Upstream commits cc41c84b7e7f ("netfilter: kill the fake untracked
conntrack objects") and ab8bc7ed864b ("netfilter: remove
nf_ct_is_untracked") removed the 'untracked' conntrack objects and
functions. The latter commit removes the usage of nf_ct_is_untracked()
from OVS. However, older kernels still have a representation of
'untracked' CT objects so the code needs to remain until the kernel
support is bumped to Linux 4.12 or newer. Introduce a macro to detect
this symbol and wrap these lines in the macro check.Signed-off-by: Joe Stringer <[email protected]> --- acinclude.m4 | 2 ++ datapath/conntrack.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/acinclude.m4 b/acinclude.m4 index dbe03bc83e43..d9a8a58372f0 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -541,6 +541,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [ [OVS_DEFINE([HAVE_NF_CT_GET_TUPLEPR_TAKES_STRUCT_NET])]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], [nf_ct_set]) + OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack.h], + [nf_ct_is_untracked]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_zones.h], [nf_ct_zone_init]) OVS_GREP_IFELSE([$KSRC/include/net/netfilter/nf_conntrack_labels.h], diff --git a/datapath/conntrack.c b/datapath/conntrack.c index 64ad0657241b..bf28fc071929 100644 --- a/datapath/conntrack.c +++ b/datapath/conntrack.c @@ -859,10 +859,12 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, enum nf_nat_manip_type maniptype; int err; +#ifdef HAVE_NF_CT_IS_UNTRACKED if (nf_ct_is_untracked(ct)) { /* A NAT action may only be performed on tracked packets. */ return NF_ACCEPT; } +#endif /* HAVE_NF_CT_IS_UNTRACKED */ /* Add NAT extension if not confirmed yet. */ if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct)) -- 2.12.0 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
