Commit 602ae008 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 

Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

The following patchset contains Netfilter/IPVS updates for net-next:

1) Simplify nf_ct_get_tuple(), from Jackie Liu.

2) Add format to request_module() call, from Bill Wendling.

3) Add /proc/net/stats/nf_flowtable to monitor in-flight pending
   hardware offload objects to be processed, from Vlad Buslov.

4) Missing rcu annotation and accessors in the netfilter tree,
   from Florian Westphal.

5) Merge h323 conntrack helper nat hooks into single object,
   also from Florian.

6) A batch of update to fix sparse warnings treewide,
   from Florian Westphal.

7) Move nft_cmp_fast_mask() where it used, from Florian.

8) Missing const in nf_nat_initialized(), from James Yonan.

9) Use bitmap API for Maglev IPVS scheduler, from Christophe Jaillet.

10) Use refcount_inc instead of _inc_not_zero in flowtable,
    from Florian Westphal.

11) Remove pr_debug in xt_TPROXY, from Nathan Cancellor.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next:
  netfilter: xt_TPROXY: remove pr_debug invocations
  netfilter: flowtable: prefer refcount_inc
  netfilter: ipvs: Use the bitmap API to allocate bitmaps
  netfilter: nf_nat: in nf_nat_initialized(), use const struct nf_conn *
  netfilter: nf_tables: move nft_cmp_fast_mask to where its used
  netfilter: nf_tables: use correct integer types
  netfilter: nf_tables: add and use BE register load-store helpers
  netfilter: nf_tables: use the correct get/put helpers
  netfilter: x_tables: use correct integer types
  netfilter: nfnetlink: add missing __be16 cast
  netfilter: nft_set_bitmap: Fix spelling mistake
  netfilter: h323: merge nat hook pointers into one
  netfilter: nf_conntrack: use rcu accessors where needed
  netfilter: nf_conntrack: add missing __rcu annotations
  netfilter: nf_flow_table: count pending offload workqueue tasks
  net/sched: act_ct: set 'net' pointer when creating new nf_flow_table
  netfilter: conntrack: use correct format characters
  netfilter: conntrack: use fallthrough to cleanup
====================

Link: https://lore.kernel.org/r/20220720230754.209053-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 47f058ce aa8c7cdb

include/linux/netfilter/nf_conntrack_h323.h

+56 −53
Original line number Diff line number Diff line
@@ -38,60 +38,63 @@ void nf_conntrack_h245_expect(struct nf_conn *new, 
			      struct nf_conntrack_expect *this);

void nf_conntrack_q931_expect(struct nf_conn *new,

			      struct nf_conntrack_expect *this);

extern int (*set_h245_addr_hook) (struct sk_buff *skb, unsigned int protoff,



struct nfct_h323_nat_hooks {

	int (*set_h245_addr)(struct sk_buff *skb, unsigned int protoff,

			     unsigned char **data, int dataoff,

			     H245_TransportAddress *taddr,

				  union nf_inet_addr *addr,

				  __be16 port);

extern int (*set_h225_addr_hook) (struct sk_buff *skb, unsigned int protoff,

			     union nf_inet_addr *addr, __be16 port);

	int (*set_h225_addr)(struct sk_buff *skb, unsigned int protoff,

			     unsigned char **data, int dataoff,

			     TransportAddress *taddr,

				  union nf_inet_addr *addr,

				  __be16 port);

extern int (*set_sig_addr_hook) (struct sk_buff *skb,

			     union nf_inet_addr *addr, __be16 port);

	int (*set_sig_addr)(struct sk_buff *skb,

			    struct nf_conn *ct,

			    enum ip_conntrack_info ctinfo,

			    unsigned int protoff, unsigned char **data,

			    TransportAddress *taddr, int count);

extern int (*set_ras_addr_hook) (struct sk_buff *skb,

	int (*set_ras_addr)(struct sk_buff *skb,

			    struct nf_conn *ct,

			    enum ip_conntrack_info ctinfo,

			    unsigned int protoff, unsigned char **data,

			    TransportAddress *taddr, int count);

extern int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,

	int (*nat_rtp_rtcp)(struct sk_buff *skb,

			    struct nf_conn *ct,

			    enum ip_conntrack_info ctinfo,

				 unsigned int protoff, unsigned char **data,

				 int dataoff,

			    unsigned int protoff,

			    unsigned char **data, int dataoff,

			    H245_TransportAddress *taddr,

			    __be16 port, __be16 rtp_port,

			    struct nf_conntrack_expect *rtp_exp,

			    struct nf_conntrack_expect *rtcp_exp);

extern int (*nat_t120_hook) (struct sk_buff *skb, struct nf_conn *ct,

	int (*nat_t120)(struct sk_buff *skb,

			struct nf_conn *ct,

			enum ip_conntrack_info ctinfo,

			unsigned int protoff,

			unsigned char **data, int dataoff,

			H245_TransportAddress *taddr, __be16 port,

			struct nf_conntrack_expect *exp);

extern int (*nat_h245_hook) (struct sk_buff *skb, struct nf_conn *ct,

	int (*nat_h245)(struct sk_buff *skb,

			struct nf_conn *ct,

			enum ip_conntrack_info ctinfo,

			unsigned int protoff,

			unsigned char **data, int dataoff,

			TransportAddress *taddr, __be16 port,

			struct nf_conntrack_expect *exp);

extern int (*nat_callforwarding_hook) (struct sk_buff *skb,

	int (*nat_callforwarding)(struct sk_buff *skb,

				  struct nf_conn *ct,

				  enum ip_conntrack_info ctinfo,

				  unsigned int protoff,

				  unsigned char **data, int dataoff,

				       TransportAddress *taddr,

				       __be16 port,

				  TransportAddress *taddr, __be16 port,

				  struct nf_conntrack_expect *exp);

extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct,

	int (*nat_q931)(struct sk_buff *skb,

			struct nf_conn *ct,

			enum ip_conntrack_info ctinfo,

			unsigned int protoff,

			     unsigned char **data, TransportAddress *taddr,

			     int idx, __be16 port,

			     struct nf_conntrack_expect *exp);

			unsigned char **data, TransportAddress *taddr, int idx,

			__be16 port, struct nf_conntrack_expect *exp);

};

extern const struct nfct_h323_nat_hooks __rcu *nfct_h323_nat_hook;



#endif

include/linux/netfilter/nf_conntrack_sip.h

+1 −1
Original line number Diff line number Diff line
@@ -164,7 +164,7 @@ struct nf_nat_sip_hooks { 
				  unsigned int medialen,

				  union nf_inet_addr *rtp_addr);

};

extern const struct nf_nat_sip_hooks *nf_nat_sip_hooks;

extern const struct nf_nat_sip_hooks __rcu *nf_nat_sip_hooks;



int ct_sip_parse_request(const struct nf_conn *ct, const char *dptr,

			 unsigned int datalen, unsigned int *matchoff,

include/net/net_namespace.h

+6 −0
Original line number Diff line number Diff line
@@ -26,6 +26,9 @@ 
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)

#include <net/netns/conntrack.h>

#endif

#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)

#include <net/netns/flow_table.h>

#endif

#include <net/netns/nftables.h>

#include <net/netns/xfrm.h>

#include <net/netns/mpls.h>
@@ -142,6 +145,9 @@ struct net { 
#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)

	struct netns_nftables	nft;

#endif

#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)

	struct netns_ft ft;

#endif

#endif

#ifdef CONFIG_WEXT_CORE

	struct sk_buff_head	wext_nlevents;

include/net/netfilter/nf_conntrack_timeout.h

+1 −1
Original line number Diff line number Diff line
@@ -105,7 +105,7 @@ struct nf_ct_timeout_hooks { 
	void (*timeout_put)(struct nf_ct_timeout *timeout);

};



extern const struct nf_ct_timeout_hooks *nf_ct_timeout_hook;

extern const struct nf_ct_timeout_hooks __rcu *nf_ct_timeout_hook;

#endif



#endif /* _NF_CONNTRACK_TIMEOUT_H */

include/net/netfilter/nf_flow_table.h

+21 −0
Original line number Diff line number Diff line
@@ -335,4 +335,25 @@ static inline __be16 nf_flow_pppoe_proto(const struct sk_buff *skb) 
	return 0;

}



#define NF_FLOW_TABLE_STAT_INC(net, count) __this_cpu_inc((net)->ft.stat->count)

#define NF_FLOW_TABLE_STAT_DEC(net, count) __this_cpu_dec((net)->ft.stat->count)

#define NF_FLOW_TABLE_STAT_INC_ATOMIC(net, count)	\

	this_cpu_inc((net)->ft.stat->count)

#define NF_FLOW_TABLE_STAT_DEC_ATOMIC(net, count)	\

	this_cpu_dec((net)->ft.stat->count)



#ifdef CONFIG_NF_FLOW_TABLE_PROCFS

int nf_flow_table_init_proc(struct net *net);

void nf_flow_table_fini_proc(struct net *net);

#else

static inline int nf_flow_table_init_proc(struct net *net)

{

	return 0;

}



static inline void nf_flow_table_fini_proc(struct net *net)

{

}

#endif /* CONFIG_NF_FLOW_TABLE_PROCFS */



#endif /* _NF_FLOW_TABLE_H */