tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 020f6cc5f75511c5974cfd454f224365bc0c2df4 commit: af308b94a2a4a5a27bec9028354c4df444a7c8ba [15/20] netfilter: nf_tables: add tunnel support reproduce: # apt-get install sparse git checkout af308b94a2a4a5a27bec9028354c4df444a7c8ba make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nft_tunnel.c:117:25: sparse: incorrect type in assignment (different base types) @@ expected unsigned int [unsigned] [usertype] flags @@ got ed int [unsigned] [usertype] flags @@ net/netfilter/nft_tunnel.c:117:25: expected unsigned int [unsigned] [usertype] flags net/netfilter/nft_tunnel.c:117:25: got restricted __be16 [usertype] <noident> net/netfilter/nft_tunnel.c:166:25: sparse: incorrect type in assignment (different base types) @@ expected unsigned int [unsigned] [usertype] flags @@ got ed int [unsigned] [usertype] flags @@ net/netfilter/nft_tunnel.c:166:25: expected unsigned int [unsigned] [usertype] flags net/netfilter/nft_tunnel.c:166:25: got restricted __be16 [usertype] <noident> >> net/netfilter/nft_tunnel.c:242:33: sparse: incorrect type in assignment (different base types) @@ expected restricted __be16 [addressable] [assigned] [usertype] tp_src @@ got e] tp_src @@ net/netfilter/nft_tunnel.c:242:33: expected restricted __be16 [addressable] [assigned] [usertype] tp_src net/netfilter/nft_tunnel.c:242:33: got int >> net/netfilter/nft_tunnel.c:246:33: sparse: incorrect type in assignment (different base types) @@ expected restricted __be16 [addressable] [assigned] [usertype] tp_dst @@ got e] tp_dst @@ net/netfilter/nft_tunnel.c:246:33: expected restricted __be16 [addressable] [assigned] [usertype] tp_dst net/netfilter/nft_tunnel.c:246:33: got int >> net/netfilter/nft_tunnel.c:284:43: sparse: incorrect type in argument 4 (different base types) @@ expected restricted __be16 [usertype] flags @@ got unsignrestricted __be16 [usertype] flags @@ net/netfilter/nft_tunnel.c:284:43: expected restricted __be16 [usertype] flags net/netfilter/nft_tunnel.c:284:43: got unsigned int [unsigned] [usertype] flags >> net/netfilter/nft_tunnel.c:342:27: sparse: restricted __be16 degrades to integer net/netfilter/nft_tunnel.c:346:34: sparse: restricted __be16 degrades to integer >> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16 >> net/netfilter/nft_tunnel.c:370:54: sparse: incorrect type in argument 1 (different base types) @@ expected unsigned short [unsigned] [usertype] val @@ got short [unsigned] [usertype] val @@ net/netfilter/nft_tunnel.c:370:54: expected unsigned short [unsigned] [usertype] val net/netfilter/nft_tunnel.c:370:54: got restricted __be16 [usertype] tp_src >> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16 >> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16 net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16 net/netfilter/nft_tunnel.c:371:54: sparse: incorrect type in argument 1 (different base types) @@ expected unsigned short [unsigned] [usertype] val @@ got short [unsigned] [usertype] val @@ net/netfilter/nft_tunnel.c:371:54: expected unsigned short [unsigned] [usertype] val net/netfilter/nft_tunnel.c:371:54: got restricted __be16 [usertype] tp_dst net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16 net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16 vim +117 net/netfilter/nft_tunnel.c 99 100 static int nft_tunnel_obj_vxlan_init(const struct nlattr *attr, 101 struct nft_tunnel_opts *opts) 102 { 103 struct nlattr *tb[NFTA_TUNNEL_KEY_VXLAN_MAX + 1]; 104 int err; 105 106 err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_VXLAN_MAX, attr, 107 nft_tunnel_opts_vxlan_policy, NULL); 108 if (err < 0) 109 return err; 110 111 if (!tb[NFTA_TUNNEL_KEY_VXLAN_GBP]) 112 return -EINVAL; 113 114 opts->u.vxlan.gbp = ntohl(nla_get_be32(tb[NFTA_TUNNEL_KEY_VXLAN_GBP])); 115 116 opts->len = sizeof(struct vxlan_metadata); > 117 opts->flags = TUNNEL_VXLAN_OPT; 118 119 return 0; 120 } 121 122 static const struct nla_policy nft_tunnel_opts_erspan_policy[NFTA_TUNNEL_KEY_ERSPAN_MAX + 1] = { 123 [NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX] = { .type = NLA_U32 }, 124 [NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] = { .type = NLA_U8 }, 125 [NFTA_TUNNEL_KEY_ERSPAN_V2_HWID] = { .type = NLA_U8 }, 126 }; 127 128 static int nft_tunnel_obj_erspan_init(const struct nlattr *attr, 129 struct nft_tunnel_opts *opts) 130 { 131 struct nlattr *tb[NFTA_TUNNEL_KEY_ERSPAN_MAX + 1]; 132 uint8_t hwid, dir; 133 int err, version; 134 135 err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_ERSPAN_MAX, attr, 136 nft_tunnel_opts_erspan_policy, NULL); 137 if (err < 0) 138 return err; 139 140 version = ntohl(nla_get_be32(tb[NFTA_TUNNEL_KEY_ERSPAN_VERSION])); 141 switch (version) { 142 case ERSPAN_VERSION: 143 if (!tb[NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX]) 144 return -EINVAL; 145 146 opts->u.erspan.u.index = 147 nla_get_be32(tb[NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX]); 148 break; 149 case ERSPAN_VERSION2: 150 if (!tb[NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] || 151 !tb[NFTA_TUNNEL_KEY_ERSPAN_V2_HWID]) 152 return -EINVAL; 153 154 hwid = nla_get_u8(tb[NFTA_TUNNEL_KEY_ERSPAN_V2_HWID]); 155 dir = nla_get_u8(tb[NFTA_TUNNEL_KEY_ERSPAN_V2_DIR]); 156 157 set_hwid(&opts->u.erspan.u.md2, hwid); 158 opts->u.erspan.u.md2.dir = dir; 159 break; 160 default: 161 return -EOPNOTSUPP; 162 } 163 opts->u.erspan.version = version; 164 165 opts->len = sizeof(struct erspan_metadata); > 166 opts->flags = TUNNEL_ERSPAN_OPT; 167 168 return 0; 169 } 170 171 static const struct nla_policy nft_tunnel_opts_policy[NFTA_TUNNEL_KEY_OPTS_MAX + 1] = { 172 [NFTA_TUNNEL_KEY_OPTS_VXLAN] = { .type = NLA_NESTED, }, 173 [NFTA_TUNNEL_KEY_OPTS_ERSPAN] = { .type = NLA_NESTED, }, 174 }; 175 176 static int nft_tunnel_obj_opts_init(const struct nft_ctx *ctx, 177 const struct nlattr *attr, 178 struct ip_tunnel_info *info, 179 struct nft_tunnel_opts *opts) 180 { 181 struct nlattr *tb[NFTA_TUNNEL_KEY_OPTS_MAX + 1]; 182 int err; 183 184 err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_OPTS_MAX, attr, 185 nft_tunnel_opts_policy, NULL); 186 if (err < 0) 187 return err; 188 189 if (tb[NFTA_TUNNEL_KEY_OPTS_VXLAN]) { 190 err = nft_tunnel_obj_vxlan_init(tb[NFTA_TUNNEL_KEY_OPTS_VXLAN], 191 opts); 192 } else if (tb[NFTA_TUNNEL_KEY_OPTS_ERSPAN]) { 193 err = nft_tunnel_obj_erspan_init(tb[NFTA_TUNNEL_KEY_OPTS_ERSPAN], 194 opts); 195 } else { 196 return -EOPNOTSUPP; 197 } 198 199 return err; 200 } 201 202 static const struct nla_policy nft_tunnel_key_policy[NFTA_TUNNEL_KEY_MAX + 1] = { 203 [NFTA_TUNNEL_KEY_IP] = { .type = NLA_NESTED, }, 204 [NFTA_TUNNEL_KEY_IP6] = { .type = NLA_NESTED, }, 205 [NFTA_TUNNEL_KEY_ID] = { .type = NLA_U32, }, 206 [NFTA_TUNNEL_KEY_FLAGS] = { .type = NLA_U32, }, 207 [NFTA_TUNNEL_KEY_TOS] = { .type = NLA_U8, }, 208 [NFTA_TUNNEL_KEY_TTL] = { .type = NLA_U8, }, 209 [NFTA_TUNNEL_KEY_OPTS] = { .type = NLA_NESTED, }, 210 }; 211 212 static int nft_tunnel_obj_init(const struct nft_ctx *ctx, 213 const struct nlattr * const tb[], 214 struct nft_object *obj) 215 { 216 struct nft_tunnel_obj *priv = nft_obj_data(obj); 217 struct ip_tunnel_info info; 218 struct metadata_dst *md; 219 int err; 220 221 if (!tb[NFTA_TUNNEL_KEY_ID]) 222 return -EINVAL; 223 224 memset(&info, 0, sizeof(info)); 225 info.mode = IP_TUNNEL_INFO_TX; 226 info.key.tun_id = key32_to_tunnel_id(nla_get_be32(tb[NFTA_TUNNEL_KEY_ID])); 227 info.key.tun_flags = TUNNEL_KEY | TUNNEL_CSUM | TUNNEL_NOCACHE; 228 229 if (tb[NFTA_TUNNEL_KEY_IP]) { 230 err = nft_tunnel_obj_ip_init(ctx, tb[NFTA_TUNNEL_KEY_IP], &info); 231 if (err < 0) 232 return err; 233 } else if (tb[NFTA_TUNNEL_KEY_IP6]) { 234 err = nft_tunnel_obj_ip6_init(ctx, tb[NFTA_TUNNEL_KEY_IP6], &info); 235 if (err < 0) 236 return err; 237 } else { 238 return -EINVAL; 239 } 240 241 if (tb[NFTA_TUNNEL_KEY_SPORT]) { > 242 info.key.tp_src = 243 ntohs(nla_get_be16(tb[NFTA_TUNNEL_KEY_SPORT])); 244 } 245 if (tb[NFTA_TUNNEL_KEY_DPORT]) { > 246 info.key.tp_dst = 247 ntohs(nla_get_be16(tb[NFTA_TUNNEL_KEY_DPORT])); 248 } 249 250 if (tb[NFTA_TUNNEL_KEY_FLAGS]) { 251 u32 tun_flags; 252 253 tun_flags = ntohl(nla_get_be32(tb[NFTA_TUNNEL_KEY_FLAGS])); 254 if (tun_flags & ~NFT_TUNNEL_F_MASK) 255 return -EOPNOTSUPP; 256 257 if (tun_flags & NFT_TUNNEL_F_ZERO_CSUM_TX) 258 info.key.tun_flags &= ~TUNNEL_CSUM; 259 if (tun_flags & NFT_TUNNEL_F_DONT_FRAGMENT) 260 info.key.tun_flags |= TUNNEL_DONT_FRAGMENT; 261 if (tun_flags & NFT_TUNNEL_F_SEQ_NUMBER) 262 info.key.tun_flags |= TUNNEL_SEQ; 263 } 264 if (tb[NFTA_TUNNEL_KEY_TOS]) 265 info.key.tos = nla_get_u8(tb[NFTA_TUNNEL_KEY_TOS]); 266 if (tb[NFTA_TUNNEL_KEY_TTL]) 267 info.key.ttl = nla_get_u8(tb[NFTA_TUNNEL_KEY_TTL]); 268 else 269 info.key.ttl = U8_MAX; 270 271 if (tb[NFTA_TUNNEL_KEY_OPTS]) { 272 err = nft_tunnel_obj_opts_init(ctx, tb[NFTA_TUNNEL_KEY_OPTS], 273 &info, &priv->opts); 274 if (err < 0) 275 return err; 276 } 277 278 md = metadata_dst_alloc(priv->opts.len, METADATA_IP_TUNNEL, GFP_KERNEL); 279 if (!md) 280 return -ENOMEM; 281 282 memcpy(&md->u.tun_info, &info, sizeof(info)); 283 ip_tunnel_info_opts_set(&md->u.tun_info, &priv->opts.u, priv->opts.len, > 284 priv->opts.flags); 285 priv->md = md; 286 287 return 0; 288 } 289 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
