Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next (805cb5aa) · Commits · EulixOS / Software / Kernel

include/net/netfilter/nf_conntrack_count.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -10,6 +10,7 @@ struct nf_conncount_data;

		struct nf_conncount_list {
		spinlock_t list_lock;
		u32 last_gc; /* jiffies at most recent gc */
		struct list_head head; /* connections with the same filtering key */
		unsigned int count; /* length of list */
		};

+1 −2

Original line number	Diff line number	Diff line
		@@ -45,8 +45,7 @@ int ip_route_me_harder(struct net net, struct sock sk, struct sk_buff *skb, un
		fl4.saddr = saddr;
		fl4.flowi4_tos = RT_TOS(iph->tos);
		fl4.flowi4_oif = sk ? sk->sk_bound_dev_if : 0;
		if (!fl4.flowi4_oif)
		fl4.flowi4_oif = l3mdev_master_ifindex(dev);
		fl4.flowi4_l3mdev = l3mdev_master_ifindex(dev);
		fl4.flowi4_mark = skb->mark;
		fl4.flowi4_flags = flags;
		fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys);

+1 −2

Original line number	Diff line number	Diff line
		@@ -31,6 +31,7 @@ int ip6_route_me_harder(struct net net, struct sock sk_partial, struct sk_buff
		int strict = (ipv6_addr_type(&iph->daddr) &
		(IPV6_ADDR_MULTICAST \| IPV6_ADDR_LINKLOCAL));
		struct flowi6 fl6 = {
		.flowi6_l3mdev = l3mdev_master_ifindex(dev),
		.flowi6_mark = skb->mark,
		.flowi6_uid = sock_net_uid(net, sk),
		.daddr = iph->daddr,
		@@ -42,8 +43,6 @@ int ip6_route_me_harder(struct net net, struct sock sk_partial, struct sk_buff
		fl6.flowi6_oif = sk->sk_bound_dev_if;
		else if (strict)
		fl6.flowi6_oif = dev->ifindex;
		else
		fl6.flowi6_oif = l3mdev_master_ifindex(dev);

		fib6_rules_early_flow_dissect(net, skb, &fl6, &flkeys);
		dst = ip6_route_output(net, sk, &fl6);

+11 −0

Original line number	Diff line number	Diff line
		@@ -132,6 +132,9 @@ static int __nf_conncount_add(struct net *net,
		struct nf_conn *found_ct;
		unsigned int collect = 0;

		if (time_is_after_eq_jiffies((unsigned long)list->last_gc))
		goto add_new_node;

		/* check the saved connections */
		list_for_each_entry_safe(conn, conn_n, &list->head, node) {
		if (collect > CONNCOUNT_GC_MAX_NODES)
		@@ -177,6 +180,7 @@ static int __nf_conncount_add(struct net *net,
		nf_ct_put(found_ct);
		}

		add_new_node:
		if (WARN_ON_ONCE(list->count > INT_MAX))
		return -EOVERFLOW;

		@@ -190,6 +194,7 @@ static int __nf_conncount_add(struct net *net,
		conn->jiffies32 = (u32)jiffies;
		list_add_tail(&conn->node, &list->head);
		list->count++;
		list->last_gc = (u32)jiffies;
		return 0;
		}

		@@ -214,6 +219,7 @@ void nf_conncount_list_init(struct nf_conncount_list *list)
		spin_lock_init(&list->list_lock);
		INIT_LIST_HEAD(&list->head);
		list->count = 0;
		list->last_gc = (u32)jiffies;
		}
		EXPORT_SYMBOL_GPL(nf_conncount_list_init);

		@@ -227,6 +233,10 @@ bool nf_conncount_gc_list(struct net *net,
		unsigned int collected = 0;
		bool ret = false;

		/* don't bother if we just did GC */
		if (time_is_after_eq_jiffies((unsigned long)READ_ONCE(list->last_gc)))
		return false;

		/* don't bother if other cpu is already doing GC */
		if (!spin_trylock(&list->list_lock))
		return false;
		@@ -258,6 +268,7 @@ bool nf_conncount_gc_list(struct net *net,

		if (!list->count)
		ret = true;
		list->last_gc = (u32)jiffies;
		spin_unlock(&list->list_lock);

		return ret;

+2 −0

Original line number	Diff line number	Diff line
		@@ -1714,6 +1714,7 @@ static int ctnetlink_done_list(struct netlink_callback *cb)
		return 0;
		}

		#ifdef CONFIG_NF_CONNTRACK_EVENTS
		static int ctnetlink_dump_one_entry(struct sk_buff *skb,
		struct netlink_callback *cb,
		struct nf_conn *ct,
		@@ -1754,6 +1755,7 @@ static int ctnetlink_dump_one_entry(struct sk_buff *skb,

		return res;
		}
		#endif

		static int
		ctnetlink_dump_unconfirmed(struct sk_buff skb, struct netlink_callback cb)