| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180214181345.6368-3-mcroce@redhat.com>
Date: Wed, 14 Feb 2018 19:13:44 +0100
From: Matteo Croce <mcroce@...hat.com>
To: netdev@...r.kernel.org
Cc: Mahesh Bandewar <maheshb@...gle.com>
Subject: [PATCH 2/3] ipvlan: drop netfilter dependency
IPVlan has an hard dependency on netfilter.
Refactor the ipvlan code to allow compiling it with netfilter disabled.
Signed-off-by: Matteo Croce <mcroce@...hat.com>
---
drivers/net/Kconfig | 1 -
drivers/net/ipvlan/ipvlan.h | 2 ++
drivers/net/ipvlan/ipvlan_core.c | 2 ++
drivers/net/ipvlan/ipvlan_main.c | 31 ++++++++++++++++++++++---------
4 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
index 3234c6618d75..64d3017ecd01 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -149,7 +149,6 @@ config MACVTAP
config IPVLAN
tristate "IP-VLAN support"
depends on INET
- depends on NETFILTER
depends on NET_L3_MASTER_DEV
---help---
This allows one to create virtual devices off of a main interface
diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h
index 5166575a164d..b7fa5a48a351 100644
--- a/drivers/net/ipvlan/ipvlan.h
+++ b/drivers/net/ipvlan/ipvlan.h
@@ -166,8 +166,10 @@ bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6);
void ipvlan_ht_addr_del(struct ipvl_addr *addr);
struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb,
u16 proto);
+#ifdef CONFIG_NETFILTER
unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state);
+#endif
void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
unsigned int len, bool success, bool mcast);
int ipvlan_link_new(struct net *src_net, struct net_device *dev,
diff --git a/drivers/net/ipvlan/ipvlan_core.c b/drivers/net/ipvlan/ipvlan_core.c
index 653b00738616..5be846bc6d8c 100644
--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -821,6 +821,7 @@ struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb,
return skb;
}
+#ifdef CONFIG_NETFILTER
unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
@@ -837,3 +838,4 @@ unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb,
out:
return NF_ACCEPT;
}
+#endif
diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index 67c91ceda979..2e311251c27c 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c
@@ -15,6 +15,16 @@ struct ipvlan_netns {
unsigned int ipvl_nf_hook_refcnt;
};
+static const struct l3mdev_ops ipvl_l3mdev_ops = {
+ .l3mdev_l3_rcv = ipvlan_l3_rcv,
+};
+
+static void ipvlan_adjust_mtu(struct ipvl_dev *ipvlan, struct net_device *dev)
+{
+ ipvlan->dev->mtu = dev->mtu;
+}
+
+#ifdef CONFIG_NETFILTER
static const struct nf_hook_ops ipvl_nfops[] = {
{
.hook = ipvlan_nf_input,
@@ -32,15 +42,6 @@ static const struct nf_hook_ops ipvl_nfops[] = {
#endif
};
-static const struct l3mdev_ops ipvl_l3mdev_ops = {
- .l3mdev_l3_rcv = ipvlan_l3_rcv,
-};
-
-static void ipvlan_adjust_mtu(struct ipvl_dev *ipvlan, struct net_device *dev)
-{
- ipvlan->dev->mtu = dev->mtu;
-}
-
static int ipvlan_register_nf_hook(struct net *net)
{
struct ipvlan_netns *vnet = net_generic(net, ipvlan_netid);
@@ -70,6 +71,16 @@ static void ipvlan_unregister_nf_hook(struct net *net)
nf_unregister_net_hooks(net, ipvl_nfops,
ARRAY_SIZE(ipvl_nfops));
}
+#else
+static int ipvlan_register_nf_hook(struct net *net)
+{
+ return 0;
+}
+
+static void ipvlan_unregister_nf_hook(struct net *net)
+{
+}
+#endif
static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval)
{
@@ -1015,8 +1026,10 @@ static void ipvlan_ns_exit(struct net *net)
if (WARN_ON_ONCE(vnet->ipvl_nf_hook_refcnt)) {
vnet->ipvl_nf_hook_refcnt = 0;
+#ifdef CONFIG_NETFILTER
nf_unregister_net_hooks(net, ipvl_nfops,
ARRAY_SIZE(ipvl_nfops));
+#endif
}
}
--
2.14.3
Powered by blists - more mailing lists