Commit 45230829 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

1) Conntrack sets on CHECKSUM_UNNECESSARY for UDP packet with no checksum,
   from Kevin Mitchell.

2) skb->priority support for nfqueue, from Nicolas Dichtel.

3) Remove conntrack extension register API, from Florian Westphal.

4) Move nat destroy hook to nf_nat_hook instead, to remove
   nf_ct_ext_destroy(), also from Florian.

5) Wrap pptp conntrack NAT hooks into single structure, from Florian Westphal.

6) Support for tcp option set to noop for nf_tables, also from Florian.

7) Do not run x_tables comment match from packet path in nf_tables,
   from Florian Westphal.

8) Replace spinlock by cmpxchg() loop to update missed ct event,
   from Florian Westphal.

9) Wrap cttimeout hooks into single structure, from Florian.

10) Add fast nft_cmp expression for up to 16-bytes.

11) Use cb->ctx to store context in ctnetlink dump, instead of using
    cb->args[], from Florian Westphal.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next:
  netfilter: ctnetlink: use dump structure instead of raw args
  nfqueue: enable to set skb->priority
  netfilter: nft_cmp: optimize comparison for 16-bytes
  netfilter: cttimeout: use option structure
  netfilter: ecache: don't use nf_conn spinlock
  netfilter: nft_compat: suppress comment match
  netfilter: exthdr: add support for tcp option removal
  netfilter: conntrack: pptp: use single option structure
  netfilter: conntrack: remove extension register api
  netfilter: conntrack: handle ->destroy hook via nat_ops instead
  netfilter: conntrack: move extension sizes into core
  netfilter: conntrack: make all extensions 8-byte alignned
  netfilter: nfqueue: enable to get skb->priority
  netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY
====================

Link: https://lore.kernel.org/r/20220209133616.165104-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 4f9bf2a2 5948ed29

include/linux/netfilter.h

+1 −0
Original line number Diff line number Diff line
@@ -379,6 +379,7 @@ struct nf_nat_hook { 
	unsigned int (*manip_pkt)(struct sk_buff *skb, struct nf_conn *ct,

				  enum nf_nat_manip_type mtype,

				  enum ip_conntrack_dir dir);

	void (*remove_nat_bysrc)(struct nf_conn *ct);

};



extern const struct nf_nat_hook __rcu *nf_nat_hook;

include/linux/netfilter/nf_conntrack_pptp.h

+17 −21
Original line number Diff line number Diff line
@@ -300,26 +300,22 @@ union pptp_ctrl_union { 
	struct PptpSetLinkInfo		setlink;

};



extern int

(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,

struct nf_nat_pptp_hook {

	int (*outbound)(struct sk_buff *skb,

			struct nf_conn *ct, enum ip_conntrack_info ctinfo,

			unsigned int protoff,

			struct PptpControlHeader *ctlh,

			union pptp_ctrl_union *pptpReq);



extern int

(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,

	int (*inbound)(struct sk_buff *skb,

		       struct nf_conn *ct, enum ip_conntrack_info ctinfo,

		       unsigned int protoff,

		       struct PptpControlHeader *ctlh,

		       union pptp_ctrl_union *pptpReq);



extern void

(*nf_nat_pptp_hook_exp_gre)(struct nf_conntrack_expect *exp_orig,

	void (*exp_gre)(struct nf_conntrack_expect *exp_orig,

			struct nf_conntrack_expect *exp_reply);



extern void

(*nf_nat_pptp_hook_expectfn)(struct nf_conn *ct,

	void (*expectfn)(struct nf_conn *ct,

			 struct nf_conntrack_expect *exp);

};



extern const struct nf_nat_pptp_hook __rcu *nf_nat_pptp_hook;

#endif /* _NF_CONNTRACK_PPTP_H */

include/net/netfilter/nf_conntrack_acct.h

+0 −1
Original line number Diff line number Diff line
@@ -78,7 +78,6 @@ static inline void nf_ct_acct_update(struct nf_conn *ct, u32 dir, 


void nf_conntrack_acct_pernet_init(struct net *net);



int nf_conntrack_acct_init(void);

void nf_conntrack_acct_fini(void);



#endif /* _NF_CONNTRACK_ACCT_H */

include/net/netfilter/nf_conntrack_ecache.h

+1 −14
Original line number Diff line number Diff line
@@ -21,10 +21,10 @@ enum nf_ct_ecache_state { 


struct nf_conntrack_ecache {

	unsigned long cache;		/* bitops want long */

	u16 missed;			/* missed events */

	u16 ctmask;			/* bitmask of ct events to be delivered */

	u16 expmask;			/* bitmask of expect events to be delivered */

	enum nf_ct_ecache_state state:8;/* ecache state */

	u32 missed;			/* missed events */

	u32 portid;			/* netlink portid of destroyer */

};
@@ -166,9 +166,6 @@ void nf_conntrack_ecache_work(struct net *net, enum nf_ct_ecache_state state); 
void nf_conntrack_ecache_pernet_init(struct net *net);

void nf_conntrack_ecache_pernet_fini(struct net *net);



int nf_conntrack_ecache_init(void);

void nf_conntrack_ecache_fini(void);



static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net)

{

	return net->ct.ecache_dwork_pending;
@@ -194,16 +191,6 @@ static inline void nf_conntrack_ecache_pernet_init(struct net *net) 
static inline void nf_conntrack_ecache_pernet_fini(struct net *net)

{

}



static inline int nf_conntrack_ecache_init(void)

{

	return 0;

}



static inline void nf_conntrack_ecache_fini(void)

{

}



static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net) { return false; }

#endif /* CONFIG_NF_CONNTRACK_EVENTS */

#endif /*_NF_CONNTRACK_ECACHE_H*/

include/net/netfilter/nf_conntrack_extend.h

+1 −17
Original line number Diff line number Diff line
@@ -49,7 +49,7 @@ enum nf_ct_ext_id { 
struct nf_ct_ext {

	u8 offset[NF_CT_EXT_NUM];

	u8 len;

	char data[];

	char data[] __aligned(8);

};



static inline bool __nf_ct_ext_exist(const struct nf_ct_ext *ext, u8 id)
@@ -72,23 +72,7 @@ static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id) 
#define nf_ct_ext_find(ext, id)	\

	((id##_TYPE *)__nf_ct_ext_find((ext), (id)))



/* Destroy all relationships */

void nf_ct_ext_destroy(struct nf_conn *ct);



/* Add this type, returns pointer to data or NULL. */

void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp);



struct nf_ct_ext_type {

	/* Destroys relationships (can be NULL). */

	void (*destroy)(struct nf_conn *ct);



	enum nf_ct_ext_id id;



	/* Length and min alignment. */

	u8 len;

	u8 align;

};



int nf_ct_extend_register(const struct nf_ct_ext_type *type);

void nf_ct_extend_unregister(const struct nf_ct_ext_type *type);

#endif /* _NF_CONNTRACK_EXTEND_H */