summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorArnd Bergmann <arnd@arndb.de>2016-03-18 14:33:45 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2016-03-28 17:58:59 +0200
commit99b7248e2ad57ca93ada10c6598affb267ffc99a (patch)
treef10a1fb299924a9cf89f5be57781c734cbe42b52 /security/integrity
parentopenvswitch: Fix checking for new expected connections. (diff)
downloadlinux-99b7248e2ad57ca93ada10c6598affb267ffc99a.tar.xz
linux-99b7248e2ad57ca93ada10c6598affb267ffc99a.zip
openvswitch: call only into reachable nf-nat code
The openvswitch code has gained support for calling into the nf-nat-ipv4/ipv6 modules, however those can be loadable modules in a configuration in which openvswitch is built-in, leading to link errors: net/built-in.o: In function `__ovs_ct_lookup': :(.text+0x2cc2c8): undefined reference to `nf_nat_icmp_reply_translation' :(.text+0x2cc66c): undefined reference to `nf_nat_icmpv6_reply_translation' The dependency on (!NF_NAT || NF_NAT) prevents similar issues, but NF_NAT is set to 'y' if any of the symbols selecting it are built-in, but the link error happens when any of them are modular. A second issue is that even if CONFIG_NF_NAT_IPV6 is built-in, CONFIG_NF_NAT_IPV4 might be completely disabled. This is unlikely to be useful in practice, but the driver currently only handles IPv6 being optional. This patch improves the Kconfig dependency so that openvswitch cannot be built-in if either of the two other symbols are set to 'm', and it replaces the incorrect #ifdef in ovs_ct_nat_execute() with two "if (IS_ENABLED())" checks that should catch all corner cases also make the code more readable. The same #ifdef exists ovs_ct_nat_to_attr(), where it does not cause a link error, but for consistency I'm changing it the same way. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: 05752523e565 ("openvswitch: Interface with NAT.") Acked-by: Joe Stringer <joe@ovn.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'security/integrity')
0 files changed, 0 insertions, 0 deletions