Hi Máté, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-Add-native-tproxy-support-for-nf_tables/20180620-222749 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: ia64-allmodconfig (attached as .config) compiler: ia64-linux-gcc (GCC) 8.1.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=8.1.0 make.cross ARCH=ia64 All errors (new ones prefixed by >>): net/netfilter/nft_tproxy.c: In function 'nft_tproxy_eval_v4': >> net/netfilter/nft_tproxy.c:65:3: error: implicit declaration of function 'nf_tproxy_assign_sock'; did you mean 'nf_tproxy_get_sock_v6'? [-Werror=implicit-function-declaration] nf_tproxy_assign_sock(skb, sk); ^~~~~~~~~~~~~~~~~~~~~ nf_tproxy_get_sock_v6 cc1: some warnings being treated as errors vim +65 net/netfilter/nft_tproxy.c 16 17 static void nft_tproxy_eval_v4(const struct nft_expr *expr, 18 struct nft_regs *regs, 19 const struct nft_pktinfo *pkt) 20 { 21 const struct nft_tproxy *priv = nft_expr_priv(expr); 22 struct sk_buff *skb = pkt->skb; 23 struct sock *sk = skb->sk; 24 const struct iphdr *iph = ip_hdr(skb); 25 struct udphdr _hdr, *hp; 26 __be32 taddr = 0; 27 __be16 tport = 0; 28 29 hp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_hdr), &_hdr); 30 if (!hp) 31 regs->verdict.code = NFT_BREAK; 32 33 /* check if there's an ongoing connection on the packet 34 * addresses, this happens if the redirect already happened 35 * and the current packet belongs to an already established 36 * connection */ 37 sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol, 38 iph->saddr, iph->daddr, 39 hp->source, hp->dest, 40 skb->dev, NF_TPROXY_LOOKUP_ESTABLISHED); 41 42 if (priv->sreg_addr) 43 taddr = regs->data[priv->sreg_addr]; 44 taddr = nf_tproxy_laddr4(skb, taddr, iph->daddr); 45 46 if (priv->sreg_port) { 47 tport = regs->data[priv->sreg_port]; 48 } 49 if (!tport) 50 tport = hp->dest; 51 52 /* UDP has no TCP_TIME_WAIT state, so we never enter here */ 53 if (sk && sk->sk_state == TCP_TIME_WAIT) 54 /* reopening a TIME_WAIT connection needs special handling */ 55 sk = nf_tproxy_handle_time_wait4(nft_net(pkt), skb, taddr, tport, sk); 56 else if (!sk) 57 /* no, there's no established connection, check if 58 * there's a listener on the redirected addr/port */ 59 sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol, 60 iph->saddr, taddr, 61 hp->source, tport, 62 skb->dev, NF_TPROXY_LOOKUP_LISTENER); 63 64 if (sk && nf_tproxy_sk_is_transparent(sk)) { > 65 nf_tproxy_assign_sock(skb, sk); 66 } 67 } 68 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip
