Re: [PATCH nf-next] netfilter: Add native tproxy support for nf_tables

[kbuild test robot]

Hi Máté,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on nf-next/master]

url:    
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-Add-native-tproxy-support-for-nf_tables/20180620-222749
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: ia64-allmodconfig (attached as .config)
compiler: ia64-linux-gcc (GCC) 8.1.0
reproduce:
        wget 
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O 
~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        GCC_VERSION=8.1.0 make.cross ARCH=ia64 

All errors (new ones prefixed by >>):

   net/netfilter/nft_tproxy.c: In function 'nft_tproxy_eval_v4':
>> net/netfilter/nft_tproxy.c:65:3: error: implicit declaration of function 
>> 'nf_tproxy_assign_sock'; did you mean 'nf_tproxy_get_sock_v6'? 
>> [-Werror=implicit-function-declaration]
      nf_tproxy_assign_sock(skb, sk);
      ^~~~~~~~~~~~~~~~~~~~~
      nf_tproxy_get_sock_v6
   cc1: some warnings being treated as errors

vim +65 net/netfilter/nft_tproxy.c

    16  
    17  static void nft_tproxy_eval_v4(const struct nft_expr *expr,
    18                              struct nft_regs *regs,
    19                              const struct nft_pktinfo *pkt)
    20  {
    21          const struct nft_tproxy *priv = nft_expr_priv(expr);
    22          struct sk_buff *skb = pkt->skb;
    23          struct sock *sk = skb->sk;
    24          const struct iphdr *iph = ip_hdr(skb);
    25          struct udphdr _hdr, *hp;
    26          __be32 taddr = 0;
    27          __be16 tport = 0;
    28  
    29          hp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_hdr), 
&_hdr);
    30          if (!hp)
    31                  regs->verdict.code = NFT_BREAK;
    32  
    33          /* check if there's an ongoing connection on the packet
    34           * addresses, this happens if the redirect already happened
    35           * and the current packet belongs to an already established
    36           * connection */
    37          sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
    38                                     iph->saddr, iph->daddr,
    39                                     hp->source, hp->dest,
    40                                     skb->dev, 
NF_TPROXY_LOOKUP_ESTABLISHED);
    41  
    42          if (priv->sreg_addr)
    43                  taddr = regs->data[priv->sreg_addr];
    44          taddr = nf_tproxy_laddr4(skb, taddr, iph->daddr);
    45  
    46          if (priv->sreg_port) {
    47                  tport = regs->data[priv->sreg_port];
    48          }
    49          if (!tport)
    50                  tport = hp->dest;
    51  
    52          /* UDP has no TCP_TIME_WAIT state, so we never enter here */
    53          if (sk && sk->sk_state == TCP_TIME_WAIT)
    54                  /* reopening a TIME_WAIT connection needs special 
handling */
    55                  sk = nf_tproxy_handle_time_wait4(nft_net(pkt), skb, 
taddr, tport, sk);
    56          else if (!sk)
    57                  /* no, there's no established connection, check if
    58                   * there's a listener on the redirected addr/port */
    59                  sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, 
iph->protocol,
    60                                             iph->saddr, taddr,
    61                                             hp->source, tport,
    62                                             skb->dev, 
NF_TPROXY_LOOKUP_LISTENER);
    63  
    64          if (sk && nf_tproxy_sk_is_transparent(sk)) {
  > 65                  nf_tproxy_assign_sock(skb, sk);
    66          }
    67  }
    68  

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

.config.gz
Description: application/gzip