Merge branch 'main' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf (775c73df) · Commits · EulixOS / Software / Kernel

include/net/netfilter/nf_tproxy.h

+7 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,13 @@ static inline bool nf_tproxy_sk_is_transparent(struct sock *sk)
		return false;
		}

		static inline void nf_tproxy_twsk_deschedule_put(struct inet_timewait_sock *tw)
		{
		local_bh_disable();
		inet_twsk_deschedule_put(tw);
		local_bh_enable();
		}

		/* assign a socket to the skb -- consumes sk */
		static inline void nf_tproxy_assign_sock(struct sk_buff skb, struct sock sk)
		{

net/ipv4/netfilter/nf_tproxy_ipv4.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -38,7 +38,7 @@ nf_tproxy_handle_time_wait4(struct net net, struct sk_buff skb,
		hp->source, lport ? lport : hp->dest,
		skb->dev, NF_TPROXY_LOOKUP_LISTENER);
		if (sk2) {
		inet_twsk_deschedule_put(inet_twsk(sk));
		nf_tproxy_twsk_deschedule_put(inet_twsk(sk));
		sk = sk2;
		}
		}

net/ipv6/netfilter/nf_tproxy_ipv6.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -63,7 +63,7 @@ nf_tproxy_handle_time_wait6(struct sk_buff *skb, int tproto, int thoff,
		lport ? lport : hp->dest,
		skb->dev, NF_TPROXY_LOOKUP_LISTENER);
		if (sk2) {
		inet_twsk_deschedule_put(inet_twsk(sk));
		nf_tproxy_twsk_deschedule_put(inet_twsk(sk));
		sk = sk2;
		}
		}

net/netfilter/nf_conntrack_core.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -96,8 +96,8 @@ static DEFINE_MUTEX(nf_conntrack_mutex);
		#define GC_SCAN_MAX_DURATION msecs_to_jiffies(10)
		#define GC_SCAN_EXPIRED_MAX (64000u / HZ)

		#define MIN_CHAINLEN 8u
		#define MAX_CHAINLEN (32u - MIN_CHAINLEN)
		#define MIN_CHAINLEN 50u
		#define MAX_CHAINLEN (80u - MIN_CHAINLEN)

		static struct conntrack_gc_work conntrack_gc_work;

net/netfilter/nf_conntrack_netlink.c

+7 −7

Original line number	Diff line number	Diff line
		@@ -328,11 +328,12 @@ ctnetlink_dump_timestamp(struct sk_buff skb, const struct nf_conn ct)
		}

		#ifdef CONFIG_NF_CONNTRACK_MARK
		static int ctnetlink_dump_mark(struct sk_buff skb, const struct nf_conn ct)
		static int ctnetlink_dump_mark(struct sk_buff skb, const struct nf_conn ct,
		bool dump)
		{
		u32 mark = READ_ONCE(ct->mark);

		if (!mark)
		if (!mark && !dump)
		return 0;

		if (nla_put_be32(skb, CTA_MARK, htonl(mark)))
		@@ -343,7 +344,7 @@ static int ctnetlink_dump_mark(struct sk_buff skb, const struct nf_conn ct)
		return -1;
		}
		#else
		#define ctnetlink_dump_mark(a, b) (0)
		#define ctnetlink_dump_mark(a, b, c) (0)
		#endif

		#ifdef CONFIG_NF_CONNTRACK_SECMARK
		@@ -548,7 +549,7 @@ static int ctnetlink_dump_extinfo(struct sk_buff *skb,
		static int ctnetlink_dump_info(struct sk_buff skb, struct nf_conn ct)
		{
		if (ctnetlink_dump_status(skb, ct) < 0 \|\|
		ctnetlink_dump_mark(skb, ct) < 0 \|\|
		ctnetlink_dump_mark(skb, ct, true) < 0 \|\|
		ctnetlink_dump_secctx(skb, ct) < 0 \|\|
		ctnetlink_dump_id(skb, ct) < 0 \|\|
		ctnetlink_dump_use(skb, ct) < 0 \|\|
		@@ -831,8 +832,7 @@ ctnetlink_conntrack_event(unsigned int events, const struct nf_ct_event *item)
		}

		#ifdef CONFIG_NF_CONNTRACK_MARK
		if (events & (1 << IPCT_MARK) &&
		ctnetlink_dump_mark(skb, ct) < 0)
		if (ctnetlink_dump_mark(skb, ct, events & (1 << IPCT_MARK)))
		goto nla_put_failure;
		#endif
		nlmsg_end(skb, nlh);
		@@ -2735,7 +2735,7 @@ static int __ctnetlink_glue_build(struct sk_buff skb, struct nf_conn ct)
		goto nla_put_failure;

		#ifdef CONFIG_NF_CONNTRACK_MARK
		if (ctnetlink_dump_mark(skb, ct) < 0)
		if (ctnetlink_dump_mark(skb, ct, true) < 0)
		goto nla_put_failure;
		#endif
		if (ctnetlink_dump_labels(skb, ct) < 0)