Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180516] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-n0-201819 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/linux/netfilter/x_tables.h: In function 'xt_net': >> include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to incomplete type 'const struct nf_hook_state' return par->state->net; ^~ In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/linux/netfilter/x_tables.h: At top level: >> include/linux/netfilter/x_tables.h:450:64: error: unknown type name 'nf_hookfn' struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *); ^~~~~~~~~ In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/net/netfilter/nf_conntrack_tuple.h: In function '__nf_ct_tuple_src_equal': >> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit declaration of function 'nf_inet_addr_cmp'; did you mean 'inet_addr_type'? [-Werror=implicit-function-declaration] return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) && ^~~~~~~~~~~~~~~~ inet_addr_type In file included from include/net/netfilter/nf_nat_core.h:5:0, from net/xfrm/xfrm_policy.c:36: include/net/netfilter/nf_conntrack.h: At top level: >> include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has incomplete type struct nf_conntrack ct_general; ^~~~~~~~~~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get': >> include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' has no member named '_nfct' *ctinfo = skb->_nfct & NFCT_INFOMASK; ^~ include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff' has no member named '_nfct' return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK); ^~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put': >> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of function 'nf_conntrack_put'; did you mean 'nf_ct_put'? [-Werror=implicit-function-declaration] nf_conntrack_put(&ct->ct_general); ^~~~~~~~~~~~~~~~ nf_ct_put include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set': >> include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no member named '_nfct' skb->_nfct = (unsigned long)ct | info; ^~ cc1: some warnings being treated as errors vim +148 include/net/netfilter/nf_conntrack.h f8eb24a89a Patrick McHardy 2006-11-29 49 ea781f197d Eric Dumazet 2009-03-25 50 struct nf_conn { f330a7fdbe Florian Westphal 2016-08-25 51 /* Usage count in here is 1 for hash table, 1 per skb, b476b72a0f Jesper Dangaard Brouer 2014-03-03 52 * plus 1 for any connection(s) we are `master' for b476b72a0f Jesper Dangaard Brouer 2014-03-03 53 * a9e419dc7b Florian Westphal 2017-01-23 54 * Hint, SKB address this struct and refcnt via skb->_nfct and b476b72a0f Jesper Dangaard Brouer 2014-03-03 55 * helpers nf_conntrack_get() and nf_conntrack_put(). b476b72a0f Jesper Dangaard Brouer 2014-03-03 56 * Helper nf_ct_put() equals nf_conntrack_put() by dec refcnt, b476b72a0f Jesper Dangaard Brouer 2014-03-03 57 * beware nf_ct_get() is different and don't inc refcnt. b476b72a0f Jesper Dangaard Brouer 2014-03-03 58 */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 @59 struct nf_conntrack ct_general; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 60 440f0d5885 Patrick McHardy 2009-06-10 61 spinlock_t lock; b7779d06f9 Jesper Dangaard Brouer 2014-03-03 62 u16 cpu; 440f0d5885 Patrick McHardy 2009-06-10 63 6c8dee9842 Florian Westphal 2016-06-11 64 #ifdef CONFIG_NF_CONNTRACK_ZONES 6c8dee9842 Florian Westphal 2016-06-11 65 struct nf_conntrack_zone zone; 6c8dee9842 Florian Westphal 2016-06-11 66 #endif 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 67 /* XXX should I move this to the tail ? - Y.K */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 68 /* These are my tuples; original and reply */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 69 struct nf_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 70 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 71 /* Have we seen traffic both ways yet? (bitset) */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 72 unsigned long status; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 73 f330a7fdbe Florian Westphal 2016-08-25 74 /* jiffies32 when this ct is considered dead */ f330a7fdbe Florian Westphal 2016-08-25 75 u32 timeout; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 76 0c5c9fb551 Eric W. Biederman 2015-03-11 77 possible_net_t ct_net; 0c5c9fb551 Eric W. Biederman 2015-03-11 78 5173bc679d Florian Westphal 2016-11-23 79 #if IS_ENABLED(CONFIG_NF_NAT) e1bf168774 Florian Westphal 2017-09-06 80 struct hlist_node nat_bysource; 5173bc679d Florian Westphal 2016-11-23 81 #endif c41884ce05 Florian Westphal 2014-11-24 82 /* all members below initialized via memset */ c41884ce05 Florian Westphal 2014-11-24 83 u8 __nfct_init_offset[0]; c41884ce05 Florian Westphal 2014-11-24 84 c41884ce05 Florian Westphal 2014-11-24 85 /* If we were expected by an expectation, this will be it */ c41884ce05 Florian Westphal 2014-11-24 86 struct nf_conn *master; c41884ce05 Florian Westphal 2014-11-24 87 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 88 #if defined(CONFIG_NF_CONNTRACK_MARK) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 89 u_int32_t mark; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 90 #endif 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 91 7c9728c393 James Morris 2006-06-09 92 #ifdef CONFIG_NF_CONNTRACK_SECMARK 7c9728c393 James Morris 2006-06-09 93 u_int32_t secmark; 7c9728c393 James Morris 2006-06-09 94 #endif 7c9728c393 James Morris 2006-06-09 95 ecfab2c9fe Yasuyuki Kozakai 2007-07-07 96 /* Extensions */ ecfab2c9fe Yasuyuki Kozakai 2007-07-07 97 struct nf_ct_ext *ext; e5fc9e7a66 Changli Gao 2010-11-12 98 e5fc9e7a66 Changli Gao 2010-11-12 99 /* Storage reserved for other modules, must be the last member */ e5fc9e7a66 Changli Gao 2010-11-12 100 union nf_conntrack_proto proto; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 101 }; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 102 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 103 static inline struct nf_conn * 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 104 nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 105 { 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 106 return container_of(hash, struct nf_conn, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 107 tuplehash[hash->tuple.dst.dir]); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 108 } 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 109 5e8fbe2ac8 Patrick McHardy 2008-04-14 110 static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct) 5e8fbe2ac8 Patrick McHardy 2008-04-14 111 { 5e8fbe2ac8 Patrick McHardy 2008-04-14 112 return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 5e8fbe2ac8 Patrick McHardy 2008-04-14 113 } 5e8fbe2ac8 Patrick McHardy 2008-04-14 114 5e8fbe2ac8 Patrick McHardy 2008-04-14 115 static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct) 5e8fbe2ac8 Patrick McHardy 2008-04-14 116 { 5e8fbe2ac8 Patrick McHardy 2008-04-14 117 return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; 5e8fbe2ac8 Patrick McHardy 2008-04-14 118 } 5e8fbe2ac8 Patrick McHardy 2008-04-14 119 f2f3e38c63 Pablo Neira Ayuso 2009-06-02 120 #define nf_ct_tuple(ct, dir) (&(ct)->tuplehash[dir].tuple) f2f3e38c63 Pablo Neira Ayuso 2009-06-02 121 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 122 /* get master conntrack via master expectation */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 123 #define master_ct(conntr) (conntr->master) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 124 5a1fb391d8 Alexey Dobriyan 2008-10-08 125 extern struct net init_net; 5a1fb391d8 Alexey Dobriyan 2008-10-08 126 5a1fb391d8 Alexey Dobriyan 2008-10-08 127 static inline struct net *nf_ct_net(const struct nf_conn *ct) 5a1fb391d8 Alexey Dobriyan 2008-10-08 128 { c2d9ba9bce Eric Dumazet 2010-06-01 129 return read_pnet(&ct->ct_net); 5a1fb391d8 Alexey Dobriyan 2008-10-08 130 } 5a1fb391d8 Alexey Dobriyan 2008-10-08 131 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 132 /* Alter reply tuple (maybe alter helper). */ 4e77be4637 Joe Perches 2013-09-23 133 void nf_conntrack_alter_reply(struct nf_conn *ct, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 134 const struct nf_conntrack_tuple *newreply); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 135 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 136 /* Is this tuple taken? (ignoring any belonging to the given 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 137 conntrack). */ 4e77be4637 Joe Perches 2013-09-23 138 int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 139 const struct nf_conn *ignored_conntrack); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 140 3032230920 Florian Westphal 2017-01-23 141 #define NFCT_INFOMASK 7UL a9e419dc7b Florian Westphal 2017-01-23 142 #define NFCT_PTRMASK ~(NFCT_INFOMASK) 3032230920 Florian Westphal 2017-01-23 143 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 144 /* Return conntrack_info and tuple hash for given skb. */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 145 static inline struct nf_conn * 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 146 nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 147 { a9e419dc7b Florian Westphal 2017-01-23 @148 *ctinfo = skb->_nfct & NFCT_INFOMASK; a9e419dc7b Florian Westphal 2017-01-23 149 a9e419dc7b Florian Westphal 2017-01-23 @150 return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 151 } 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 152 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 153 /* decrement reference count on a conntrack */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 154 static inline void nf_ct_put(struct nf_conn *ct) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 155 { 44d6e2f273 Varsha Rao 2017-08-30 156 WARN_ON(!ct); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 @157 nf_conntrack_put(&ct->ct_general); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 158 } 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 159 b9f78f9fca Pablo Neira Ayuso 2006-03-22 160 /* Protocol module loading */ 4e77be4637 Joe Perches 2013-09-23 161 int nf_ct_l3proto_try_module_get(unsigned short l3proto); 4e77be4637 Joe Perches 2013-09-23 162 void nf_ct_l3proto_module_put(unsigned short l3proto); b9f78f9fca Pablo Neira Ayuso 2006-03-22 163 ecb2421b5d Florian Westphal 2016-11-15 164 /* load module; enable/disable conntrack in this namespace */ ecb2421b5d Florian Westphal 2016-11-15 165 int nf_ct_netns_get(struct net *net, u8 nfproto); ecb2421b5d Florian Westphal 2016-11-15 166 void nf_ct_netns_put(struct net *net, u8 nfproto); ecb2421b5d Florian Westphal 2016-11-15 167 ea781f197d Eric Dumazet 2009-03-25 168 /* ea781f197d Eric Dumazet 2009-03-25 169 * Allocate a hashtable of hlist_head (if nulls == 0), ea781f197d Eric Dumazet 2009-03-25 170 * or hlist_nulls_head (if nulls == 1) ea781f197d Eric Dumazet 2009-03-25 171 */ 4e77be4637 Joe Perches 2013-09-23 172 void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls); ea781f197d Eric Dumazet 2009-03-25 173 4e77be4637 Joe Perches 2013-09-23 174 void nf_ct_free_hashtable(void *hash, unsigned int size); ac565e5fc1 Patrick McHardy 2007-07-07 175 4e77be4637 Joe Perches 2013-09-23 176 int nf_conntrack_hash_check_insert(struct nf_conn *ct); 02982c27ba Florian Westphal 2013-07-29 177 bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report); c1d10adb4a Pablo Neira Ayuso 2006-01-05 178 4e77be4637 Joe Perches 2013-09-23 179 bool nf_ct_get_tuplepr(const struct sk_buff *skb, unsigned int nhoff, a31f1adc09 Eric W. Biederman 2015-09-18 180 u_int16_t l3num, struct net *net, a31f1adc09 Eric W. Biederman 2015-09-18 181 struct nf_conntrack_tuple *tuple); 4e77be4637 Joe Perches 2013-09-23 182 bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 183 const struct nf_conntrack_tuple *orig); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 184 4e77be4637 Joe Perches 2013-09-23 185 void __nf_ct_refresh_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 186 const struct sk_buff *skb, 4e77be4637 Joe Perches 2013-09-23 187 unsigned long extra_jiffies, int do_acct); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 188 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 189 /* Refresh conntrack for this many jiffies and do accounting */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 190 static inline void nf_ct_refresh_acct(struct nf_conn *ct, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 191 enum ip_conntrack_info ctinfo, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 192 const struct sk_buff *skb, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 193 unsigned long extra_jiffies) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 194 { 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 195 __nf_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, 1); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 196 } 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 197 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 198 /* Refresh conntrack for this many jiffies */ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 199 static inline void nf_ct_refresh(struct nf_conn *ct, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 200 const struct sk_buff *skb, 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 201 unsigned long extra_jiffies) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 202 { 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 203 __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 204 } 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 205 718d4ad98e Fabian Hugelshofer 2008-06-09 206 /* kill conntrack and do accounting */ ad66713f5a Florian Westphal 2016-08-25 207 bool nf_ct_kill_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo, ad66713f5a Florian Westphal 2016-08-25 208 const struct sk_buff *skb); 718d4ad98e Fabian Hugelshofer 2008-06-09 209 718d4ad98e Fabian Hugelshofer 2008-06-09 210 /* kill conntrack without accounting */ 4c88949800 David S. Miller 2008-07-14 211 static inline bool nf_ct_kill(struct nf_conn *ct) 718d4ad98e Fabian Hugelshofer 2008-06-09 212 { ad66713f5a Florian Westphal 2016-08-25 213 return nf_ct_delete(ct, 0, 0); 718d4ad98e Fabian Hugelshofer 2008-06-09 214 } 51091764f2 Patrick McHardy 2008-06-09 215 84657984c2 Florian Westphal 2017-07-26 216 /* Set all unconfirmed conntrack as dying */ 84657984c2 Florian Westphal 2017-07-26 217 void nf_ct_unconfirmed_destroy(struct net *); 84657984c2 Florian Westphal 2017-07-26 218 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 219 /* Iterate over all conntracks: if iter returns true, it's deleted. */ 9fd6452d67 Florian Westphal 2017-05-21 220 void nf_ct_iterate_cleanup_net(struct net *net, c655bc6896 Florian Westphal 2013-07-29 221 int (*iter)(struct nf_conn *i, void *data), c655bc6896 Florian Westphal 2013-07-29 222 void *data, u32 portid, int report); 308ac9143e Daniel Borkmann 2015-08-08 223 2843fb6998 Florian Westphal 2017-05-21 224 /* also set unconfirmed conntracks as dying. Only use in module exit path. */ 2843fb6998 Florian Westphal 2017-05-21 225 void nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data), 2843fb6998 Florian Westphal 2017-05-21 226 void *data); 2843fb6998 Florian Westphal 2017-05-21 227 308ac9143e Daniel Borkmann 2015-08-08 228 struct nf_conntrack_zone; 308ac9143e Daniel Borkmann 2015-08-08 229 4e77be4637 Joe Perches 2013-09-23 230 void nf_conntrack_free(struct nf_conn *ct); 308ac9143e Daniel Borkmann 2015-08-08 231 struct nf_conn *nf_conntrack_alloc(struct net *net, 308ac9143e Daniel Borkmann 2015-08-08 232 const struct nf_conntrack_zone *zone, 5a1fb391d8 Alexey Dobriyan 2008-10-08 233 const struct nf_conntrack_tuple *orig, b891c5a831 Pablo Neira Ayuso 2008-07-08 234 const struct nf_conntrack_tuple *repl, b891c5a831 Pablo Neira Ayuso 2008-07-08 235 gfp_t gfp); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 236 b2a15a604d Patrick McHardy 2010-02-03 237 static inline int nf_ct_is_template(const struct nf_conn *ct) b2a15a604d Patrick McHardy 2010-02-03 238 { b2a15a604d Patrick McHardy 2010-02-03 239 return test_bit(IPS_TEMPLATE_BIT, &ct->status); b2a15a604d Patrick McHardy 2010-02-03 240 } b2a15a604d Patrick McHardy 2010-02-03 241 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 242 /* It's confirmed if it is, or has been in the hash table. */ d51ed8367b Florian Westphal 2016-07-08 243 static inline int nf_ct_is_confirmed(const struct nf_conn *ct) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 244 { 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 245 return test_bit(IPS_CONFIRMED_BIT, &ct->status); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 246 } 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 247 d51ed8367b Florian Westphal 2016-07-08 248 static inline int nf_ct_is_dying(const struct nf_conn *ct) 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 249 { 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 250 return test_bit(IPS_DYING_BIT, &ct->status); 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 251 } 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 252 42c1edd345 Julian Anastasov 2011-06-16 253 /* Packet is received from loopback */ 42c1edd345 Julian Anastasov 2011-06-16 254 static inline bool nf_is_loopback_packet(const struct sk_buff *skb) 42c1edd345 Julian Anastasov 2011-06-16 255 { 42c1edd345 Julian Anastasov 2011-06-16 256 return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK; 42c1edd345 Julian Anastasov 2011-06-16 257 } 42c1edd345 Julian Anastasov 2011-06-16 258 f330a7fdbe Florian Westphal 2016-08-25 259 #define nfct_time_stamp ((u32)(jiffies)) f330a7fdbe Florian Westphal 2016-08-25 260 c8607e0200 Florian Westphal 2016-07-06 261 /* jiffies until ct expires, 0 if already expired */ c8607e0200 Florian Westphal 2016-07-06 262 static inline unsigned long nf_ct_expires(const struct nf_conn *ct) c8607e0200 Florian Westphal 2016-07-06 263 { f330a7fdbe Florian Westphal 2016-08-25 264 s32 timeout = ct->timeout - nfct_time_stamp; c8607e0200 Florian Westphal 2016-07-06 265 c8607e0200 Florian Westphal 2016-07-06 266 return timeout > 0 ? timeout : 0; c8607e0200 Florian Westphal 2016-07-06 267 } c8607e0200 Florian Westphal 2016-07-06 268 f330a7fdbe Florian Westphal 2016-08-25 269 static inline bool nf_ct_is_expired(const struct nf_conn *ct) f330a7fdbe Florian Westphal 2016-08-25 270 { f330a7fdbe Florian Westphal 2016-08-25 271 return (__s32)(ct->timeout - nfct_time_stamp) <= 0; f330a7fdbe Florian Westphal 2016-08-25 272 } f330a7fdbe Florian Westphal 2016-08-25 273 f330a7fdbe Florian Westphal 2016-08-25 274 /* use after obtaining a reference count */ f330a7fdbe Florian Westphal 2016-08-25 275 static inline bool nf_ct_should_gc(const struct nf_conn *ct) f330a7fdbe Florian Westphal 2016-08-25 276 { f330a7fdbe Florian Westphal 2016-08-25 277 return nf_ct_is_expired(ct) && nf_ct_is_confirmed(ct) && f330a7fdbe Florian Westphal 2016-08-25 278 !nf_ct_is_dying(ct); f330a7fdbe Florian Westphal 2016-08-25 279 } f330a7fdbe Florian Westphal 2016-08-25 280 34641c6d00 Paul Gortmaker 2011-08-29 281 struct kernel_param; 34641c6d00 Paul Gortmaker 2011-08-29 282 e4dca7b7aa Kees Cook 2017-10-17 283 int nf_conntrack_set_hashsize(const char *val, const struct kernel_param *kp); 3183ab8997 Florian Westphal 2016-06-22 284 int nf_conntrack_hash_resize(unsigned int hashsize); 92e47ba883 Liping Zhang 2016-08-13 285 92e47ba883 Liping Zhang 2016-08-13 286 extern struct hlist_nulls_head *nf_conntrack_hash; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 287 extern unsigned int nf_conntrack_htable_size; 92e47ba883 Liping Zhang 2016-08-13 288 extern seqcount_t nf_conntrack_generation; e478075c6f Hagen Paul Pfeifer 2009-02-20 289 extern unsigned int nf_conntrack_max; 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 290 92e47ba883 Liping Zhang 2016-08-13 291 /* must be called with rcu read lock held */ 92e47ba883 Liping Zhang 2016-08-13 292 static inline void 92e47ba883 Liping Zhang 2016-08-13 293 nf_conntrack_get_ht(struct hlist_nulls_head **hash, unsigned int *hsize) 92e47ba883 Liping Zhang 2016-08-13 294 { 92e47ba883 Liping Zhang 2016-08-13 295 struct hlist_nulls_head *hptr; 92e47ba883 Liping Zhang 2016-08-13 296 unsigned int sequence, hsz; 92e47ba883 Liping Zhang 2016-08-13 297 92e47ba883 Liping Zhang 2016-08-13 298 do { 92e47ba883 Liping Zhang 2016-08-13 299 sequence = read_seqcount_begin(&nf_conntrack_generation); 92e47ba883 Liping Zhang 2016-08-13 300 hsz = nf_conntrack_htable_size; 92e47ba883 Liping Zhang 2016-08-13 301 hptr = nf_conntrack_hash; 92e47ba883 Liping Zhang 2016-08-13 302 } while (read_seqcount_retry(&nf_conntrack_generation, sequence)); 92e47ba883 Liping Zhang 2016-08-13 303 92e47ba883 Liping Zhang 2016-08-13 304 *hash = hptr; 92e47ba883 Liping Zhang 2016-08-13 305 *hsize = hsz; 92e47ba883 Liping Zhang 2016-08-13 306 } 92e47ba883 Liping Zhang 2016-08-13 307 308ac9143e Daniel Borkmann 2015-08-08 308 struct nf_conn *nf_ct_tmpl_alloc(struct net *net, 308ac9143e Daniel Borkmann 2015-08-08 309 const struct nf_conntrack_zone *zone, 308ac9143e Daniel Borkmann 2015-08-08 310 gfp_t flags); 9cf94eab8b Daniel Borkmann 2015-08-31 311 void nf_ct_tmpl_free(struct nf_conn *tmpl); e53376bef2 Pablo Neira Ayuso 2014-02-03 312 c74454fadd Florian Westphal 2017-01-23 313 static inline void c74454fadd Florian Westphal 2017-01-23 314 nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info) c74454fadd Florian Westphal 2017-01-23 315 { a9e419dc7b Florian Westphal 2017-01-23 @316 skb->_nfct = (unsigned long)ct | info; c74454fadd Florian Westphal 2017-01-23 317 } c74454fadd Florian Westphal 2017-01-23 318 :::::: The code at line 148 was first introduced by commit :::::: a9e419dc7be6997409dca6d1b9daf3cc7046902f netfilter: merge ctinfo into nfct pointer storage area :::::: TO: Florian Westphal <fw@xxxxxxxxx> :::::: CC: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip
