Hi Pablo, I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180517] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180518-093914 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: arm64-defconfig (attached as .config) compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=arm64 All errors (new ones prefixed by >>): net//netfilter/nf_conntrack_core.c: In function 'nf_conntrack_update': >> net//netfilter/nf_conntrack_core.c:1656:36: error: 'struct nf_conn' has no >> member named 'zone' h = nf_conntrack_find_get(net, &ct->zone, &tuple); ^~ vim +1656 net//netfilter/nf_conntrack_core.c 1609 1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb) 1611 { 1612 const struct nf_conntrack_l3proto *l3proto; 1613 const struct nf_conntrack_l4proto *l4proto; 1614 struct nf_conntrack_tuple_hash *h; 1615 struct nf_conntrack_tuple tuple; 1616 enum ip_conntrack_info ctinfo; 1617 struct nf_nat_hook *nat_hook; 1618 unsigned int dataoff, status; 1619 struct nf_conn *ct; 1620 u16 l3num; 1621 u8 l4num; 1622 1623 ct = nf_ct_get(skb, &ctinfo); 1624 if (!ct || nf_ct_is_confirmed(ct)) 1625 return 0; 1626 1627 l3num = nf_ct_l3num(ct); 1628 l3proto = nf_ct_l3proto_find_get(l3num); 1629 1630 if (l3proto->get_l4proto(skb, skb_network_offset(skb), &dataoff, 1631 &l4num) <= 0) 1632 return -1; 1633 1634 l4proto = nf_ct_l4proto_find_get(l3num, l4num); 1635 1636 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num, 1637 l4num, net, &tuple, l3proto, l4proto)) 1638 return -1; 1639 1640 if (ct->status & IPS_SRC_NAT) { 1641 memcpy(tuple.src.u3.all, 1642 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all, 1643 sizeof(tuple.src.u3.all)); 1644 tuple.src.u.all = 1645 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all; 1646 } 1647 1648 if (ct->status & IPS_DST_NAT) { 1649 memcpy(tuple.dst.u3.all, 1650 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all, 1651 sizeof(tuple.dst.u3.all)); 1652 tuple.dst.u.all = 1653 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all; 1654 } 1655 > 1656 h = nf_conntrack_find_get(net, &ct->zone, &tuple); 1657 if (!h) 1658 return 0; 1659 1660 /* Store status bits of the conntrack that is clashing to re-do NAT 1661 * mangling according to what it has been done already to this packet. 1662 */ 1663 status = ct->status; 1664 1665 nf_ct_put(ct); 1666 ct = nf_ct_tuplehash_to_ctrack(h); 1667 nf_ct_set(skb, ct, ctinfo); 1668 1669 nat_hook = rcu_dereference(nf_nat_hook); 1670 if (!nat_hook) 1671 return 0; 1672 1673 if (status & IPS_SRC_NAT && 1674 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC, 1675 IP_CT_DIR_ORIGINAL) == NF_DROP) 1676 return -1; 1677 1678 if (status & IPS_DST_NAT && 1679 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST, 1680 IP_CT_DIR_ORIGINAL) == NF_DROP) 1681 return -1; 1682 1683 return 0; 1684 } 1685 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
