From f43ac442e14ce2da3cd006dda0efa918fa7875b9 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Mon, 7 Jul 2008 21:34:52 +0200
Subject: [PATCH] Remove dependency on CONFIG_NETWORK_SECMARK

---
 INSTALL                     | 3 +++
 extensions/compat_skbuff.h  | 6 ++++++
 extensions/compat_xtables.h | 8 ++++----
 extensions/xt_LOGMARK.c     | 2 +-
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/INSTALL b/INSTALL
index ffdc2b3..1e2c057 100644
--- a/INSTALL
+++ b/INSTALL
@@ -19,6 +19,9 @@ Prerequirements
 	  - or the xtables-combined tarball that is currently distributed
 
 	* kernel-source >= 2.6.18.5 with prepared build/output directory
+	  - CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
+	  - CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK
+	    enabled =y or as module (=m)
 
 
 Selecting extensions
diff --git a/extensions/compat_skbuff.h b/extensions/compat_skbuff.h
index b46976d..b32bbf5 100644
--- a/extensions/compat_skbuff.h
+++ b/extensions/compat_skbuff.h
@@ -10,6 +10,12 @@ struct udphdr;
 #	define skb_nfmark(skb) (((struct sk_buff *)(skb))->mark)
 #endif
 
+#ifdef CONFIG_NETWORK_SECMARK
+#	define skb_secmark(skb) ((skb)->secmark)
+#else
+#	define skb_secmark(skb) 0
+#endif
+
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 21)
 #	define ip_hdr(skb) ((skb)->nh.iph)
 #	define ip_hdrlen(skb) (ip_hdr(skb)->ihl * 4)
diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h
index 52b723b..0284dfc 100644
--- a/extensions/compat_xtables.h
+++ b/extensions/compat_xtables.h
@@ -10,13 +10,13 @@
 #endif
 
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-#	if !defined(CONFIG_NF_CONNTRACK_MARK) || !defined(CONFIG_NF_CONNTRACK_SECMARK)
-#		warning You have CONFIG_NF_CONNTRACK enabled, but CONFIG_NF_CONNTRACK_MARK or CONFIG_NF_CONNTRACK_SECMARK are not (please enable).
+#	if !defined(CONFIG_NF_CONNTRACK_MARK)
+#		warning You have CONFIG_NF_CONNTRACK enabled, but CONFIG_NF_CONNTRACK_MARK is not (please enable).
 #	endif
 #	include <net/netfilter/nf_conntrack.h>
 #elif defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE)
-#	if !defined(CONFIG_IP_NF_CONNTRACK_MARK) || !defined(CONFIG_IP_NF_CONNTRACK_SECMARK)
-#		warning You have CONFIG_IP_NF_CONNTRACK enabled, but CONFIG_IP_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_SECMARK are not (please enable).
+#	if !defined(CONFIG_IP_NF_CONNTRACK_MARK)
+#		warning You have CONFIG_IP_NF_CONNTRACK enabled, but CONFIG_IP_NF_CONNTRACK_MARK is not (please enable).
 #	endif
 #	include <linux/netfilter_ipv4/ip_conntrack.h>
 #	define nf_conn ip_conntrack
diff --git a/extensions/xt_LOGMARK.c b/extensions/xt_LOGMARK.c
index 3d2bf5e..3e19b50 100644
--- a/extensions/xt_LOGMARK.c
+++ b/extensions/xt_LOGMARK.c
@@ -42,7 +42,7 @@ logmark_tg(struct sk_buff *skb, const struct net_device *in,
 	printk("<%u>%.*s""hook=%s nfmark=0x%x secmark=0x%x classify=0x%x",
 	       info->level, (unsigned int)sizeof(info->prefix), info->prefix,
 	       hook_names[hooknum],
-	       skb_nfmark(skb), skb->secmark, skb->priority);
+	       skb_nfmark(skb), skb_secmark(skb), skb->priority);
 
 	ct = nf_ct_get(skb, &ctinfo);
 	printk(" ctdir=%s", dir_names[ctinfo >= IP_CT_IS_REPLY]);