netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT

Now that cttimeout support for nft_ct is in place, these should depend on CONFIG_NF_CONNTRACK_TIMEOUT otherwise we can crash when dumping the policy if this option is not enabled. [ 71.600121] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 [...] [ 71.600141] CPU: 3 PID: 7612 Comm: nft Not tainted 4.18.0+ #246 [...] [ 71.600188] Call Trace: [ 71.600201] ? nft_ct_timeout_obj_dump+0xc6/0xf0 [nft_ct] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT
Now that cttimeout support for nft_ct is in place, these should depend on CONFIG_NF_CONNTRACK_TIMEOUT otherwise we can crash when dumping the policy if this option is not enabled. [ 71.600121] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 [...] [ 71.600141] CPU: 3 PID: 7612 Comm: nft Not tainted 4.18.0+ #246 [...] [ 71.600188] Call Trace: [ 71.600201] ? nft_ct_timeout_obj_dump+0xc6/0xf0 [nft_ct] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso
1 parent f94e63801a
Showing 8 changed files with 45 additions and 45 deletions Side-by-side Diff
net/netfilter/nf_conntrack_proto_dccp.c
net/netfilter/nf_conntrack_proto_generic.c
net/netfilter/nf_conntrack_proto_gre.c
net/netfilter/nf_conntrack_proto_icmp.c
net/netfilter/nf_conntrack_proto_icmpv6.c
net/netfilter/nf_conntrack_proto_sctp.c
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/nf_conntrack_proto_udp.c
@@ -675,7 +675,7 @@
 }
 #endif
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -728,7 +728,7 @@
 	[CTA_TIMEOUT_DCCP_CLOSING]	= { .type = NLA_U32 },
 	[CTA_TIMEOUT_DCCP_TIMEWAIT]	= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
 #ifdef CONFIG_SYSCTL
 /* template, data assigned later */
@@ -863,7 +863,7 @@
 	.nlattr_to_tuple	= nf_ct_port_nlattr_to_tuple,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= dccp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= dccp_timeout_obj_to_nlattr,
@@ -871,7 +871,7 @@
 		.obj_size	= sizeof(unsigned int) * CT_DCCP_MAX,
 		.nla_policy	= dccp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= dccp_init_net,
 	.get_net_proto		= dccp_get_net_proto,
 };
@@ -896,7 +896,7 @@
 	.nlattr_to_tuple	= nf_ct_port_nlattr_to_tuple,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= dccp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= dccp_timeout_obj_to_nlattr,
@@ -904,7 +904,7 @@
 		.obj_size	= sizeof(unsigned int) * CT_DCCP_MAX,
 		.nla_policy	= dccp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= dccp_init_net,
 	.get_net_proto		= dccp_get_net_proto,
 };
@@ -70,7 +70,7 @@
 	return ret;
 }
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -113,7 +113,7 @@
 generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = {
 	[CTA_TIMEOUT_GENERIC_TIMEOUT]	= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
 #ifdef CONFIG_SYSCTL
 static struct ctl_table generic_sysctl_table[] = {
@@ -164,7 +164,7 @@
 	.pkt_to_tuple		= generic_pkt_to_tuple,
 	.packet			= generic_packet,
 	.new			= generic_new,
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= generic_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= generic_timeout_obj_to_nlattr,
@@ -172,7 +172,7 @@
 		.obj_size	= sizeof(unsigned int),
 		.nla_policy	= generic_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= generic_init_net,
 	.get_net_proto		= generic_get_net_proto,
 };
@@ -285,7 +285,7 @@
 		nf_ct_gre_keymap_destroy(master);
 }
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -334,7 +334,7 @@
 	[CTA_TIMEOUT_GRE_UNREPLIED]	= { .type = NLA_U32 },
 	[CTA_TIMEOUT_GRE_REPLIED]	= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
 static int gre_init_net(struct net *net, u_int16_t proto)
 {
@@ -367,7 +367,7 @@
 	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
 	.nla_policy	 = nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout    = {
 		.nlattr_to_obj	= gre_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= gre_timeout_obj_to_nlattr,
@@ -375,7 +375,7 @@
 		.obj_size	= sizeof(unsigned int) * GRE_CT_MAX,
 		.nla_policy	= gre_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.net_id		= &proto_gre_net_id,
 	.init_net	= gre_init_net,
 };
@@ -273,7 +273,7 @@
 }
 #endif
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -313,7 +313,7 @@
 icmp_timeout_nla_policy[CTA_TIMEOUT_ICMP_MAX+1] = {
 	[CTA_TIMEOUT_ICMP_TIMEOUT]	= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
 #ifdef CONFIG_SYSCTL
 static struct ctl_table icmp_sysctl_table[] = {
@@ -374,7 +374,7 @@
 	.nlattr_to_tuple	= icmp_nlattr_to_tuple,
 	.nla_policy		= icmp_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= icmp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= icmp_timeout_obj_to_nlattr,
@@ -382,7 +382,7 @@
 		.obj_size	= sizeof(unsigned int),
 		.nla_policy	= icmp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= icmp_init_net,
 	.get_net_proto		= icmp_get_net_proto,
 };
@@ -274,7 +274,7 @@
 }
 #endif
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -314,7 +314,7 @@
 icmpv6_timeout_nla_policy[CTA_TIMEOUT_ICMPV6_MAX+1] = {
 	[CTA_TIMEOUT_ICMPV6_TIMEOUT]	= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
 #ifdef CONFIG_SYSCTL
 static struct ctl_table icmpv6_sysctl_table[] = {
@@ -373,7 +373,7 @@
 	.nlattr_to_tuple	= icmpv6_nlattr_to_tuple,
 	.nla_policy		= icmpv6_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= icmpv6_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= icmpv6_timeout_obj_to_nlattr,
@@ -381,7 +381,7 @@
 		.obj_size	= sizeof(unsigned int),
 		.nla_policy	= icmpv6_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= icmpv6_init_net,
 	.get_net_proto		= icmpv6_get_net_proto,
 };
@@ -591,7 +591,7 @@
 }
 #endif
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -646,7 +646,7 @@
 	[CTA_TIMEOUT_SCTP_HEARTBEAT_SENT]	= { .type = NLA_U32 },
 	[CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED]	= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
  
 #ifdef CONFIG_SYSCTL
@@ -780,7 +780,7 @@
 	.nlattr_to_tuple	= nf_ct_port_nlattr_to_tuple,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= sctp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= sctp_timeout_obj_to_nlattr,
@@ -788,7 +788,7 @@
 		.obj_size	= sizeof(unsigned int) * SCTP_CONNTRACK_MAX,
 		.nla_policy	= sctp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= sctp_init_net,
 	.get_net_proto		= sctp_get_net_proto,
 };
@@ -813,7 +813,8 @@
 	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,
 	.nlattr_to_tuple	= nf_ct_port_nlattr_to_tuple,
 	.nla_policy		= nf_ct_port_nla_policy,
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#endif
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= sctp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= sctp_timeout_obj_to_nlattr,
@@ -821,8 +822,7 @@
 		.obj_size	= sizeof(unsigned int) * SCTP_CONNTRACK_MAX,
 		.nla_policy	= sctp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
-#endif
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= sctp_init_net,
 	.get_net_proto		= sctp_get_net_proto,
 };
@@ -1279,7 +1279,7 @@
 }
 #endif
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -1394,7 +1394,7 @@
 	[CTA_TIMEOUT_TCP_RETRANS]	= { .type = NLA_U32 },
 	[CTA_TIMEOUT_TCP_UNACK]		= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
 #ifdef CONFIG_SYSCTL
 static struct ctl_table tcp_sysctl_table[] = {
@@ -1558,7 +1558,7 @@
 	.nlattr_size		= TCP_NLATTR_SIZE,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= tcp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= tcp_timeout_obj_to_nlattr,
@@ -1567,7 +1567,7 @@
 					TCP_CONNTRACK_TIMEOUT_MAX,
 		.nla_policy	= tcp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= tcp_init_net,
 	.get_net_proto		= tcp_get_net_proto,
 };
@@ -1593,7 +1593,7 @@
 	.nlattr_tuple_size	= tcp_nlattr_tuple_size,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= tcp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= tcp_timeout_obj_to_nlattr,
@@ -1602,7 +1602,7 @@
 					TCP_CONNTRACK_TIMEOUT_MAX,
 		.nla_policy	= tcp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= tcp_init_net,
 	.get_net_proto		= tcp_get_net_proto,
 };
@@ -171,7 +171,7 @@
 	return NF_ACCEPT;
 }
  
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
  
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_cttimeout.h>
@@ -221,7 +221,7 @@
        [CTA_TIMEOUT_UDP_UNREPLIED]	= { .type = NLA_U32 },
        [CTA_TIMEOUT_UDP_REPLIED]	= { .type = NLA_U32 },
 };
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
  
 #ifdef CONFIG_SYSCTL
 static struct ctl_table udp_sysctl_table[] = {
@@ -292,7 +292,7 @@
 	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= udp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= udp_timeout_obj_to_nlattr,
@@ -300,7 +300,7 @@
 		.obj_size	= sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
 		.nla_policy	= udp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= udp_init_net,
 	.get_net_proto		= udp_get_net_proto,
 };
@@ -321,7 +321,7 @@
 	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= udp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= udp_timeout_obj_to_nlattr,
@@ -329,7 +329,7 @@
 		.obj_size	= sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
 		.nla_policy	= udp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= udp_init_net,
 	.get_net_proto		= udp_get_net_proto,
 };
@@ -350,7 +350,7 @@
 	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= udp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= udp_timeout_obj_to_nlattr,
@@ -358,7 +358,7 @@
 		.obj_size	= sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
 		.nla_policy	= udp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= udp_init_net,
 	.get_net_proto		= udp_get_net_proto,
 };
@@ -379,7 +379,7 @@
 	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,
 	.nla_policy		= nf_ct_port_nla_policy,
 #endif
-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 	.ctnl_timeout		= {
 		.nlattr_to_obj	= udp_timeout_nlattr_to_obj,
 		.obj_to_nlattr	= udp_timeout_obj_to_nlattr,
@@ -387,7 +387,7 @@
 		.obj_size	= sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
 		.nla_policy	= udp_timeout_nla_policy,
 	},
-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 	.init_net		= udp_init_net,
 	.get_net_proto		= udp_get_net_proto,
 };
...	...	@@ -675,7 +675,7 @@
675	675	}
676	676	#endif
677	677
678		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	678	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
679	679
680	680	#include <linux/netfilter/nfnetlink.h>
681	681	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -728,7 +728,7 @@
728	728	[CTA_TIMEOUT_DCCP_CLOSING] = { .type = NLA_U32 },
729	729	[CTA_TIMEOUT_DCCP_TIMEWAIT] = { .type = NLA_U32 },
730	730	};
731		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	731	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
732	732
733	733	#ifdef CONFIG_SYSCTL
734	734	/* template, data assigned later */
...	...	@@ -863,7 +863,7 @@
863	863	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
864	864	.nla_policy = nf_ct_port_nla_policy,
865	865	#endif
866		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	866	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
867	867	.ctnl_timeout = {
868	868	.nlattr_to_obj = dccp_timeout_nlattr_to_obj,
869	869	.obj_to_nlattr = dccp_timeout_obj_to_nlattr,
...	...	@@ -871,7 +871,7 @@
871	871	.obj_size = sizeof(unsigned int) * CT_DCCP_MAX,
872	872	.nla_policy = dccp_timeout_nla_policy,
873	873	},
874		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	874	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
875	875	.init_net = dccp_init_net,
876	876	.get_net_proto = dccp_get_net_proto,
877	877	};
...	...	@@ -896,7 +896,7 @@
896	896	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
897	897	.nla_policy = nf_ct_port_nla_policy,
898	898	#endif
899		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	899	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
900	900	.ctnl_timeout = {
901	901	.nlattr_to_obj = dccp_timeout_nlattr_to_obj,
902	902	.obj_to_nlattr = dccp_timeout_obj_to_nlattr,
...	...	@@ -904,7 +904,7 @@
904	904	.obj_size = sizeof(unsigned int) * CT_DCCP_MAX,
905	905	.nla_policy = dccp_timeout_nla_policy,
906	906	},
907		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	907	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
908	908	.init_net = dccp_init_net,
909	909	.get_net_proto = dccp_get_net_proto,
910	910	};
...	...	@@ -70,7 +70,7 @@
70	70	return ret;
71	71	}
72	72
73		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	73	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
74	74
75	75	#include <linux/netfilter/nfnetlink.h>
76	76	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -113,7 +113,7 @@
113	113	generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = {
114	114	[CTA_TIMEOUT_GENERIC_TIMEOUT] = { .type = NLA_U32 },
115	115	};
116		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	116	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
117	117
118	118	#ifdef CONFIG_SYSCTL
119	119	static struct ctl_table generic_sysctl_table[] = {
...	...	@@ -164,7 +164,7 @@
164	164	.pkt_to_tuple = generic_pkt_to_tuple,
165	165	.packet = generic_packet,
166	166	.new = generic_new,
167		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	167	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
168	168	.ctnl_timeout = {
169	169	.nlattr_to_obj = generic_timeout_nlattr_to_obj,
170	170	.obj_to_nlattr = generic_timeout_obj_to_nlattr,
...	...	@@ -172,7 +172,7 @@
172	172	.obj_size = sizeof(unsigned int),
173	173	.nla_policy = generic_timeout_nla_policy,
174	174	},
175		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	175	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
176	176	.init_net = generic_init_net,
177	177	.get_net_proto = generic_get_net_proto,
178	178	};
...	...	@@ -285,7 +285,7 @@
285	285	nf_ct_gre_keymap_destroy(master);
286	286	}
287	287
288		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	288	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
289	289
290	290	#include <linux/netfilter/nfnetlink.h>
291	291	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -334,7 +334,7 @@
334	334	[CTA_TIMEOUT_GRE_UNREPLIED] = { .type = NLA_U32 },
335	335	[CTA_TIMEOUT_GRE_REPLIED] = { .type = NLA_U32 },
336	336	};
337		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	337	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
338	338
339	339	static int gre_init_net(struct net *net, u_int16_t proto)
340	340	{
...	...	@@ -367,7 +367,7 @@
367	367	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
368	368	.nla_policy = nf_ct_port_nla_policy,
369	369	#endif
370		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	370	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
371	371	.ctnl_timeout = {
372	372	.nlattr_to_obj = gre_timeout_nlattr_to_obj,
373	373	.obj_to_nlattr = gre_timeout_obj_to_nlattr,
...	...	@@ -375,7 +375,7 @@
375	375	.obj_size = sizeof(unsigned int) * GRE_CT_MAX,
376	376	.nla_policy = gre_timeout_nla_policy,
377	377	},
378		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	378	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
379	379	.net_id = &proto_gre_net_id,
380	380	.init_net = gre_init_net,
381	381	};
...	...	@@ -273,7 +273,7 @@
273	273	}
274	274	#endif
275	275
276		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	276	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
277	277
278	278	#include <linux/netfilter/nfnetlink.h>
279	279	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -313,7 +313,7 @@
313	313	icmp_timeout_nla_policy[CTA_TIMEOUT_ICMP_MAX+1] = {
314	314	[CTA_TIMEOUT_ICMP_TIMEOUT] = { .type = NLA_U32 },
315	315	};
316		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	316	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
317	317
318	318	#ifdef CONFIG_SYSCTL
319	319	static struct ctl_table icmp_sysctl_table[] = {
...	...	@@ -374,7 +374,7 @@
374	374	.nlattr_to_tuple = icmp_nlattr_to_tuple,
375	375	.nla_policy = icmp_nla_policy,
376	376	#endif
377		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	377	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
378	378	.ctnl_timeout = {
379	379	.nlattr_to_obj = icmp_timeout_nlattr_to_obj,
380	380	.obj_to_nlattr = icmp_timeout_obj_to_nlattr,
...	...	@@ -382,7 +382,7 @@
382	382	.obj_size = sizeof(unsigned int),
383	383	.nla_policy = icmp_timeout_nla_policy,
384	384	},
385		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	385	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
386	386	.init_net = icmp_init_net,
387	387	.get_net_proto = icmp_get_net_proto,
388	388	};
...	...	@@ -274,7 +274,7 @@
274	274	}
275	275	#endif
276	276
277		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	277	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
278	278
279	279	#include <linux/netfilter/nfnetlink.h>
280	280	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -314,7 +314,7 @@
314	314	icmpv6_timeout_nla_policy[CTA_TIMEOUT_ICMPV6_MAX+1] = {
315	315	[CTA_TIMEOUT_ICMPV6_TIMEOUT] = { .type = NLA_U32 },
316	316	};
317		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	317	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
318	318
319	319	#ifdef CONFIG_SYSCTL
320	320	static struct ctl_table icmpv6_sysctl_table[] = {
...	...	@@ -373,7 +373,7 @@
373	373	.nlattr_to_tuple = icmpv6_nlattr_to_tuple,
374	374	.nla_policy = icmpv6_nla_policy,
375	375	#endif
376		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	376	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
377	377	.ctnl_timeout = {
378	378	.nlattr_to_obj = icmpv6_timeout_nlattr_to_obj,
379	379	.obj_to_nlattr = icmpv6_timeout_obj_to_nlattr,
...	...	@@ -381,7 +381,7 @@
381	381	.obj_size = sizeof(unsigned int),
382	382	.nla_policy = icmpv6_timeout_nla_policy,
383	383	},
384		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	384	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
385	385	.init_net = icmpv6_init_net,
386	386	.get_net_proto = icmpv6_get_net_proto,
387	387	};
...	...	@@ -591,7 +591,7 @@
591	591	}
592	592	#endif
593	593
594		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	594	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
595	595
596	596	#include <linux/netfilter/nfnetlink.h>
597	597	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -646,7 +646,7 @@
646	646	[CTA_TIMEOUT_SCTP_HEARTBEAT_SENT] = { .type = NLA_U32 },
647	647	[CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED] = { .type = NLA_U32 },
648	648	};
649		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	649	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
650	650
651	651
652	652	#ifdef CONFIG_SYSCTL
...	...	@@ -780,7 +780,7 @@
780	780	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
781	781	.nla_policy = nf_ct_port_nla_policy,
782	782	#endif
783		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	783	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
784	784	.ctnl_timeout = {
785	785	.nlattr_to_obj = sctp_timeout_nlattr_to_obj,
786	786	.obj_to_nlattr = sctp_timeout_obj_to_nlattr,
...	...	@@ -788,7 +788,7 @@
788	788	.obj_size = sizeof(unsigned int) * SCTP_CONNTRACK_MAX,
789	789	.nla_policy = sctp_timeout_nla_policy,
790	790	},
791		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	791	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
792	792	.init_net = sctp_init_net,
793	793	.get_net_proto = sctp_get_net_proto,
794	794	};
...	...	@@ -813,7 +813,8 @@
813	813	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
814	814	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
815	815	.nla_policy = nf_ct_port_nla_policy,
816		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	816	+#endif
	817	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
817	818	.ctnl_timeout = {
818	819	.nlattr_to_obj = sctp_timeout_nlattr_to_obj,
819	820	.obj_to_nlattr = sctp_timeout_obj_to_nlattr,
...	...	@@ -821,8 +822,7 @@
821	822	.obj_size = sizeof(unsigned int) * SCTP_CONNTRACK_MAX,
822	823	.nla_policy = sctp_timeout_nla_policy,
823	824	},
824		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
825		-#endif
	825	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
826	826	.init_net = sctp_init_net,
827	827	.get_net_proto = sctp_get_net_proto,
828	828	};
...	...	@@ -1279,7 +1279,7 @@
1279	1279	}
1280	1280	#endif
1281	1281
1282		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	1282	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
1283	1283
1284	1284	#include <linux/netfilter/nfnetlink.h>
1285	1285	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -1394,7 +1394,7 @@
1394	1394	[CTA_TIMEOUT_TCP_RETRANS] = { .type = NLA_U32 },
1395	1395	[CTA_TIMEOUT_TCP_UNACK] = { .type = NLA_U32 },
1396	1396	};
1397		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	1397	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
1398	1398
1399	1399	#ifdef CONFIG_SYSCTL
1400	1400	static struct ctl_table tcp_sysctl_table[] = {
...	...	@@ -1558,7 +1558,7 @@
1558	1558	.nlattr_size = TCP_NLATTR_SIZE,
1559	1559	.nla_policy = nf_ct_port_nla_policy,
1560	1560	#endif
1561		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	1561	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
1562	1562	.ctnl_timeout = {
1563	1563	.nlattr_to_obj = tcp_timeout_nlattr_to_obj,
1564	1564	.obj_to_nlattr = tcp_timeout_obj_to_nlattr,
...	...	@@ -1567,7 +1567,7 @@
1567	1567	TCP_CONNTRACK_TIMEOUT_MAX,
1568	1568	.nla_policy = tcp_timeout_nla_policy,
1569	1569	},
1570		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	1570	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
1571	1571	.init_net = tcp_init_net,
1572	1572	.get_net_proto = tcp_get_net_proto,
1573	1573	};
...	...	@@ -1593,7 +1593,7 @@
1593	1593	.nlattr_tuple_size = tcp_nlattr_tuple_size,
1594	1594	.nla_policy = nf_ct_port_nla_policy,
1595	1595	#endif
1596		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	1596	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
1597	1597	.ctnl_timeout = {
1598	1598	.nlattr_to_obj = tcp_timeout_nlattr_to_obj,
1599	1599	.obj_to_nlattr = tcp_timeout_obj_to_nlattr,
...	...	@@ -1602,7 +1602,7 @@
1602	1602	TCP_CONNTRACK_TIMEOUT_MAX,
1603	1603	.nla_policy = tcp_timeout_nla_policy,
1604	1604	},
1605		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	1605	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
1606	1606	.init_net = tcp_init_net,
1607	1607	.get_net_proto = tcp_get_net_proto,
1608	1608	};
...	...	@@ -171,7 +171,7 @@
171	171	return NF_ACCEPT;
172	172	}
173	173
174		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	174	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
175	175
176	176	#include <linux/netfilter/nfnetlink.h>
177	177	#include <linux/netfilter/nfnetlink_cttimeout.h>
...	...	@@ -221,7 +221,7 @@
221	221	[CTA_TIMEOUT_UDP_UNREPLIED] = { .type = NLA_U32 },
222	222	[CTA_TIMEOUT_UDP_REPLIED] = { .type = NLA_U32 },
223	223	};
224		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	224	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
225	225
226	226	#ifdef CONFIG_SYSCTL
227	227	static struct ctl_table udp_sysctl_table[] = {
...	...	@@ -292,7 +292,7 @@
292	292	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
293	293	.nla_policy = nf_ct_port_nla_policy,
294	294	#endif
295		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	295	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
296	296	.ctnl_timeout = {
297	297	.nlattr_to_obj = udp_timeout_nlattr_to_obj,
298	298	.obj_to_nlattr = udp_timeout_obj_to_nlattr,
...	...	@@ -300,7 +300,7 @@
300	300	.obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
301	301	.nla_policy = udp_timeout_nla_policy,
302	302	},
303		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	303	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
304	304	.init_net = udp_init_net,
305	305	.get_net_proto = udp_get_net_proto,
306	306	};
...	...	@@ -321,7 +321,7 @@
321	321	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
322	322	.nla_policy = nf_ct_port_nla_policy,
323	323	#endif
324		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	324	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
325	325	.ctnl_timeout = {
326	326	.nlattr_to_obj = udp_timeout_nlattr_to_obj,
327	327	.obj_to_nlattr = udp_timeout_obj_to_nlattr,
...	...	@@ -329,7 +329,7 @@
329	329	.obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
330	330	.nla_policy = udp_timeout_nla_policy,
331	331	},
332		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	332	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
333	333	.init_net = udp_init_net,
334	334	.get_net_proto = udp_get_net_proto,
335	335	};
...	...	@@ -350,7 +350,7 @@
350	350	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
351	351	.nla_policy = nf_ct_port_nla_policy,
352	352	#endif
353		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	353	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
354	354	.ctnl_timeout = {
355	355	.nlattr_to_obj = udp_timeout_nlattr_to_obj,
356	356	.obj_to_nlattr = udp_timeout_obj_to_nlattr,
...	...	@@ -358,7 +358,7 @@
358	358	.obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
359	359	.nla_policy = udp_timeout_nla_policy,
360	360	},
361		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	361	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
362	362	.init_net = udp_init_net,
363	363	.get_net_proto = udp_get_net_proto,
364	364	};
...	...	@@ -379,7 +379,7 @@
379	379	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
380	380	.nla_policy = nf_ct_port_nla_policy,
381	381	#endif
382		-#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
	382	+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
383	383	.ctnl_timeout = {
384	384	.nlattr_to_obj = udp_timeout_nlattr_to_obj,
385	385	.obj_to_nlattr = udp_timeout_obj_to_nlattr,
...	...	@@ -387,7 +387,7 @@
387	387	.obj_size = sizeof(unsigned int) * CTA_TIMEOUT_UDP_MAX,
388	388	.nla_policy = udp_timeout_nla_policy,
389	389	},
390		-#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
	390	+#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
391	391	.init_net = udp_init_net,
392	392	.get_net_proto = udp_get_net_proto,
393	393	};