diff options
| author | Eelco Chaudron <echaudro@redhat.com> | 2020-09-01 16:56:02 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-10-01 13:18:17 +0200 |
| commit | eb5f810e06da3fc202b2fc57658ad711229c0e66 (patch) | |
| tree | 088b7fe0d23f2ac58d21a34521951070451282ba | |
| parent | b6112ff05f5f4f28b7b0e7cef02e5e3b0639e893 (diff) | |
| download | linux-stable-eb5f810e06da3fc202b2fc57658ad711229c0e66.tar.gz linux-stable-eb5f810e06da3fc202b2fc57658ad711229c0e66.tar.bz2 linux-stable-eb5f810e06da3fc202b2fc57658ad711229c0e66.zip | |
netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
[ Upstream commit 526e81b990e53e31ba40ba304a2285ffd098721f ]
The openvswitch module fails initialization when used in a kernel
without IPv6 enabled. nf_conncount_init() fails because the ct code
unconditionally tries to initialize the netns IPv6 related bit,
regardless of the build option. The change below ignores the IPv6
part if not enabled.
Note that the corresponding _put() function already has this IPv6
configuration check.
Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit")
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | net/netfilter/nf_conntrack_proto.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index a0560d175a7f..aaf4293ddd45 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -565,6 +565,7 @@ static int nf_ct_netns_inet_get(struct net *net) int err; err = nf_ct_netns_do_get(net, NFPROTO_IPV4); +#if IS_ENABLED(CONFIG_IPV6) if (err < 0) goto err1; err = nf_ct_netns_do_get(net, NFPROTO_IPV6); @@ -575,6 +576,7 @@ static int nf_ct_netns_inet_get(struct net *net) err2: nf_ct_netns_put(net, NFPROTO_IPV4); err1: +#endif return err; } |