[nf-next,2/3] netfilter: add struct nf_nat_hook and use it

Message ID	20180514170928.1990-2-pablo@netfilter.org
State	Changes Requested
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id A6AD9403F021; Mon, 14 May 2018 19:08:38 +0200 (CEST) From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: havlicek@avast.com, mkubecek@suse.cz, kristian.evensen@gmail.com Subject: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it Date: Mon, 14 May 2018 19:09:27 +0200 Message-Id: <20180514170928.1990-2-pablo@netfilter.org> In-Reply-To: <20180514170928.1990-1-pablo@netfilter.org> References: <20180514170928.1990-1-pablo@netfilter.org> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	[nf-next,1/3] netfilter: add struct nf_ct_hook and use it \| expand [nf-next,1/3] netfilter: add struct nf_ct_hook and use it [nf-next,2/3] netfilter: add struct nf_nat_hook and use it [nf-next,3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks

Message ID

20180514170928.1990-2-pablo@netfilter.org

State

Changes Requested

Delegated to:

Pablo Neira

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: havlicek@avast.com, mkubecek@suse.cz, kristian.evensen@gmail.com
Subject: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Date: Mon, 14 May 2018 19:09:27 +0200
Message-Id: <20180514170928.1990-2-pablo@netfilter.org>
In-Reply-To: <20180514170928.1990-1-pablo@netfilter.org>
References: <20180514170928.1990-1-pablo@netfilter.org>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

[nf-next,1/3] netfilter: add struct nf_ct_hook and use it | expand

Commit Message

Pablo Neira Ayuso May 14, 2018, 5:09 p.m. UTC

Move decode_session() and parse_nat_setup_hook() indirections to struct
nf_nat_hook structure.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter.h            | 22 ----------------------
 include/net/netfilter/nf_nat_core.h  | 27 +++++++++++++++++++++++----
 net/netfilter/core.c                 |  8 +++-----
 net/netfilter/nf_conntrack_core.c    |  5 -----
 net/netfilter/nf_conntrack_netlink.c | 10 +++++-----
 net/netfilter/nf_nat_core.c          | 23 ++++++++++++-----------
 net/xfrm/xfrm_policy.c               |  2 +-
 7 files changed, 44 insertions(+), 53 deletions(-)

Comments

kernel test robot May 14, 2018, 9:48 p.m. UTC | #1

Hi Pablo,

I love your patch! Yet something to improve:

[auto build test ERROR on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: arm-multi_v5_defconfig (attached as .config)
compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=arm 

All errors (new ones prefixed by >>):

   In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
                    from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
                    from include/net/netfilter/nf_conntrack.h:25,
                    from include/net/netfilter/nf_nat_core.h:5,
                    from net/xfrm/xfrm_policy.c:35:
   include/linux/netfilter/x_tables.h: In function 'xt_net':
>> include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to incomplete type 'const struct nf_hook_state'
     return par->state->net;
                      ^~
   In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
                    from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
                    from include/net/netfilter/nf_conntrack.h:25,
                    from include/net/netfilter/nf_nat_core.h:5,
                    from net/xfrm/xfrm_policy.c:35:
   include/linux/netfilter/x_tables.h: At top level:
>> include/linux/netfilter/x_tables.h:450:64: error: unknown type name 'nf_hookfn'
    struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *);
                                                                   ^~~~~~~~~
   In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0,
                    from include/net/netfilter/nf_conntrack.h:25,
                    from include/net/netfilter/nf_nat_core.h:5,
                    from net/xfrm/xfrm_policy.c:35:
   include/net/netfilter/nf_conntrack_tuple.h: In function '__nf_ct_tuple_src_equal':
>> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit declaration of function 'nf_inet_addr_cmp'; did you mean 'inet_addr_type'? [-Werror=implicit-function-declaration]
     return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) &&
             ^~~~~~~~~~~~~~~~
             inet_addr_type
   In file included from include/net/netfilter/nf_nat_core.h:5:0,
                    from net/xfrm/xfrm_policy.c:35:
   include/net/netfilter/nf_conntrack.h: At top level:
>> include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has incomplete type
     struct nf_conntrack ct_general;
                         ^~~~~~~~~~
   include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get':
>> include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' has no member named '_nfct'
     *ctinfo = skb->_nfct & NFCT_INFOMASK;
                  ^~
   include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff' has no member named '_nfct'
     return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
                                  ^~
   include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put':
>> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of function 'nf_conntrack_put'; did you mean 'nf_ct_put'? [-Werror=implicit-function-declaration]
     nf_conntrack_put(&ct->ct_general);
     ^~~~~~~~~~~~~~~~
     nf_ct_put
   include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set':
>> include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no member named '_nfct'
     skb->_nfct = (unsigned long)ct | info;
        ^~
   cc1: some warnings being treated as errors

vim +148 include/net/netfilter/nf_conntrack.h

f8eb24a89 Patrick McHardy        2006-11-29   49  
ea781f197 Eric Dumazet           2009-03-25   50  struct nf_conn {
f330a7fdb Florian Westphal       2016-08-25   51  	/* Usage count in here is 1 for hash table, 1 per skb,
b476b72a0 Jesper Dangaard Brouer 2014-03-03   52  	 * plus 1 for any connection(s) we are `master' for
b476b72a0 Jesper Dangaard Brouer 2014-03-03   53  	 *
a9e419dc7 Florian Westphal       2017-01-23   54  	 * Hint, SKB address this struct and refcnt via skb->_nfct and
b476b72a0 Jesper Dangaard Brouer 2014-03-03   55  	 * helpers nf_conntrack_get() and nf_conntrack_put().
b476b72a0 Jesper Dangaard Brouer 2014-03-03   56  	 * Helper nf_ct_put() equals nf_conntrack_put() by dec refcnt,
b476b72a0 Jesper Dangaard Brouer 2014-03-03   57  	 * beware nf_ct_get() is different and don't inc refcnt.
b476b72a0 Jesper Dangaard Brouer 2014-03-03   58  	 */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  @59  	struct nf_conntrack ct_general;
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   60  
440f0d588 Patrick McHardy        2009-06-10   61  	spinlock_t	lock;
b7779d06f Jesper Dangaard Brouer 2014-03-03   62  	u16		cpu;
440f0d588 Patrick McHardy        2009-06-10   63  
6c8dee984 Florian Westphal       2016-06-11   64  #ifdef CONFIG_NF_CONNTRACK_ZONES
6c8dee984 Florian Westphal       2016-06-11   65  	struct nf_conntrack_zone zone;
6c8dee984 Florian Westphal       2016-06-11   66  #endif
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   67  	/* XXX should I move this to the tail ? - Y.K */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   68  	/* These are my tuples; original and reply */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   69  	struct nf_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   70  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   71  	/* Have we seen traffic both ways yet? (bitset) */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   72  	unsigned long status;
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   73  
f330a7fdb Florian Westphal       2016-08-25   74  	/* jiffies32 when this ct is considered dead */
f330a7fdb Florian Westphal       2016-08-25   75  	u32 timeout;
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   76  
0c5c9fb55 Eric W. Biederman      2015-03-11   77  	possible_net_t ct_net;
0c5c9fb55 Eric W. Biederman      2015-03-11   78  
5173bc679 Florian Westphal       2016-11-23   79  #if IS_ENABLED(CONFIG_NF_NAT)
e1bf16877 Florian Westphal       2017-09-06   80  	struct hlist_node	nat_bysource;
5173bc679 Florian Westphal       2016-11-23   81  #endif
c41884ce0 Florian Westphal       2014-11-24   82  	/* all members below initialized via memset */
c41884ce0 Florian Westphal       2014-11-24   83  	u8 __nfct_init_offset[0];
c41884ce0 Florian Westphal       2014-11-24   84  
c41884ce0 Florian Westphal       2014-11-24   85  	/* If we were expected by an expectation, this will be it */
c41884ce0 Florian Westphal       2014-11-24   86  	struct nf_conn *master;
c41884ce0 Florian Westphal       2014-11-24   87  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   88  #if defined(CONFIG_NF_CONNTRACK_MARK)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   89  	u_int32_t mark;
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   90  #endif
9fb9cbb10 Yasuyuki Kozakai       2005-11-09   91  
7c9728c39 James Morris           2006-06-09   92  #ifdef CONFIG_NF_CONNTRACK_SECMARK
7c9728c39 James Morris           2006-06-09   93  	u_int32_t secmark;
7c9728c39 James Morris           2006-06-09   94  #endif
7c9728c39 James Morris           2006-06-09   95  
ecfab2c9f Yasuyuki Kozakai       2007-07-07   96  	/* Extensions */
ecfab2c9f Yasuyuki Kozakai       2007-07-07   97  	struct nf_ct_ext *ext;
e5fc9e7a6 Changli Gao            2010-11-12   98  
e5fc9e7a6 Changli Gao            2010-11-12   99  	/* Storage reserved for other modules, must be the last member */
e5fc9e7a6 Changli Gao            2010-11-12  100  	union nf_conntrack_proto proto;
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  101  };
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  102  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  103  static inline struct nf_conn *
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  104  nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  105  {
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  106  	return container_of(hash, struct nf_conn,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  107  			    tuplehash[hash->tuple.dst.dir]);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  108  }
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  109  
5e8fbe2ac Patrick McHardy        2008-04-14  110  static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct)
5e8fbe2ac Patrick McHardy        2008-04-14  111  {
5e8fbe2ac Patrick McHardy        2008-04-14  112  	return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
5e8fbe2ac Patrick McHardy        2008-04-14  113  }
5e8fbe2ac Patrick McHardy        2008-04-14  114  
5e8fbe2ac Patrick McHardy        2008-04-14  115  static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct)
5e8fbe2ac Patrick McHardy        2008-04-14  116  {
5e8fbe2ac Patrick McHardy        2008-04-14  117  	return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
5e8fbe2ac Patrick McHardy        2008-04-14  118  }
5e8fbe2ac Patrick McHardy        2008-04-14  119  
f2f3e38c6 Pablo Neira Ayuso      2009-06-02  120  #define nf_ct_tuple(ct, dir) (&(ct)->tuplehash[dir].tuple)
f2f3e38c6 Pablo Neira Ayuso      2009-06-02  121  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  122  /* get master conntrack via master expectation */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  123  #define master_ct(conntr) (conntr->master)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  124  
5a1fb391d Alexey Dobriyan        2008-10-08  125  extern struct net init_net;
5a1fb391d Alexey Dobriyan        2008-10-08  126  
5a1fb391d Alexey Dobriyan        2008-10-08  127  static inline struct net *nf_ct_net(const struct nf_conn *ct)
5a1fb391d Alexey Dobriyan        2008-10-08  128  {
c2d9ba9bc Eric Dumazet           2010-06-01  129  	return read_pnet(&ct->ct_net);
5a1fb391d Alexey Dobriyan        2008-10-08  130  }
5a1fb391d Alexey Dobriyan        2008-10-08  131  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  132  /* Alter reply tuple (maybe alter helper). */
4e77be463 Joe Perches            2013-09-23  133  void nf_conntrack_alter_reply(struct nf_conn *ct,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  134  			      const struct nf_conntrack_tuple *newreply);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  135  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  136  /* Is this tuple taken? (ignoring any belonging to the given
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  137     conntrack). */
4e77be463 Joe Perches            2013-09-23  138  int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  139  			     const struct nf_conn *ignored_conntrack);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  140  
303223092 Florian Westphal       2017-01-23  141  #define NFCT_INFOMASK	7UL
a9e419dc7 Florian Westphal       2017-01-23  142  #define NFCT_PTRMASK	~(NFCT_INFOMASK)
303223092 Florian Westphal       2017-01-23  143  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  144  /* Return conntrack_info and tuple hash for given skb. */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  145  static inline struct nf_conn *
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  146  nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  147  {
a9e419dc7 Florian Westphal       2017-01-23 @148  	*ctinfo = skb->_nfct & NFCT_INFOMASK;
a9e419dc7 Florian Westphal       2017-01-23  149  
a9e419dc7 Florian Westphal       2017-01-23 @150  	return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  151  }
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  152  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  153  /* decrement reference count on a conntrack */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  154  static inline void nf_ct_put(struct nf_conn *ct)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  155  {
44d6e2f27 Varsha Rao             2017-08-30  156  	WARN_ON(!ct);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09 @157  	nf_conntrack_put(&ct->ct_general);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  158  }
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  159  
b9f78f9fc Pablo Neira Ayuso      2006-03-22  160  /* Protocol module loading */
4e77be463 Joe Perches            2013-09-23  161  int nf_ct_l3proto_try_module_get(unsigned short l3proto);
4e77be463 Joe Perches            2013-09-23  162  void nf_ct_l3proto_module_put(unsigned short l3proto);
b9f78f9fc Pablo Neira Ayuso      2006-03-22  163  
ecb2421b5 Florian Westphal       2016-11-15  164  /* load module; enable/disable conntrack in this namespace */
ecb2421b5 Florian Westphal       2016-11-15  165  int nf_ct_netns_get(struct net *net, u8 nfproto);
ecb2421b5 Florian Westphal       2016-11-15  166  void nf_ct_netns_put(struct net *net, u8 nfproto);
ecb2421b5 Florian Westphal       2016-11-15  167  
ea781f197 Eric Dumazet           2009-03-25  168  /*
ea781f197 Eric Dumazet           2009-03-25  169   * Allocate a hashtable of hlist_head (if nulls == 0),
ea781f197 Eric Dumazet           2009-03-25  170   * or hlist_nulls_head (if nulls == 1)
ea781f197 Eric Dumazet           2009-03-25  171   */
4e77be463 Joe Perches            2013-09-23  172  void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls);
ea781f197 Eric Dumazet           2009-03-25  173  
4e77be463 Joe Perches            2013-09-23  174  void nf_ct_free_hashtable(void *hash, unsigned int size);
ac565e5fc Patrick McHardy        2007-07-07  175  
4e77be463 Joe Perches            2013-09-23  176  int nf_conntrack_hash_check_insert(struct nf_conn *ct);
02982c27b Florian Westphal       2013-07-29  177  bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report);
c1d10adb4 Pablo Neira Ayuso      2006-01-05  178  
4e77be463 Joe Perches            2013-09-23  179  bool nf_ct_get_tuplepr(const struct sk_buff *skb, unsigned int nhoff,
a31f1adc0 Eric W. Biederman      2015-09-18  180  		       u_int16_t l3num, struct net *net,
a31f1adc0 Eric W. Biederman      2015-09-18  181  		       struct nf_conntrack_tuple *tuple);
4e77be463 Joe Perches            2013-09-23  182  bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  183  			  const struct nf_conntrack_tuple *orig);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  184  
4e77be463 Joe Perches            2013-09-23  185  void __nf_ct_refresh_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  186  			  const struct sk_buff *skb,
4e77be463 Joe Perches            2013-09-23  187  			  unsigned long extra_jiffies, int do_acct);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  188  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  189  /* Refresh conntrack for this many jiffies and do accounting */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  190  static inline void nf_ct_refresh_acct(struct nf_conn *ct,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  191  				      enum ip_conntrack_info ctinfo,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  192  				      const struct sk_buff *skb,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  193  				      unsigned long extra_jiffies)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  194  {
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  195  	__nf_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, 1);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  196  }
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  197  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  198  /* Refresh conntrack for this many jiffies */
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  199  static inline void nf_ct_refresh(struct nf_conn *ct,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  200  				 const struct sk_buff *skb,
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  201  				 unsigned long extra_jiffies)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  202  {
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  203  	__nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  204  }
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  205  
718d4ad98 Fabian Hugelshofer     2008-06-09  206  /* kill conntrack and do accounting */
ad66713f5 Florian Westphal       2016-08-25  207  bool nf_ct_kill_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
ad66713f5 Florian Westphal       2016-08-25  208  		     const struct sk_buff *skb);
718d4ad98 Fabian Hugelshofer     2008-06-09  209  
718d4ad98 Fabian Hugelshofer     2008-06-09  210  /* kill conntrack without accounting */
4c8894980 David S. Miller        2008-07-14  211  static inline bool nf_ct_kill(struct nf_conn *ct)
718d4ad98 Fabian Hugelshofer     2008-06-09  212  {
ad66713f5 Florian Westphal       2016-08-25  213  	return nf_ct_delete(ct, 0, 0);
718d4ad98 Fabian Hugelshofer     2008-06-09  214  }
51091764f Patrick McHardy        2008-06-09  215  
84657984c Florian Westphal       2017-07-26  216  /* Set all unconfirmed conntrack as dying */
84657984c Florian Westphal       2017-07-26  217  void nf_ct_unconfirmed_destroy(struct net *);
84657984c Florian Westphal       2017-07-26  218  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  219  /* Iterate over all conntracks: if iter returns true, it's deleted. */
9fd6452d6 Florian Westphal       2017-05-21  220  void nf_ct_iterate_cleanup_net(struct net *net,
c655bc689 Florian Westphal       2013-07-29  221  			       int (*iter)(struct nf_conn *i, void *data),
c655bc689 Florian Westphal       2013-07-29  222  			       void *data, u32 portid, int report);
308ac9143 Daniel Borkmann        2015-08-08  223  
2843fb699 Florian Westphal       2017-05-21  224  /* also set unconfirmed conntracks as dying. Only use in module exit path. */
2843fb699 Florian Westphal       2017-05-21  225  void nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data),
2843fb699 Florian Westphal       2017-05-21  226  			   void *data);
2843fb699 Florian Westphal       2017-05-21  227  
308ac9143 Daniel Borkmann        2015-08-08  228  struct nf_conntrack_zone;
308ac9143 Daniel Borkmann        2015-08-08  229  
4e77be463 Joe Perches            2013-09-23  230  void nf_conntrack_free(struct nf_conn *ct);
308ac9143 Daniel Borkmann        2015-08-08  231  struct nf_conn *nf_conntrack_alloc(struct net *net,
308ac9143 Daniel Borkmann        2015-08-08  232  				   const struct nf_conntrack_zone *zone,
5a1fb391d Alexey Dobriyan        2008-10-08  233  				   const struct nf_conntrack_tuple *orig,
b891c5a83 Pablo Neira Ayuso      2008-07-08  234  				   const struct nf_conntrack_tuple *repl,
b891c5a83 Pablo Neira Ayuso      2008-07-08  235  				   gfp_t gfp);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  236  
b2a15a604 Patrick McHardy        2010-02-03  237  static inline int nf_ct_is_template(const struct nf_conn *ct)
b2a15a604 Patrick McHardy        2010-02-03  238  {
b2a15a604 Patrick McHardy        2010-02-03  239  	return test_bit(IPS_TEMPLATE_BIT, &ct->status);
b2a15a604 Patrick McHardy        2010-02-03  240  }
b2a15a604 Patrick McHardy        2010-02-03  241  
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  242  /* It's confirmed if it is, or has been in the hash table. */
d51ed8367 Florian Westphal       2016-07-08  243  static inline int nf_ct_is_confirmed(const struct nf_conn *ct)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  244  {
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  245  	return test_bit(IPS_CONFIRMED_BIT, &ct->status);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  246  }
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  247  
d51ed8367 Florian Westphal       2016-07-08  248  static inline int nf_ct_is_dying(const struct nf_conn *ct)
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  249  {
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  250  	return test_bit(IPS_DYING_BIT, &ct->status);
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  251  }
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  252  
42c1edd34 Julian Anastasov       2011-06-16  253  /* Packet is received from loopback */
42c1edd34 Julian Anastasov       2011-06-16  254  static inline bool nf_is_loopback_packet(const struct sk_buff *skb)
42c1edd34 Julian Anastasov       2011-06-16  255  {
42c1edd34 Julian Anastasov       2011-06-16  256  	return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK;
42c1edd34 Julian Anastasov       2011-06-16  257  }
42c1edd34 Julian Anastasov       2011-06-16  258  
f330a7fdb Florian Westphal       2016-08-25  259  #define nfct_time_stamp ((u32)(jiffies))
f330a7fdb Florian Westphal       2016-08-25  260  
c8607e020 Florian Westphal       2016-07-06  261  /* jiffies until ct expires, 0 if already expired */
c8607e020 Florian Westphal       2016-07-06  262  static inline unsigned long nf_ct_expires(const struct nf_conn *ct)
c8607e020 Florian Westphal       2016-07-06  263  {
f330a7fdb Florian Westphal       2016-08-25  264  	s32 timeout = ct->timeout - nfct_time_stamp;
c8607e020 Florian Westphal       2016-07-06  265  
c8607e020 Florian Westphal       2016-07-06  266  	return timeout > 0 ? timeout : 0;
c8607e020 Florian Westphal       2016-07-06  267  }
c8607e020 Florian Westphal       2016-07-06  268  
f330a7fdb Florian Westphal       2016-08-25  269  static inline bool nf_ct_is_expired(const struct nf_conn *ct)
f330a7fdb Florian Westphal       2016-08-25  270  {
f330a7fdb Florian Westphal       2016-08-25  271  	return (__s32)(ct->timeout - nfct_time_stamp) <= 0;
f330a7fdb Florian Westphal       2016-08-25  272  }
f330a7fdb Florian Westphal       2016-08-25  273  
f330a7fdb Florian Westphal       2016-08-25  274  /* use after obtaining a reference count */
f330a7fdb Florian Westphal       2016-08-25  275  static inline bool nf_ct_should_gc(const struct nf_conn *ct)
f330a7fdb Florian Westphal       2016-08-25  276  {
f330a7fdb Florian Westphal       2016-08-25  277  	return nf_ct_is_expired(ct) && nf_ct_is_confirmed(ct) &&
f330a7fdb Florian Westphal       2016-08-25  278  	       !nf_ct_is_dying(ct);
f330a7fdb Florian Westphal       2016-08-25  279  }
f330a7fdb Florian Westphal       2016-08-25  280  
34641c6d0 Paul Gortmaker         2011-08-29  281  struct kernel_param;
34641c6d0 Paul Gortmaker         2011-08-29  282  
e4dca7b7a Kees Cook              2017-10-17  283  int nf_conntrack_set_hashsize(const char *val, const struct kernel_param *kp);
3183ab899 Florian Westphal       2016-06-22  284  int nf_conntrack_hash_resize(unsigned int hashsize);
92e47ba88 Liping Zhang           2016-08-13  285  
92e47ba88 Liping Zhang           2016-08-13  286  extern struct hlist_nulls_head *nf_conntrack_hash;
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  287  extern unsigned int nf_conntrack_htable_size;
92e47ba88 Liping Zhang           2016-08-13  288  extern seqcount_t nf_conntrack_generation;
e478075c6 Hagen Paul Pfeifer     2009-02-20  289  extern unsigned int nf_conntrack_max;
9fb9cbb10 Yasuyuki Kozakai       2005-11-09  290  
92e47ba88 Liping Zhang           2016-08-13  291  /* must be called with rcu read lock held */
92e47ba88 Liping Zhang           2016-08-13  292  static inline void
92e47ba88 Liping Zhang           2016-08-13  293  nf_conntrack_get_ht(struct hlist_nulls_head **hash, unsigned int *hsize)
92e47ba88 Liping Zhang           2016-08-13  294  {
92e47ba88 Liping Zhang           2016-08-13  295  	struct hlist_nulls_head *hptr;
92e47ba88 Liping Zhang           2016-08-13  296  	unsigned int sequence, hsz;
92e47ba88 Liping Zhang           2016-08-13  297  
92e47ba88 Liping Zhang           2016-08-13  298  	do {
92e47ba88 Liping Zhang           2016-08-13  299  		sequence = read_seqcount_begin(&nf_conntrack_generation);
92e47ba88 Liping Zhang           2016-08-13  300  		hsz = nf_conntrack_htable_size;
92e47ba88 Liping Zhang           2016-08-13  301  		hptr = nf_conntrack_hash;
92e47ba88 Liping Zhang           2016-08-13  302  	} while (read_seqcount_retry(&nf_conntrack_generation, sequence));
92e47ba88 Liping Zhang           2016-08-13  303  
92e47ba88 Liping Zhang           2016-08-13  304  	*hash = hptr;
92e47ba88 Liping Zhang           2016-08-13  305  	*hsize = hsz;
92e47ba88 Liping Zhang           2016-08-13  306  }
92e47ba88 Liping Zhang           2016-08-13  307  
308ac9143 Daniel Borkmann        2015-08-08  308  struct nf_conn *nf_ct_tmpl_alloc(struct net *net,
308ac9143 Daniel Borkmann        2015-08-08  309  				 const struct nf_conntrack_zone *zone,
308ac9143 Daniel Borkmann        2015-08-08  310  				 gfp_t flags);
9cf94eab8 Daniel Borkmann        2015-08-31  311  void nf_ct_tmpl_free(struct nf_conn *tmpl);
e53376bef Pablo Neira Ayuso      2014-02-03  312  
c74454fad Florian Westphal       2017-01-23  313  static inline void
c74454fad Florian Westphal       2017-01-23  314  nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info)
c74454fad Florian Westphal       2017-01-23  315  {
a9e419dc7 Florian Westphal       2017-01-23 @316  	skb->_nfct = (unsigned long)ct | info;
c74454fad Florian Westphal       2017-01-23  317  }
c74454fad Florian Westphal       2017-01-23  318  

:::::: The code at line 148 was first introduced by commit
:::::: a9e419dc7be6997409dca6d1b9daf3cc7046902f netfilter: merge ctinfo into nfct pointer storage area

:::::: TO: Florian Westphal <fw@strlen.de>
:::::: CC: Pablo Neira Ayuso <pablo@netfilter.org>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

kernel test robot May 14, 2018, 11:05 p.m. UTC | #2

Hi Pablo,

I love your patch! Yet something to improve:

[auto build test ERROR on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-randconfig-u0-05141234 (attached as .config)
compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   In file included from include/net/netfilter/nf_nat_core.h:5:0,
                    from net//xfrm/xfrm_policy.c:35:
   include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has incomplete type
     struct nf_conntrack ct_general;
                         ^
   include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get':
   include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' has no member named '_nfct'
     *ctinfo = skb->_nfct & NFCT_INFOMASK;
                  ^
   include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff' has no member named '_nfct'
     return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
                                  ^
   include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put':
>> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of function 'nf_conntrack_put' [-Werror=implicit-function-declaration]
     nf_conntrack_put(&ct->ct_general);
     ^
   include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set':
   include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no member named '_nfct'
     skb->_nfct = (unsigned long)ct | info;
        ^
   cc1: some warnings being treated as errors

vim +/nf_conntrack_put +157 include/net/netfilter/nf_conntrack.h

303223092 Florian Westphal 2017-01-23  143  
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  144  /* Return conntrack_info and tuple hash for given skb. */
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  145  static inline struct nf_conn *
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  146  nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  147  {
a9e419dc7 Florian Westphal 2017-01-23 @148  	*ctinfo = skb->_nfct & NFCT_INFOMASK;
a9e419dc7 Florian Westphal 2017-01-23  149  
a9e419dc7 Florian Westphal 2017-01-23  150  	return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  151  }
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  152  
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  153  /* decrement reference count on a conntrack */
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  154  static inline void nf_ct_put(struct nf_conn *ct)
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  155  {
44d6e2f27 Varsha Rao       2017-08-30  156  	WARN_ON(!ct);
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 @157  	nf_conntrack_put(&ct->ct_general);
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  158  }
9fb9cbb10 Yasuyuki Kozakai 2005-11-09  159  

:::::: The code at line 157 was first introduced by commit
:::::: 9fb9cbb1082d6b31fb45aa1a14432449a0df6cf1 [NETFILTER]: Add nf_conntrack subsystem.

:::::: TO: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
:::::: CC: David S. Miller <davem@davemloft.net>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

kernel test robot May 14, 2018, 11:15 p.m. UTC | #3

Hi Pablo,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
        # apt-get install sparse
        make ARCH=x86_64 allmodconfig
        make C=1 CF=-D__CHECK_ENDIAN__


sparse warnings: (new ones prefixed by >>)

   net/netfilter/nf_nat_core.c:599:25: sparse: incompatible types in comparison expression (different address spaces)
   net/netfilter/nf_nat_core.c:837:9: sparse: incompatible types in comparison expression (different address spaces)
   net/netfilter/nf_nat_core.c:851:9: sparse: incompatible types in comparison expression (different address spaces)
>> net/netfilter/nf_nat_core.c:836:9: sparse: dereference of noderef expression
--
>> net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incorrect type in argument 1 (different address spaces) @@    expected void const volatile *p @@    got struct nf_nat_hoovoid const volatile *p @@
   net/netfilter/nf_conntrack_netlink.c:1437:20:    expected void const volatile *p
   net/netfilter/nf_conntrack_netlink.c:1437:20:    got struct nf_nat_hook *[noderef] <asn:4>*<noident>
>> net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incorrect type in argument 1 (different address spaces) @@    expected void const volatile *p @@    got struct nf_nat_hoovoid const volatile *p @@
   net/netfilter/nf_conntrack_netlink.c:1437:20:    expected void const volatile *p
   net/netfilter/nf_conntrack_netlink.c:1437:20:    got struct nf_nat_hook *[noderef] <asn:4>*<noident>
   net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incompatible types in comparison expression (different address spaces)
   net/netfilter/nf_conntrack_netlink.c:1589:34: sparse: incompatible types in comparison expression (different address spaces)
   net/netfilter/nf_conntrack_netlink.c:3014:29: sparse: incorrect type in argument 1 (different address spaces) @@    expected char const *<noident> @@    got char [noderchar const *<noident> @@
   net/netfilter/nf_conntrack_netlink.c:3014:29:    expected char const *<noident>
   net/netfilter/nf_conntrack_netlink.c:3014:29:    got char [noderef] <asn:4>*<noident>
   net/netfilter/nf_conntrack_netlink.c:868:36: sparse: context imbalance in 'ctnetlink_dump_table' - unexpected unlock
   include/linux/rcupdate.h:686:9: sparse: context imbalance in 'ctnetlink_parse_nat_setup' - unexpected unlock

vim +836 net/netfilter/nf_nat_core.c

   810	
   811	static int __init nf_nat_init(void)
   812	{
   813		int ret, i;
   814	
   815		/* Leave them the same for the moment. */
   816		nf_nat_htable_size = nf_conntrack_htable_size;
   817		if (nf_nat_htable_size < CONNTRACK_LOCKS)
   818			nf_nat_htable_size = CONNTRACK_LOCKS;
   819	
   820		nf_nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, 0);
   821		if (!nf_nat_bysource)
   822			return -ENOMEM;
   823	
   824		ret = nf_ct_extend_register(&nat_extend);
   825		if (ret < 0) {
   826			nf_ct_free_hashtable(nf_nat_bysource, nf_nat_htable_size);
   827			pr_err("Unable to register extension\n");
   828			return ret;
   829		}
   830	
   831		for (i = 0; i < CONNTRACK_LOCKS; i++)
   832			spin_lock_init(&nf_nat_locks[i]);
   833	
   834		nf_ct_helper_expectfn_register(&follow_master_nat);
   835	
 > 836		WARN_ON(nf_nat_hook != NULL);
   837		RCU_INIT_POINTER(nf_nat_hook, &nat_hook);
   838	
   839		return 0;
   840	}
   841	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

kernel test robot May 15, 2018, 12:04 a.m. UTC | #4

Hi Pablo,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf-next/master]

url:    https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
        # apt-get install sparse
        make ARCH=x86_64 allmodconfig
        make C=1 CF=-D__CHECK_ENDIAN__


sparse warnings: (new ones prefixed by >>)

   net/xfrm/xfrm_policy.c:592:22: sparse: incorrect type in assignment (different address spaces) @@    expected struct hlist_head *odst @@    got struct hlist_headstruct hlist_head *odst @@
   net/xfrm/xfrm_policy.c:592:22:    expected struct hlist_head *odst
   net/xfrm/xfrm_policy.c:592:22:    got struct hlist_head [noderef] <asn:4>*table
>> include/net/netfilter/nf_nat_core.h:44:20: sparse: incorrect type in argument 1 (different address spaces) @@    expected void const volatile *p @@    got struct nf_nat_hoovoid const volatile *p @@
   include/net/netfilter/nf_nat_core.h:44:20:    expected void const volatile *p
   include/net/netfilter/nf_nat_core.h:44:20:    got struct nf_nat_hook *[noderef] <asn:4>*<noident>
>> include/net/netfilter/nf_nat_core.h:44:20: sparse: incorrect type in argument 1 (different address spaces) @@    expected void const volatile *p @@    got struct nf_nat_hoovoid const volatile *p @@
   include/net/netfilter/nf_nat_core.h:44:20:    expected void const volatile *p
   include/net/netfilter/nf_nat_core.h:44:20:    got struct nf_nat_hook *[noderef] <asn:4>*<noident>
>> include/net/netfilter/nf_nat_core.h:44:20: sparse: incompatible types in comparison expression (different address spaces)
   net/xfrm/xfrm_policy.c:2808:43: sparse: incompatible types in comparison expression (different address spaces)
   net/xfrm/xfrm_policy.c:2879:29: sparse: incorrect type in assignment (different address spaces) @@    expected struct hlist_head [noderef] <asn:4>*table @@    got  [noderef] <asn:4>*table @@
   net/xfrm/xfrm_policy.c:2879:29:    expected struct hlist_head [noderef] <asn:4>*table
   net/xfrm/xfrm_policy.c:2879:29:    got struct hlist_head *
   net/xfrm/xfrm_policy.c:2905:36: sparse: incorrect type in argument 1 (different address spaces) @@    expected struct hlist_head *n @@    got struct hlist_headstruct hlist_head *n @@
   net/xfrm/xfrm_policy.c:2905:36:    expected struct hlist_head *n
   net/xfrm/xfrm_policy.c:2905:36:    got struct hlist_head [noderef] <asn:4>*table
   net/xfrm/xfrm_policy.c:2932:17: sparse: incorrect type in argument 1 (different address spaces) @@    expected struct hlist_head const *h @@    got struct hlisstruct hlist_head const *h @@
   net/xfrm/xfrm_policy.c:2932:17:    expected struct hlist_head const *h
   net/xfrm/xfrm_policy.c:2932:17:    got struct hlist_head [noderef] <asn:4>*table
   net/xfrm/xfrm_policy.c:2933:36: sparse: incorrect type in argument 1 (different address spaces) @@    expected struct hlist_head *n @@    got struct hlist_headstruct hlist_head *n @@
   net/xfrm/xfrm_policy.c:2933:36:    expected struct hlist_head *n
   net/xfrm/xfrm_policy.c:2933:36:    got struct hlist_head [noderef] <asn:4>*table
   net/xfrm/xfrm_policy.c:109:40: sparse: context imbalance in 'xfrm_policy_get_afinfo' - different lock contexts for basic block
   include/linux/rcupdate.h:686:9: sparse: context imbalance in '__xfrm_dst_lookup' - unexpected unlock
   net/xfrm/xfrm_policy.c:900:25: sparse: dereference of noderef expression
   net/xfrm/xfrm_policy.c:958:25: sparse: dereference of noderef expression
   include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_get_saddr' - unexpected unlock
   include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_get_tos' - unexpected unlock
   include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_bundle_create' - unexpected unlock
   include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_create_dummy_bundle' - unexpected unlock
   include/linux/rcupdate.h:686:9: sparse: context imbalance in 'make_blackhole' - unexpected unlock
   include/linux/rcupdate.h:686:9: sparse: context imbalance in '__xfrm_decode_session' - unexpected unlock

vim +44 include/net/netfilter/nf_nat_core.h

    36	
    37	static inline void
    38	nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
    39	{
    40	#ifdef CONFIG_NF_NAT_NEEDED
    41		struct nf_nat_hook *nat_hook;
    42	
    43		rcu_read_lock();
  > 44		nat_hook = rcu_dereference(nf_nat_hook);
    45		if (nat_hook->decode_session)
    46			nat_hook->decode_session(skb, fl);
    47		rcu_read_unlock();
    48	#endif
    49	}
    50	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index a504924c2706..b57cdbc75e81 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -320,23 +320,6 @@  int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl,
 	     bool strict, unsigned short family);
 int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry);
 
-#include <net/flow.h>
-extern void (*nf_nat_decode_session_hook)(struct sk_buff *, struct flowi *);
-
-static inline void
-nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
-{
-#ifdef CONFIG_NF_NAT_NEEDED
-	void (*decodefn)(struct sk_buff *, struct flowi *);
-
-	rcu_read_lock();
-	decodefn = rcu_dereference(nf_nat_decode_session_hook);
-	if (decodefn)
-		decodefn(skb, fl);
-	rcu_read_unlock();
-#endif
-}
-
 #else /* !CONFIG_NETFILTER */
 static inline int
 NF_HOOK_COND(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
@@ -362,11 +345,6 @@  static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net,
 {
 	return 1;
 }
-struct flowi;
-static inline void
-nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
-{
-}
 #endif /*CONFIG_NETFILTER*/
 
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h
index 235bd0e9a5aa..81c381d28cc7 100644
--- a/include/net/netfilter/nf_nat_core.h
+++ b/include/net/netfilter/nf_nat_core.h
@@ -24,9 +24,28 @@  static inline int nf_nat_initialized(struct nf_conn *ct,
 
 struct nlattr;
 
-extern int
-(*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct,
-				  enum nf_nat_manip_type manip,
-				  const struct nlattr *attr);
+#include <net/flow.h>
+
+struct nf_nat_hook {
+	int (*parse_nat_setup)(struct nf_conn *ct, enum nf_nat_manip_type manip,
+			       const struct nlattr *attr);
+	void (*decode_session)(struct sk_buff *skb, struct flowi *fl);
+};
+
+extern struct nf_nat_hook *nf_nat_hook __rcu;
+
+static inline void
+nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
+{
+#ifdef CONFIG_NF_NAT_NEEDED
+	struct nf_nat_hook *nat_hook;
+
+	rcu_read_lock();
+	nat_hook = rcu_dereference(nf_nat_hook);
+	if (nat_hook->decode_session)
+		nat_hook->decode_session(skb, fl);
+	rcu_read_unlock();
+#endif
+}
 
 #endif /* _NF_NAT_CORE_H */
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index cec1c0585949..4ed5b178618a 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -546,6 +546,9 @@  EXPORT_SYMBOL(ip_ct_attach);
 struct nf_ct_hook __rcu *nf_ct_hook __read_mostly;
 EXPORT_SYMBOL_GPL(nf_ct_hook);
 
+struct nf_nat_hook *nf_nat_hook __read_mostly;
+EXPORT_SYMBOL_GPL(nf_nat_hook);
+
 void nf_ct_attach(struct sk_buff *new, const struct sk_buff *skb)
 {
 	void (*attach)(struct sk_buff *, const struct sk_buff *);
@@ -580,11 +583,6 @@  const struct nf_conntrack_zone nf_ct_zone_dflt = {
 EXPORT_SYMBOL_GPL(nf_ct_zone_dflt);
 #endif /* CONFIG_NF_CONNTRACK */
 
-#ifdef CONFIG_NF_NAT_NEEDED
-void (*nf_nat_decode_session_hook)(struct sk_buff *, struct flowi *);
-EXPORT_SYMBOL(nf_nat_decode_session_hook);
-#endif
-
 static void __net_init __netfilter_net_init(struct nf_hook_entries **e, int max)
 {
 	int h;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 8b2a8644d955..8d109d750073 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -58,11 +58,6 @@ 
 
 #include "nf_internals.h"
 
-int (*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct,
-				      enum nf_nat_manip_type manip,
-				      const struct nlattr *attr) __read_mostly;
-EXPORT_SYMBOL_GPL(nfnetlink_parse_nat_setup_hook);
-
 __cacheline_aligned_in_smp spinlock_t nf_conntrack_locks[CONNTRACK_LOCKS];
 EXPORT_SYMBOL_GPL(nf_conntrack_locks);
 
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index d807b8770be3..39327a42879f 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1431,11 +1431,11 @@  ctnetlink_parse_nat_setup(struct nf_conn *ct,
 			  enum nf_nat_manip_type manip,
 			  const struct nlattr *attr)
 {
-	typeof(nfnetlink_parse_nat_setup_hook) parse_nat_setup;
+	struct nf_nat_hook *nat_hook;
 	int err;
 
-	parse_nat_setup = rcu_dereference(nfnetlink_parse_nat_setup_hook);
-	if (!parse_nat_setup) {
+	nat_hook = rcu_dereference(nf_nat_hook);
+	if (!nat_hook) {
 #ifdef CONFIG_MODULES
 		rcu_read_unlock();
 		nfnl_unlock(NFNL_SUBSYS_CTNETLINK);
@@ -1446,13 +1446,13 @@  ctnetlink_parse_nat_setup(struct nf_conn *ct,
 		}
 		nfnl_lock(NFNL_SUBSYS_CTNETLINK);
 		rcu_read_lock();
-		if (nfnetlink_parse_nat_setup_hook)
+		if (nat_hook->parse_nat_setup)
 			return -EAGAIN;
 #endif
 		return -EOPNOTSUPP;
 	}
 
-	err = parse_nat_setup(ct, manip, attr);
+	err = nat_hook->parse_nat_setup(ct, manip, attr);
 	if (err == -EAGAIN) {
 #ifdef CONFIG_MODULES
 		rcu_read_unlock();
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 37b3c9913b08..ae58088d00d4 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -801,6 +801,13 @@  static struct nf_ct_helper_expectfn follow_master_nat = {
 	.expectfn	= nf_nat_follow_master,
 };
 
+struct nf_nat_hook nat_hook = {
+	.parse_nat_setup	= nfnetlink_parse_nat_setup,
+#ifdef CONFIG_XFRM
+	.decode_session		= __nf_nat_decode_session,
+#endif
+};
+
 static int __init nf_nat_init(void)
 {
 	int ret, i;
@@ -826,13 +833,9 @@  static int __init nf_nat_init(void)
 
 	nf_ct_helper_expectfn_register(&follow_master_nat);
 
-	BUG_ON(nfnetlink_parse_nat_setup_hook != NULL);
-	RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook,
-			   nfnetlink_parse_nat_setup);
-#ifdef CONFIG_XFRM
-	BUG_ON(nf_nat_decode_session_hook != NULL);
-	RCU_INIT_POINTER(nf_nat_decode_session_hook, __nf_nat_decode_session);
-#endif
+	WARN_ON(nf_nat_hook != NULL);
+	RCU_INIT_POINTER(nf_nat_hook, &nat_hook);
+
 	return 0;
 }
 
@@ -845,10 +848,8 @@  static void __exit nf_nat_cleanup(void)
 
 	nf_ct_extend_unregister(&nat_extend);
 	nf_ct_helper_expectfn_unregister(&follow_master_nat);
-	RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL);
-#ifdef CONFIG_XFRM
-	RCU_INIT_POINTER(nf_nat_decode_session_hook, NULL);
-#endif
+	RCU_INIT_POINTER(nf_nat_hook, NULL);
+
 	synchronize_rcu();
 
 	for (i = 0; i < NFPROTO_NUMPROTO; i++)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 40b54cc64243..4159bba695e3 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -21,7 +21,6 @@ 
 #include <linux/workqueue.h>
 #include <linux/notifier.h>
 #include <linux/netdevice.h>
-#include <linux/netfilter.h>
 #include <linux/module.h>
 #include <linux/cache.h>
 #include <linux/cpu.h>
@@ -33,6 +32,7 @@ 
 #ifdef CONFIG_XFRM_STATISTICS
 #include <net/snmp.h>
 #endif
+#include <net/netfilter/nf_nat_core.h>
 
 #include "xfrm_hash.h"

[nf-next,2/3] netfilter: add struct nf_nat_hook and use it

Commit Message

Comments

Patch