Remove dependency on CONFIG_NETWORK_SECMARK

INSTALL

@@ -19,6 +19,9 @@ Prerequirements
 	  - or the xtables-combined tarball that is currently distributed
 
 	* kernel-source >= 2.6.18.5 with prepared build/output directory
+	  - CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
+	  - CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK
+	    enabled =y or as module (=m)
 
 
 Selecting extensions

extensions/compat_skbuff.h

@@ -10,6 +10,12 @@ struct udphdr;
 #	define skb_nfmark(skb) (((struct sk_buff *)(skb))->mark)
 #endif
 
+#ifdef CONFIG_NETWORK_SECMARK
+#	define skb_secmark(skb) ((skb)->secmark)
+#else
+#	define skb_secmark(skb) 0
+#endif
+
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 21)
 #	define ip_hdr(skb) ((skb)->nh.iph)
 #	define ip_hdrlen(skb) (ip_hdr(skb)->ihl * 4)

extensions/compat_xtables.h

@@ -10,13 +10,13 @@
 #endif
 
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-#	if !defined(CONFIG_NF_CONNTRACK_MARK) || !defined(CONFIG_NF_CONNTRACK_SECMARK)
-#		warning You have CONFIG_NF_CONNTRACK enabled, but CONFIG_NF_CONNTRACK_MARK or CONFIG_NF_CONNTRACK_SECMARK are not (please enable).
+#	if !defined(CONFIG_NF_CONNTRACK_MARK)
+#		warning You have CONFIG_NF_CONNTRACK enabled, but CONFIG_NF_CONNTRACK_MARK is not (please enable).
 #	endif
 #	include <net/netfilter/nf_conntrack.h>
 #elif defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE)
-#	if !defined(CONFIG_IP_NF_CONNTRACK_MARK) || !defined(CONFIG_IP_NF_CONNTRACK_SECMARK)
-#		warning You have CONFIG_IP_NF_CONNTRACK enabled, but CONFIG_IP_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_SECMARK are not (please enable).
+#	if !defined(CONFIG_IP_NF_CONNTRACK_MARK)
+#		warning You have CONFIG_IP_NF_CONNTRACK enabled, but CONFIG_IP_NF_CONNTRACK_MARK is not (please enable).
 #	endif
 #	include <linux/netfilter_ipv4/ip_conntrack.h>
 #	define nf_conn ip_conntrack

extensions/xt_LOGMARK.c

@@ -42,7 +42,7 @@ logmark_tg(struct sk_buff *skb, const struct net_device *in,
 	printk("<%u>%.*s""hook=%s nfmark=0x%x secmark=0x%x classify=0x%x",
 	       info->level, (unsigned int)sizeof(info->prefix), info->prefix,
 	       hook_names[hooknum],
-	       skb_nfmark(skb), skb->secmark, skb->priority);
+	       skb_nfmark(skb), skb_secmark(skb), skb->priority);
 
 	ct = nf_ct_get(skb, &ctinfo);
 	printk(" ctdir=%s", dir_names[ctinfo >= IP_CT_IS_REPLY]);