Commit 7ae9888d authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 

Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

1) Fix NAT IPv6 flowtable hardware offload, from Qingfang DENG.

2) Add a safety check to IPVS socket option interface report a
   warning if unsupported command is seen, this. From Li Qiong.

3) Document SCTP conntrack timeouts, from Sriram Yagnaraman.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: conntrack: document sctp timeouts
  ipvs: add a 'default' case in do_ip_vs_set_ctl()
  netfilter: flowtable: really fix NAT IPv6 offload
====================

Link: https://lore.kernel.org/r/20221213140923.154594-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 2d4ee16d f9645abe

Documentation/networking/nf_conntrack-sysctl.rst

+33 −0
Original line number Diff line number Diff line
@@ -163,6 +163,39 @@ nf_conntrack_timestamp - BOOLEAN 


	Enable connection tracking flow timestamping.



nf_conntrack_sctp_timeout_closed - INTEGER (seconds)

	default 10



nf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds)

	default 3



nf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds)

	default 3



nf_conntrack_sctp_timeout_established - INTEGER (seconds)

	default 432000 (5 days)



nf_conntrack_sctp_timeout_shutdown_sent - INTEGER (seconds)

	default 0.3



nf_conntrack_sctp_timeout_shutdown_recd - INTEGER (seconds)

	default 0.3



nf_conntrack_sctp_timeout_shutdown_ack_sent - INTEGER (seconds)

	default 3



nf_conntrack_sctp_timeout_heartbeat_sent - INTEGER (seconds)

	default 30



	This timeout is used to setup conntrack entry on secondary paths.

	Default is set to hb_interval.



nf_conntrack_sctp_timeout_heartbeat_acked - INTEGER (seconds)

	default 210



	This timeout is used to setup conntrack entry on secondary paths.

	Default is set to (hb_interval * path_max_retrans + rto_max)



nf_conntrack_udp_timeout - INTEGER (seconds)

	default 30

net/netfilter/ipvs/ip_vs_ctl.c

+5 −0
Original line number Diff line number Diff line
@@ -2841,6 +2841,11 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, sockptr_t ptr, unsigned int len) 
		break;

	case IP_VS_SO_SET_DELDEST:

		ret = ip_vs_del_dest(svc, &udest);

		break;

	default:

		WARN_ON_ONCE(1);

		ret = -EINVAL;

		break;

	}



  out_unlock:

net/netfilter/nf_flow_table_offload.c

+3 −3
Original line number Diff line number Diff line
@@ -383,12 +383,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule, 
				     const __be32 *addr, const __be32 *mask)

{

	struct flow_action_entry *entry;

	int i, j;

	int i;



	for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) {

	for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i++) {

		entry = flow_action_entry_next(flow_rule);

		flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6,

				    offset + i, &addr[j], mask);

				    offset + i * sizeof(u32), &addr[i], mask);

	}

}