeni@...hat.com>, Jarno Rajahalme <jarno@....org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Florian Westphal <fw@...len.de>, netdev@...r.kernel.org, dev@...nvswitch.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] openvswitch: call only into reachable nf-nat code On Fri, Mar 18, 2016 at 02:33:45PM +0100, Arnd Bergmann wrote: > The openvswitch code has gained support for calling into the > nf-nat-ipv4/ipv6 modules, however those can be loadable modules > in a configuration in which openvswitch is built-in, leading > to link errors: > > net/built-in.o: In function `__ovs_ct_lookup': > :(.text+0x2cc2c8): undefined reference to `nf_nat_icmp_reply_translation' > :(.text+0x2cc66c): undefined reference to `nf_nat_icmpv6_reply_translation' > > The dependency on (!NF_NAT || NF_NAT) prevents similar issues, > but NF_NAT is set to 'y' if any of the symbols selecting > it are built-in, but the link error happens when any of them > are modular. > > A second issue is that even if CONFIG_NF_NAT_IPV6 is built-in, > CONFIG_NF_NAT_IPV4 might be completely disabled. This is unlikely > to be useful in practice, but the driver currently only handles > IPv6 being optional. > > This patch improves the Kconfig dependency so that openvswitch > cannot be built-in if either of the two other symbols are set > to 'm', and it replaces the incorrect #ifdef in ovs_ct_nat_execute() > with two "if (IS_ENABLED())" checks that should catch all corner > cases also make the code more readable. > > The same #ifdef exists ovs_ct_nat_to_attr(), where it does not > cause a link error, but for consistency I'm changing it the same > way. Applied, thanks Arnd.
Powered by blists - more mailing lists