aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/netfilter/nf_tables.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/netfilter/nf_tables.h')
-rw-r--r--include/net/netfilter/nf_tables.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 475d6f28ca67..e73d16f8b870 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -25,6 +25,7 @@ struct nft_pktinfo {
struct xt_action_param xt;
};
+#if IS_ENABLED(CONFIG_NETFILTER)
static inline struct net *nft_net(const struct nft_pktinfo *pkt)
{
return pkt->xt.state->net;
@@ -57,6 +58,7 @@ static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
pkt->skb = skb;
pkt->xt.state = state;
}
+#endif
static inline void nft_set_pktinfo_unspec(struct nft_pktinfo *pkt,
struct sk_buff *skb)
@@ -926,9 +928,11 @@ struct nft_chain_type {
int family;
struct module *owner;
unsigned int hook_mask;
+#if IS_ENABLED(CONFIG_NETFILTER)
nf_hookfn *hooks[NF_MAX_HOOKS];
int (*ops_register)(struct net *net, const struct nf_hook_ops *ops);
void (*ops_unregister)(struct net *net, const struct nf_hook_ops *ops);
+#endif
};
int nft_chain_validate_dependency(const struct nft_chain *chain,
@@ -954,7 +958,9 @@ struct nft_stats {
* @flow_block: flow block (for hardware offload)
*/
struct nft_base_chain {
+#if IS_ENABLED(CONFIG_NETFILTER)
struct nf_hook_ops ops;
+#endif
const struct nft_chain_type *type;
u8 policy;
u8 flags;
@@ -1151,7 +1157,9 @@ struct nft_flowtable {
use:30;
u64 handle;
/* runtime data below here */
+#if IS_ENABLED(CONFIG_NETFILTER)
struct nf_hook_ops *ops ____cacheline_aligned;
+#endif
struct nf_flowtable data;
};
@@ -1206,6 +1214,8 @@ void nft_trace_notify(struct nft_traceinfo *info);
#define MODULE_ALIAS_NFT_OBJ(type) \
MODULE_ALIAS("nft-obj-" __stringify(type))
+#if IS_ENABLED(CONFIG_NF_TABLES)
+
/*
* The gencursor defines two generations, the currently active and the
* next one. Objects contain a bitmask of 2 bits specifying the generations
@@ -1279,6 +1289,8 @@ static inline void nft_set_elem_change_active(const struct net *net,
ext->genmask ^= nft_genmask_next(net);
}
+#endif /* IS_ENABLED(CONFIG_NF_TABLES) */
+
/*
* We use a free bit in the genmask field to indicate the element
* is busy, meaning it is currently being processed either by
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.