Hi Cole, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on net/master] url: https://github.com/0day-ci/linux/commits/Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210907-101823 base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git b539c44df067ac116ec1b58b956efda51b6a7fc1 config: arm-randconfig-r003-20210906 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 9c476172b93367d2cb88d7d3f4b1b5b456fa6020) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://github.com/0day-ci/linux/commit/3d790f5d7c3d6069948749b4697090adfcc48e51 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210907-101823 git checkout 3d790f5d7c3d6069948749b4697090adfcc48e51 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@xxxxxxxxx> All warnings (new ones prefixed by >>): >> net/netfilter/nf_nat_core.c:373:6: warning: no previous prototype for function 'nf_nat_l4proto_unique_tuple' [-Wmissing-prototypes] void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple, ^ net/netfilter/nf_nat_core.c:373:1: note: declare 'static' if the function is not intended to be used outside of this translation unit void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple, ^ static 1 warning generated. vim +/nf_nat_l4proto_unique_tuple +373 net/netfilter/nf_nat_core.c 367 368 /* Alter the per-proto part of the tuple (depending on maniptype), to 369 * give a unique tuple in the given range if possible. 370 * 371 * Per-protocol part of tuple is initialized to the incoming packet. 372 */ > 373 void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple, 374 const struct nf_nat_range2 *range, 375 enum nf_nat_manip_type maniptype, 376 const struct nf_conn *ct) 377 { 378 unsigned int range_size, min, max, i, attempts; 379 __be16 *keyptr; 380 u16 off; 381 static const unsigned int max_attempts = 128; 382 383 switch (tuple->dst.protonum) { 384 case IPPROTO_ICMP: 385 case IPPROTO_ICMPV6: 386 /* id is same for either direction... */ 387 keyptr = &tuple->src.u.icmp.id; 388 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) { 389 min = 0; 390 range_size = 65536; 391 } else { 392 min = ntohs(range->min_proto.icmp.id); 393 range_size = ntohs(range->max_proto.icmp.id) - 394 ntohs(range->min_proto.icmp.id) + 1; 395 } 396 goto find_free_id; 397 #if IS_ENABLED(CONFIG_NF_CT_PROTO_GRE) 398 case IPPROTO_GRE: 399 /* If there is no master conntrack we are not PPTP, 400 do not change tuples */ 401 if (!ct->master) 402 return; 403 404 if (maniptype == NF_NAT_MANIP_SRC) 405 keyptr = &tuple->src.u.gre.key; 406 else 407 keyptr = &tuple->dst.u.gre.key; 408 409 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) { 410 min = 1; 411 range_size = 65535; 412 } else { 413 min = ntohs(range->min_proto.gre.key); 414 range_size = ntohs(range->max_proto.gre.key) - min + 1; 415 } 416 goto find_free_id; 417 #endif 418 case IPPROTO_UDP: 419 case IPPROTO_UDPLITE: 420 case IPPROTO_TCP: 421 case IPPROTO_SCTP: 422 case IPPROTO_DCCP: 423 if (maniptype == NF_NAT_MANIP_SRC) 424 keyptr = &tuple->src.u.all; 425 else 426 keyptr = &tuple->dst.u.all; 427 428 break; 429 default: 430 return; 431 } 432 433 /* If no range specified... */ 434 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) { 435 /* If it's dst rewrite, can't change port */ 436 if (maniptype == NF_NAT_MANIP_DST) 437 return; 438 439 if (ntohs(*keyptr) < 1024) { 440 /* Loose convention: >> 512 is credential passing */ 441 if (ntohs(*keyptr) < 512) { 442 min = 1; 443 range_size = 511 - min + 1; 444 } else { 445 min = 600; 446 range_size = 1023 - min + 1; 447 } 448 } else { 449 min = 1024; 450 range_size = 65535 - 1024 + 1; 451 } 452 } else { 453 min = ntohs(range->min_proto.all); 454 max = ntohs(range->max_proto.all); 455 if (unlikely(max < min)) 456 swap(max, min); 457 range_size = max - min + 1; 458 } 459 460 find_free_id: 461 if (range->flags & NF_NAT_RANGE_PROTO_OFFSET) 462 off = (ntohs(*keyptr) - ntohs(range->base_proto.all)); 463 else 464 off = prandom_u32(); 465 466 attempts = range_size; 467 if (attempts > max_attempts) 468 attempts = max_attempts; 469 470 /* We are in softirq; doing a search of the entire range risks 471 * soft lockup when all tuples are already used. 472 * 473 * If we can't find any free port from first offset, pick a new 474 * one and try again, with ever smaller search window. 475 */ 476 another_round: 477 for (i = 0; i < attempts; i++, off++) { 478 *keyptr = htons(min + off % range_size); 479 if (!nf_nat_used_tuple(tuple, ct)) 480 return; 481 } 482 483 if (attempts >= range_size || attempts < 16) 484 return; 485 attempts /= 2; 486 off = prandom_u32(); 487 goto another_round; 488 } 489 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
Attachment:
.config.gz
Description: application/gzip