[07/11] UAPI: netfilter: Fix symbol collision issues [ver #2]

Message ID 153622555128.14298.11612304975343930534.stgit@warthog.procyon.org.uk
State Accepted
Delegated to: Pablo Neira
Headers show
Series
  • Untitled series #64389
Related show

Commit Message

David Howells Sept. 6, 2018, 9:19 a.m.
The netfilter UAPI headers have some symbol collision issues:

 (1) "enum nfnl_acct_msg_types" is defined twice, and each definition is
     completely different.

     Fix this by renaming the one in nfnetlink_cthelper.h to be "enum
     nfnl_cthelper_types" to be consistent with the other things in that
     file.

 (2) There's a disagreement between ipt_ECN.h and ipt_ecn.h over the
     definition of various IPT_ECN_* constants, leading to an error over
     IPT_ECN_IP_MASK being substituted when being defined as an enum value
     in ipt_ecn.h if ipt_ECN.h is #included first.

     Fix this by removing the conflicting constants from ipt_ECN.h and
     including ipt_ecn.h instead.

Signed-off-by: David Howells <dhowells@redhat.com>
cc: netfilter-devel@vger.kernel.org
cc: coreteam@netfilter.org
---

 include/uapi/linux/netfilter/nfnetlink_cthelper.h |    2 +-
 include/uapi/linux/netfilter_ipv4/ipt_ECN.h       |    9 +--------
 2 files changed, 2 insertions(+), 9 deletions(-)

Comments

kbuild test robot Sept. 10, 2018, 5:32 p.m. | #1
Hi David,

I love your patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v4.19-rc3 next-20180910]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/David-Howells/UAPI-drm-Fix-use-of-C-keywords-as-structural-members-ver-2/20180907-092121
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   net/ipv4/netfilter/ipt_ECN.c: In function 'set_ect_tcp':
>> net/ipv4/netfilter/ipt_ECN.c:58:28: error: 'IPT_ECN_OP_SET_ECE' undeclared (first use in this function); did you mean 'IPT_ECN_OP_MATCH_ECE'?
     if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
                               ^~~~~~~~~~~~~~~~~~
                               IPT_ECN_OP_MATCH_ECE
   net/ipv4/netfilter/ipt_ECN.c:58:28: note: each undeclared identifier is reported only once for each function it appears in
>> net/ipv4/netfilter/ipt_ECN.c:60:28: error: 'IPT_ECN_OP_SET_CWR' undeclared (first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'?
         (!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
                               ^~~~~~~~~~~~~~~~~~
                               IPT_ECN_OP_SET_ECE
   net/ipv4/netfilter/ipt_ECN.c: In function 'ecn_tg':
>> net/ipv4/netfilter/ipt_ECN.c:84:25: error: 'IPT_ECN_OP_SET_IP' undeclared (first use in this function); did you mean 'IPT_ECN_OP_MATCH_IP'?
     if (einfo->operation & IPT_ECN_OP_SET_IP)
                            ^~~~~~~~~~~~~~~~~
                            IPT_ECN_OP_MATCH_IP
>> net/ipv4/netfilter/ipt_ECN.c:88:26: error: 'IPT_ECN_OP_SET_ECE' undeclared (first use in this function); did you mean 'IPT_ECN_OP_SET_IP'?
     if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) &&
                             ^~~~~~~~~~~~~~~~~~
                             IPT_ECN_OP_SET_IP
   net/ipv4/netfilter/ipt_ECN.c:88:47: error: 'IPT_ECN_OP_SET_CWR' undeclared (first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'?
     if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) &&
                                                  ^~~~~~~~~~~~~~~~~~
                                                  IPT_ECN_OP_SET_ECE
   net/ipv4/netfilter/ipt_ECN.c: In function 'ecn_tg_check':
>> net/ipv4/netfilter/ipt_ECN.c:101:25: error: 'IPT_ECN_OP_MASK' undeclared (first use in this function); did you mean 'IPT_ECN_IP_MASK'?
     if (einfo->operation & IPT_ECN_OP_MASK)
                            ^~~~~~~~~~~~~~~
                            IPT_ECN_IP_MASK
   net/ipv4/netfilter/ipt_ECN.c:107:27: error: 'IPT_ECN_OP_SET_ECE' undeclared (first use in this function); did you mean 'IPT_ECN_OP_MATCH_ECE'?
     if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
                              ^~~~~~~~~~~~~~~~~~
                              IPT_ECN_OP_MATCH_ECE
   net/ipv4/netfilter/ipt_ECN.c:107:46: error: 'IPT_ECN_OP_SET_CWR' undeclared (first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'?
     if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
                                                 ^~~~~~~~~~~~~~~~~~
                                                 IPT_ECN_OP_SET_ECE

vim +58 net/ipv4/netfilter/ipt_ECN.c

^1da177e4 Linus Torvalds     2005-04-16   45  
e1931b784 Jan Engelhardt     2007-07-07   46  /* Return false if there was an error. */
e1931b784 Jan Engelhardt     2007-07-07   47  static inline bool
3db05fea5 Herbert Xu         2007-10-15   48  set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
^1da177e4 Linus Torvalds     2005-04-16   49  {
^1da177e4 Linus Torvalds     2005-04-16   50  	struct tcphdr _tcph, *tcph;
6a19d6147 Al Viro            2006-09-28   51  	__be16 oldval;
^1da177e4 Linus Torvalds     2005-04-16   52  
af901ca18 André Goddard Rosa 2009-11-14   53  	/* Not enough header? */
3db05fea5 Herbert Xu         2007-10-15   54  	tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
^1da177e4 Linus Torvalds     2005-04-16   55  	if (!tcph)
e1931b784 Jan Engelhardt     2007-07-07   56  		return false;
^1da177e4 Linus Torvalds     2005-04-16   57  
fd841326d Patrick McHardy    2005-08-20  @58  	if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
fd841326d Patrick McHardy    2005-08-20   59  	     tcph->ece == einfo->proto.tcp.ece) &&
7c4e36bc1 Jan Engelhardt     2007-07-07  @60  	    (!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
7c4e36bc1 Jan Engelhardt     2007-07-07   61  	     tcph->cwr == einfo->proto.tcp.cwr))
e1931b784 Jan Engelhardt     2007-07-07   62  		return true;
^1da177e4 Linus Torvalds     2005-04-16   63  
3db05fea5 Herbert Xu         2007-10-15   64  	if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
e1931b784 Jan Engelhardt     2007-07-07   65  		return false;
3db05fea5 Herbert Xu         2007-10-15   66  	tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb);
^1da177e4 Linus Torvalds     2005-04-16   67  
6a19d6147 Al Viro            2006-09-28   68  	oldval = ((__be16 *)tcph)[6];
^1da177e4 Linus Torvalds     2005-04-16   69  	if (einfo->operation & IPT_ECN_OP_SET_ECE)
^1da177e4 Linus Torvalds     2005-04-16   70  		tcph->ece = einfo->proto.tcp.ece;
^1da177e4 Linus Torvalds     2005-04-16   71  	if (einfo->operation & IPT_ECN_OP_SET_CWR)
^1da177e4 Linus Torvalds     2005-04-16   72  		tcph->cwr = einfo->proto.tcp.cwr;
^1da177e4 Linus Torvalds     2005-04-16   73  
be0ea7d5d Patrick McHardy    2007-11-30   74  	inet_proto_csum_replace2(&tcph->check, skb,
4b048d6d9 Tom Herbert        2015-08-17   75  				 oldval, ((__be16 *)tcph)[6], false);
e1931b784 Jan Engelhardt     2007-07-07   76  	return true;
^1da177e4 Linus Torvalds     2005-04-16   77  }
^1da177e4 Linus Torvalds     2005-04-16   78  
^1da177e4 Linus Torvalds     2005-04-16   79  static unsigned int
4b560b447 Jan Engelhardt     2009-07-05   80  ecn_tg(struct sk_buff *skb, const struct xt_action_param *par)
^1da177e4 Linus Torvalds     2005-04-16   81  {
7eb355865 Jan Engelhardt     2008-10-08   82  	const struct ipt_ECN_info *einfo = par->targinfo;
^1da177e4 Linus Torvalds     2005-04-16   83  
^1da177e4 Linus Torvalds     2005-04-16  @84  	if (einfo->operation & IPT_ECN_OP_SET_IP)
3db05fea5 Herbert Xu         2007-10-15   85  		if (!set_ect_ip(skb, einfo))
^1da177e4 Linus Torvalds     2005-04-16   86  			return NF_DROP;
^1da177e4 Linus Torvalds     2005-04-16   87  
3666ed1c4 Joe Perches        2009-11-23  @88  	if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) &&
3666ed1c4 Joe Perches        2009-11-23   89  	    ip_hdr(skb)->protocol == IPPROTO_TCP)
3db05fea5 Herbert Xu         2007-10-15   90  		if (!set_ect_tcp(skb, einfo))
^1da177e4 Linus Torvalds     2005-04-16   91  			return NF_DROP;
^1da177e4 Linus Torvalds     2005-04-16   92  
6709dbbb1 Jan Engelhardt     2007-02-07   93  	return XT_CONTINUE;
^1da177e4 Linus Torvalds     2005-04-16   94  }
^1da177e4 Linus Torvalds     2005-04-16   95  
135367b8f Jan Engelhardt     2010-03-19   96  static int ecn_tg_check(const struct xt_tgchk_param *par)
^1da177e4 Linus Torvalds     2005-04-16   97  {
af5d6dc20 Jan Engelhardt     2008-10-08   98  	const struct ipt_ECN_info *einfo = par->targinfo;
af5d6dc20 Jan Engelhardt     2008-10-08   99  	const struct ipt_entry *e = par->entryinfo;
^1da177e4 Linus Torvalds     2005-04-16  100  
0cc9501f9 Florian Westphal   2018-02-09 @101  	if (einfo->operation & IPT_ECN_OP_MASK)
d6b00a534 Jan Engelhardt     2010-03-25  102  		return -EINVAL;
0cc9501f9 Florian Westphal   2018-02-09  103  
0cc9501f9 Florian Westphal   2018-02-09  104  	if (einfo->ip_ect & ~IPT_ECN_IP_MASK)
d6b00a534 Jan Engelhardt     2010-03-25  105  		return -EINVAL;
0cc9501f9 Florian Westphal   2018-02-09  106  
3666ed1c4 Joe Perches        2009-11-23  107  	if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
3666ed1c4 Joe Perches        2009-11-23  108  	    (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
b26066447 Florian Westphal   2018-02-09  109  		pr_info_ratelimited("cannot use operation on non-tcp rule\n");
d6b00a534 Jan Engelhardt     2010-03-25  110  		return -EINVAL;
^1da177e4 Linus Torvalds     2005-04-16  111  	}
d6b00a534 Jan Engelhardt     2010-03-25  112  	return 0;
^1da177e4 Linus Torvalds     2005-04-16  113  }
^1da177e4 Linus Torvalds     2005-04-16  114  

:::::: The code at line 58 was first introduced by commit
:::::: fd841326d73096ad79be9c3fa348f9ad04541cc2 [NETFILTER]: Fix ECN target TCP marking

:::::: TO: Patrick McHardy <kaber@trash.net>
:::::: CC: David S. Miller <davem@davemloft.net>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
Pablo Neira Ayuso Sept. 28, 2018, 1:07 p.m. | #2
On Thu, Sep 06, 2018 at 10:19:11AM +0100, David Howells wrote:
> The netfilter UAPI headers have some symbol collision issues:
> 
>  (1) "enum nfnl_acct_msg_types" is defined twice, and each definition is
>      completely different.
> 
>      Fix this by renaming the one in nfnetlink_cthelper.h to be "enum
>      nfnl_cthelper_types" to be consistent with the other things in that
>      file.
> 
>  (2) There's a disagreement between ipt_ECN.h and ipt_ecn.h over the
>      definition of various IPT_ECN_* constants, leading to an error over
>      IPT_ECN_IP_MASK being substituted when being defined as an enum value
>      in ipt_ecn.h if ipt_ECN.h is #included first.
> 
>      Fix this by removing the conflicting constants from ipt_ECN.h and
>      including ipt_ecn.h instead.

David, may I upstream this or you will pass it to Greg? I can just
take this, as you prefer.

Thanks.
David Howells Oct. 9, 2018, 3:35 p.m. | #3
Pablo Neira Ayuso <pablo@netfilter.org> wrote:

> David, may I upstream this or you will pass it to Greg? I can just
> take this, as you prefer.

Feel free to take it.

David

Patch

diff --git a/include/uapi/linux/netfilter/nfnetlink_cthelper.h b/include/uapi/linux/netfilter/nfnetlink_cthelper.h
index a13137afc429..b9313ed0c313 100644
--- a/include/uapi/linux/netfilter/nfnetlink_cthelper.h
+++ b/include/uapi/linux/netfilter/nfnetlink_cthelper.h
@@ -5,7 +5,7 @@ 
 #define NFCT_HELPER_STATUS_DISABLED	0
 #define NFCT_HELPER_STATUS_ENABLED	1
 
-enum nfnl_acct_msg_types {
+enum nfnl_cthelper_types {
 	NFNL_MSG_CTHELPER_NEW,
 	NFNL_MSG_CTHELPER_GET,
 	NFNL_MSG_CTHELPER_DEL,
diff --git a/include/uapi/linux/netfilter_ipv4/ipt_ECN.h b/include/uapi/linux/netfilter_ipv4/ipt_ECN.h
index e3630fd045b8..d582119ad62a 100644
--- a/include/uapi/linux/netfilter_ipv4/ipt_ECN.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_ECN.h
@@ -12,14 +12,7 @@ 
 
 #include <linux/types.h>
 #include <linux/netfilter/xt_DSCP.h>
-
-#define IPT_ECN_IP_MASK	(~XT_DSCP_MASK)
-
-#define IPT_ECN_OP_SET_IP	0x01	/* set ECN bits of IPv4 header */
-#define IPT_ECN_OP_SET_ECE	0x10	/* set ECE bit of TCP header */
-#define IPT_ECN_OP_SET_CWR	0x20	/* set CWR bit of TCP header */
-
-#define IPT_ECN_OP_MASK		0xce
+#include <linux/netfilter_ipv4/ipt_ecn.h>
 
 struct ipt_ECN_info {
 	__u8 operation;	/* bitset of operations */