Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next (9a255a06) · Commits · EulixOS / Software / Kernel

include/net/netfilter/ipv6/nf_conntrack_ipv6.h

+0 −3

Original line number	Diff line number	Diff line
		@@ -4,7 +4,4 @@

		extern const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6;

		#include <linux/sysctl.h>
		extern struct ctl_table nf_ct_ipv6_sysctl_table[];

		#endif /* _NF_CONNTRACK_IPV6_H*/

include/net/netfilter/nf_flow_table.h

+7 −7

Original line number	Diff line number	Diff line
		@@ -86,8 +86,8 @@ static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable)
		enum flow_offload_tuple_dir {
		FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL,
		FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY,
		FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX
		};
		#define FLOW_OFFLOAD_DIR_MAX IP_CT_DIR_MAX

		struct flow_offload_tuple {
		union {
		@@ -229,10 +229,10 @@ void nf_flow_table_free(struct nf_flowtable *flow_table);

		void flow_offload_teardown(struct flow_offload *flow);

		int nf_flow_snat_port(const struct flow_offload *flow,
		void nf_flow_snat_port(const struct flow_offload *flow,
		struct sk_buff *skb, unsigned int thoff,
		u8 protocol, enum flow_offload_tuple_dir dir);
		int nf_flow_dnat_port(const struct flow_offload *flow,
		void nf_flow_dnat_port(const struct flow_offload *flow,
		struct sk_buff *skb, unsigned int thoff,
		u8 protocol, enum flow_offload_tuple_dir dir);

include/net/netfilter/nf_tables.h

+6 −3

Original line number	Diff line number	Diff line
		@@ -1498,13 +1498,16 @@ struct nft_trans_chain {

		struct nft_trans_table {
		bool update;
		bool enable;
		u8 state;
		u32 flags;
		};

		#define nft_trans_table_update(trans) \
		(((struct nft_trans_table *)trans->data)->update)
		#define nft_trans_table_enable(trans) \
		(((struct nft_trans_table *)trans->data)->enable)
		#define nft_trans_table_state(trans) \
		(((struct nft_trans_table *)trans->data)->state)
		#define nft_trans_table_flags(trans) \
		(((struct nft_trans_table *)trans->data)->flags)

		struct nft_trans_elem {
		struct nft_set *set;

net/netfilter/nf_conntrack_proto_dccp.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -397,6 +397,7 @@ dccp_new(struct nf_conn ct, const struct sk_buff skb,
		msg = "not picking up existing connection ";
		goto out_invalid;
		}
		break;
		case CT_DCCP_REQUEST:
		break;
		case CT_DCCP_INVALID:

net/netfilter/nf_flow_table_core.c

+16 −41

Original line number	Diff line number	Diff line
		@@ -389,29 +389,20 @@ static void nf_flow_offload_work_gc(struct work_struct *work)
		queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ);
		}


		static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff,
		static void nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff,
		__be16 port, __be16 new_port)
		{
		struct tcphdr *tcph;

		if (skb_try_make_writable(skb, thoff + sizeof(*tcph)))
		return -1;

		tcph = (void *)(skb_network_header(skb) + thoff);
		inet_proto_csum_replace2(&tcph->check, skb, port, new_port, false);

		return 0;
		}

		static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff,
		static void nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff,
		__be16 port, __be16 new_port)
		{
		struct udphdr *udph;

		if (skb_try_make_writable(skb, thoff + sizeof(*udph)))
		return -1;

		udph = (void *)(skb_network_header(skb) + thoff);
		if (udph->check \|\| skb->ip_summed == CHECKSUM_PARTIAL) {
		inet_proto_csum_replace2(&udph->check, skb, port,
		@@ -419,37 +410,28 @@ static int nf_flow_nat_port_udp(struct sk_buff *skb, unsigned int thoff,
		if (!udph->check)
		udph->check = CSUM_MANGLED_0;
		}

		return 0;
		}

		static int nf_flow_nat_port(struct sk_buff *skb, unsigned int thoff,
		static void nf_flow_nat_port(struct sk_buff *skb, unsigned int thoff,
		u8 protocol, __be16 port, __be16 new_port)
		{
		switch (protocol) {
		case IPPROTO_TCP:
		if (nf_flow_nat_port_tcp(skb, thoff, port, new_port) < 0)
		return NF_DROP;
		nf_flow_nat_port_tcp(skb, thoff, port, new_port);
		break;
		case IPPROTO_UDP:
		if (nf_flow_nat_port_udp(skb, thoff, port, new_port) < 0)
		return NF_DROP;
		nf_flow_nat_port_udp(skb, thoff, port, new_port);
		break;
		}

		return 0;
		}

		int nf_flow_snat_port(const struct flow_offload *flow,
		void nf_flow_snat_port(const struct flow_offload *flow,
		struct sk_buff *skb, unsigned int thoff,
		u8 protocol, enum flow_offload_tuple_dir dir)
		{
		struct flow_ports *hdr;
		__be16 port, new_port;

		if (skb_try_make_writable(skb, thoff + sizeof(*hdr)))
		return -1;

		hdr = (void *)(skb_network_header(skb) + thoff);

		switch (dir) {
		@@ -463,24 +445,19 @@ int nf_flow_snat_port(const struct flow_offload *flow,
		new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.src_port;
		hdr->dest = new_port;
		break;
		default:
		return -1;
		}

		return nf_flow_nat_port(skb, thoff, protocol, port, new_port);
		nf_flow_nat_port(skb, thoff, protocol, port, new_port);
		}
		EXPORT_SYMBOL_GPL(nf_flow_snat_port);

		int nf_flow_dnat_port(const struct flow_offload *flow,
		struct sk_buff *skb, unsigned int thoff,
		u8 protocol, enum flow_offload_tuple_dir dir)
		void nf_flow_dnat_port(const struct flow_offload flow, struct sk_buff skb,
		unsigned int thoff, u8 protocol,
		enum flow_offload_tuple_dir dir)
		{
		struct flow_ports *hdr;
		__be16 port, new_port;

		if (skb_try_make_writable(skb, thoff + sizeof(*hdr)))
		return -1;

		hdr = (void *)(skb_network_header(skb) + thoff);

		switch (dir) {
		@@ -494,11 +471,9 @@ int nf_flow_dnat_port(const struct flow_offload *flow,
		new_port = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.dst_port;
		hdr->source = new_port;
		break;
		default:
		return -1;
		}

		return nf_flow_nat_port(skb, thoff, protocol, port, new_port);
		nf_flow_nat_port(skb, thoff, protocol, port, new_port);
		}
		EXPORT_SYMBOL_GPL(nf_flow_dnat_port);