Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: arm64-defconfig (attached as .config) compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=arm64 All errors (new ones prefixed by >>): net//netfilter/nf_conntrack_core.c: In function 'nf_conntrack_update': >> net//netfilter/nf_conntrack_core.c:1652:36: error: 'struct nf_conn' has no member named 'zone' h = nf_conntrack_find_get(net, &ct->zone, &tuple); ^~ vim +1652 net//netfilter/nf_conntrack_core.c 1609 1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb, 1611 struct nf_conn *ct, 1612 enum ip_conntrack_info ctinfo) 1613 { 1614 const struct nf_conntrack_l3proto *l3proto; 1615 const struct nf_conntrack_l4proto *l4proto; 1616 struct nf_conntrack_tuple_hash *h; 1617 struct nf_conntrack_tuple tuple; 1618 struct nf_nat_hook *nat_hook; 1619 unsigned int dataoff, status; 1620 u16 l3num; 1621 u8 l4num; 1622 1623 l3num = nf_ct_l3num(ct); 1624 l3proto = nf_ct_l3proto_find_get(l3num); 1625 1626 if (l3proto->get_l4proto(skb, skb_network_offset(skb), &dataoff, 1627 &l4num) <= 0) 1628 return 0; 1629 1630 l4proto = nf_ct_l4proto_find_get(l3num, l4num); 1631 1632 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num, 1633 l4num, net, &tuple, l3proto, l4proto)) 1634 return 0; 1635 1636 if (ct->status & IPS_SRC_NAT) { 1637 memcpy(tuple.src.u3.all, 1638 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all, 1639 sizeof(tuple.src.u3.all)); 1640 tuple.src.u.all = 1641 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all; 1642 } 1643 1644 if (ct->status & IPS_DST_NAT) { 1645 memcpy(tuple.dst.u3.all, 1646 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all, 1647 sizeof(tuple.src.u3.all)); 1648 tuple.dst.u.all = 1649 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all; 1650 } 1651 > 1652 h = nf_conntrack_find_get(net, &ct->zone, &tuple); 1653 if (!h) 1654 return 0; 1655 1656 /* Store status bits of the conntrack that is clashing to re-do NAT 1657 * mangling according to what it has been done already to this packet. 1658 */ 1659 status = ct->status; 1660 1661 nf_ct_put(ct); 1662 ct = nf_ct_tuplehash_to_ctrack(h); 1663 nf_ct_set(skb, ct, ctinfo); 1664 1665 nat_hook = rcu_dereference(nf_nat_hook); 1666 if (!nat_hook) 1667 return 0; 1668 1669 if (status & IPS_SRC_NAT && 1670 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC, 1671 IP_CT_DIR_ORIGINAL) == NF_DROP) 1672 return -1; 1673 1674 if (status & IPS_DST_NAT && 1675 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST, 1676 IP_CT_DIR_ORIGINAL) == NF_DROP) 1677 return -1; 1678 1679 return 0; 1680 } 1681 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip
