Re: [PATCH] netfilter: nf_flow_table: add conntrack accounting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi John,

I love your patch! Perhaps something to improve:

[auto build test WARNING on nf-next/master]
[also build test WARNING on v4.18-rc2 next-20180625]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/John-Crispin/netfilter-nf_flow_table-add-conntrack-accounting/20180626-124429
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-allyesconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All warnings (new ones prefixed by >>):

   In file included from include/linux/linkage.h:7:0,
                    from include/linux/kernel.h:7,
                    from net/netfilter/nf_flow_table_core.c:1:
   net/netfilter/nf_flow_table_core.c:170:19: error: 'nf_flow_table_acct' undeclared here (not in a function); did you mean 'nf_flow_table_init'?
    EXPORT_SYMBOL_GPL(nf_flow_table_acct);
                      ^
   include/linux/export.h:59:16: note: in definition of macro '___EXPORT_SYMBOL'
     extern typeof(sym) sym;      \
                   ^~~
>> net/netfilter/nf_flow_table_core.c:170:1: note: in expansion of macro 'EXPORT_SYMBOL_GPL'
    EXPORT_SYMBOL_GPL(nf_flow_table_acct);
    ^~~~~~~~~~~~~~~~~

vim +/EXPORT_SYMBOL_GPL +170 net/netfilter/nf_flow_table_core.c

   > 1	#include <linux/kernel.h>
     2	#include <linux/init.h>
     3	#include <linux/module.h>
     4	#include <linux/netfilter.h>
     5	#include <linux/rhashtable.h>
     6	#include <linux/netdevice.h>
     7	#include <net/ip.h>
     8	#include <net/ip6_route.h>
     9	#include <net/netfilter/nf_tables.h>
    10	#include <net/netfilter/nf_flow_table.h>
    11	#include <net/netfilter/nf_conntrack.h>
    12	#include <net/netfilter/nf_conntrack_core.h>
    13	#include <net/netfilter/nf_conntrack_tuple.h>
    14	#include <net/netfilter/nf_conntrack_acct.h>
    15	
    16	struct flow_offload_entry {
    17		struct flow_offload	flow;
    18		struct nf_conn		*ct;
    19		struct rcu_head		rcu_head;
    20	};
    21	
    22	static DEFINE_MUTEX(flowtable_lock);
    23	static LIST_HEAD(flowtables);
    24	
    25	static void
    26	flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct,
    27			      struct nf_flow_route *route,
    28			      enum flow_offload_tuple_dir dir)
    29	{
    30		struct flow_offload_tuple *ft = &flow->tuplehash[dir].tuple;
    31		struct nf_conntrack_tuple *ctt = &ct->tuplehash[dir].tuple;
    32		struct dst_entry *dst = route->tuple[dir].dst;
    33	
    34		ft->dir = dir;
    35	
    36		switch (ctt->src.l3num) {
    37		case NFPROTO_IPV4:
    38			ft->src_v4 = ctt->src.u3.in;
    39			ft->dst_v4 = ctt->dst.u3.in;
    40			ft->mtu = ip_dst_mtu_maybe_forward(dst, true);
    41			break;
    42		case NFPROTO_IPV6:
    43			ft->src_v6 = ctt->src.u3.in6;
    44			ft->dst_v6 = ctt->dst.u3.in6;
    45			ft->mtu = ip6_dst_mtu_forward(dst);
    46			break;
    47		}
    48	
    49		ft->l3proto = ctt->src.l3num;
    50		ft->l4proto = ctt->dst.protonum;
    51		ft->src_port = ctt->src.u.tcp.port;
    52		ft->dst_port = ctt->dst.u.tcp.port;
    53	
    54		ft->iifidx = route->tuple[dir].ifindex;
    55		ft->oifidx = route->tuple[!dir].ifindex;
    56		ft->dst_cache = dst;
    57	}
    58	
    59	struct flow_offload *
    60	flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route)
    61	{
    62		struct flow_offload_entry *entry;
    63		struct flow_offload *flow;
    64	
    65		if (unlikely(nf_ct_is_dying(ct) ||
    66		    !atomic_inc_not_zero(&ct->ct_general.use)))
    67			return NULL;
    68	
    69		entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
    70		if (!entry)
    71			goto err_ct_refcnt;
    72	
    73		flow = &entry->flow;
    74	
    75		if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst))
    76			goto err_dst_cache_original;
    77	
    78		if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst))
    79			goto err_dst_cache_reply;
    80	
    81		entry->ct = ct;
    82	
    83		flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_ORIGINAL);
    84		flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY);
    85	
    86		if (ct->status & IPS_SRC_NAT)
    87			flow->flags |= FLOW_OFFLOAD_SNAT;
    88		if (ct->status & IPS_DST_NAT)
    89			flow->flags |= FLOW_OFFLOAD_DNAT;
    90	
    91		return flow;
    92	
    93	err_dst_cache_reply:
    94		dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst);
    95	err_dst_cache_original:
    96		kfree(entry);
    97	err_ct_refcnt:
    98		nf_ct_put(ct);
    99	
   100		return NULL;
   101	}
   102	EXPORT_SYMBOL_GPL(flow_offload_alloc);
   103	
   104	static void flow_offload_fixup_tcp(struct ip_ct_tcp *tcp)
   105	{
   106		tcp->state = TCP_CONNTRACK_ESTABLISHED;
   107		tcp->seen[0].td_maxwin = 0;
   108		tcp->seen[1].td_maxwin = 0;
   109	}
   110	
   111	static void flow_offload_fixup_ct_state(struct nf_conn *ct)
   112	{
   113		const struct nf_conntrack_l4proto *l4proto;
   114		struct net *net = nf_ct_net(ct);
   115		unsigned int *timeouts;
   116		unsigned int timeout;
   117		int l4num;
   118	
   119		l4num = nf_ct_protonum(ct);
   120		if (l4num == IPPROTO_TCP)
   121			flow_offload_fixup_tcp(&ct->proto.tcp);
   122	
   123		l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), l4num);
   124		if (!l4proto)
   125			return;
   126	
   127		timeouts = l4proto->get_timeouts(net);
   128		if (!timeouts)
   129			return;
   130	
   131		if (l4num == IPPROTO_TCP)
   132			timeout = timeouts[TCP_CONNTRACK_ESTABLISHED];
   133		else if (l4num == IPPROTO_UDP)
   134			timeout = timeouts[UDP_CT_REPLIED];
   135		else
   136			return;
   137	
   138		ct->timeout = nfct_time_stamp + timeout;
   139	}
   140	
   141	void flow_offload_free(struct flow_offload *flow)
   142	{
   143		struct flow_offload_entry *e;
   144	
   145		dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_cache);
   146		dst_release(flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.dst_cache);
   147		e = container_of(flow, struct flow_offload_entry, flow);
   148		if (flow->flags & FLOW_OFFLOAD_DYING)
   149			nf_ct_delete(e->ct, 0, 0);
   150		nf_ct_put(e->ct);
   151		kfree_rcu(e, rcu_head);
   152	}
   153	EXPORT_SYMBOL_GPL(flow_offload_free);
   154	
   155	void nf_flow_offload_acct(struct flow_offload *flow, struct sk_buff *skb,
   156				  int dir)
   157	{
   158		struct flow_offload_entry *entry;
   159		struct nf_conn_acct *acct;
   160	
   161		entry = container_of(flow, struct flow_offload_entry, flow);
   162		acct = nf_conn_acct_find(entry->ct);
   163		if (acct) {
   164			struct nf_conn_counter *counter = acct->counter;
   165	
   166			atomic64_inc(&counter[dir].packets);
   167			atomic64_add(skb->len, &counter[dir].bytes);
   168		}
   169	}
 > 170	EXPORT_SYMBOL_GPL(nf_flow_table_acct);
   171	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Attachment: .config.gz
Description: application/gzip

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux