Re: [PATCH] netfilter: nf_conntrack_sip: add sip_external_media logic
Hi Alin,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf/master]
[also build test ERROR on v4.20-rc4 next-20181129]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Alin-Nastac/netfilter-nf_conntrack_sip-add-sip_external_media-logic/20181130-032136
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-randconfig-a0-11300811 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/nf_conntrack_sip.o: In function `ip6_route_output':
>> include/net/ip6_route.h:88: undefined reference to `ip6_route_output_flags'
vim +88 include/net/ip6_route.h
33bd5ac54 David Ahern 2018-07-03 74
5c3a0fd7d Joe Perches 2013-09-21 75 void ip6_route_input(struct sk_buff
*skb);
d409b8476 Mahesh Bandewar 2016-09-16 76 struct dst_entry
*ip6_route_input_lookup(struct net *net,
d409b8476 Mahesh Bandewar 2016-09-16 77
struct net_device *dev,
b75cc8f90 David Ahern 2018-03-02 78
struct flowi6 *fl6,
b75cc8f90 David Ahern 2018-03-02 79
const struct sk_buff *skb, int flags);
^1da177e4 Linus Torvalds 2005-04-16 80
6f21c96a7 Paolo Abeni 2016-01-29 81 struct dst_entry
*ip6_route_output_flags(struct net *net, const struct sock *sk,
6f21c96a7 Paolo Abeni 2016-01-29 82
struct flowi6 *fl6, int flags);
6f21c96a7 Paolo Abeni 2016-01-29 83
6f21c96a7 Paolo Abeni 2016-01-29 84 static inline struct dst_entry
*ip6_route_output(struct net *net,
6f21c96a7 Paolo Abeni 2016-01-29 85
const struct sock *sk,
6f21c96a7 Paolo Abeni 2016-01-29 86
struct flowi6 *fl6)
6f21c96a7 Paolo Abeni 2016-01-29 87 {
6f21c96a7 Paolo Abeni 2016-01-29 @88return
ip6_route_output_flags(net, sk, fl6, 0);
6f21c96a7 Paolo Abeni 2016-01-29 89 }
6f21c96a7 Paolo Abeni 2016-01-29 90
:: The code at line 88 was first introduced by commit
:: 6f21c96a78b835259546d8f3fb4edff0f651d478 ipv6: enforce flowi6_oif usage
in ip6_dst_lookup_tail()
:: TO: Paolo Abeni
:: CC: David S. Miller
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH] netfilter: nf_conntrack_sip: add sip_external_media logic
Hi Alin, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf/master] [also build test ERROR on v4.20-rc4 next-20181129] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Alin-Nastac/netfilter-nf_conntrack_sip-add-sip_external_media-logic/20181130-032136 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: powerpc-defconfig (attached as .config) compiler: powerpc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=7.2.0 make.cross ARCH=powerpc All errors (new ones prefixed by >>): >> ERROR: ".ip6_route_output_flags" [net/netfilter/nf_conntrack_sip.ko] >> undefined! --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf 2/2] netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-nf_-tcp-udp-sctp-icmp-dccp-icmpv6-generic-_pernet/20181102-101813
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: i386-randconfig-n3-11020807 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
In file included from net/netfilter/nfnetlink_cttimeout.c:31:0:
include/net/netfilter/nf_conntrack_timeout.h: In function 'nf_sctp_pernet':
include/net/netfilter/nf_conntrack_timeout.h:119:30: error: 'struct
nf_ip_net' has no member named 'sctp'; did you mean 'tcp'?
return >ct.nf_ct_proto.sctp;
^~~~
tcp
net/netfilter/nfnetlink_cttimeout.c: In function
'cttimeout_default_fill_info':
>> net/netfilter/nfnetlink_cttimeout.c:429:33: error: dereferencing pointer to
>> incomplete type 'struct nf_sctp_net'
timeouts = nf_sctp_pernet(net)->timeouts;
^~
vim +429 net/netfilter/nfnetlink_cttimeout.c
381
382 static int
383 cttimeout_default_fill_info(struct net *net, struct sk_buff *skb, u32
portid,
384 u32 seq, u32 type, int event, u16 l3num,
385 const struct nf_conntrack_l4proto *l4proto)
386 {
387 unsigned int *timeouts;
388 struct nlmsghdr *nlh;
389 struct nfgenmsg *nfmsg;
390 unsigned int flags = portid ? NLM_F_MULTI : 0;
391 struct nlattr *nest_parms;
392 int ret;
393
394 event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);
395 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
396 if (nlh == NULL)
397 goto nlmsg_failure;
398
399 nfmsg = nlmsg_data(nlh);
400 nfmsg->nfgen_family = AF_UNSPEC;
401 nfmsg->version = NFNETLINK_V0;
402 nfmsg->res_id = 0;
403
404 if (nla_put_be16(skb, CTA_TIMEOUT_L3PROTO, htons(l3num)) ||
405 nla_put_u8(skb, CTA_TIMEOUT_L4PROTO, l4proto->l4proto))
406 goto nla_put_failure;
407
408 nest_parms = nla_nest_start(skb, CTA_TIMEOUT_DATA |
NLA_F_NESTED);
409 if (!nest_parms)
410 goto nla_put_failure;
411
412 switch (l4proto->l4proto) {
413 case IPPROTO_ICMP:
414 timeouts = _icmp_pernet(net)->timeout;
415 break;
416 case IPPROTO_TCP:
417 timeouts = nf_tcp_pernet(net)->timeouts;
418 break;
419 case IPPROTO_UDP:
420 timeouts = nf_udp_pernet(net)->timeouts;
421 break;
422 case IPPROTO_DCCP:
423 timeouts = nf_dccp_pernet(net)->dccp_timeout;
424 break;
425 case IPPROTO_ICMPV6:
426 timeouts = _icmpv6_pernet(net)->timeout;
427 break;
428 case IPPROTO_SCTP:
> 429 timeouts = nf_sctp_pernet(net)->timeouts;
430 break;
431 case 255:
432 timeouts = _generic_pernet(net)->timeout;
433 break;
434 default:
435 WARN_ON_ONCE(1);
436 goto nla_put_failure;
437 }
438
439 ret = l4proto->ctnl_timeout.obj_to_nlattr(skb, timeouts);
440 if (ret < 0)
441 goto nla_put_failure;
442
443 nla_nest_end(skb, nest_parms);
444
445 nlmsg_end(skb, nlh);
446 return skb->len;
447
448 nlmsg_failure:
449 nla_put_failure:
450 nlmsg_cancel(skb, nlh);
451 return -1;
452 }
453
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf 1/2] netfilter: add nf_{tcp,udp,sctp,icmp,dccp,icmpv6,generic}_pernet()
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-nf_-tcp-udp-sctp-icmp-dccp-icmpv6-generic-_pernet/20181102-101813
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: i386-randconfig-x077-201843 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
In file included from net//netfilter/nf_conntrack_core.c:50:0:
include/net/netfilter/nf_conntrack_timeout.h: In function 'nf_dccp_pernet':
>> include/net/netfilter/nf_conntrack_timeout.h:114:30: error: 'struct
>> nf_ip_net' has no member named 'dccp'; did you mean 'tcp'?
return >ct.nf_ct_proto.dccp;
^~~~
tcp
include/net/netfilter/nf_conntrack_timeout.h: In function 'nf_sctp_pernet':
>> include/net/netfilter/nf_conntrack_timeout.h:119:30: error: 'struct
>> nf_ip_net' has no member named 'sctp'; did you mean 'tcp'?
return >ct.nf_ct_proto.sctp;
^~~~
tcp
vim +114 include/net/netfilter/nf_conntrack_timeout.h
111
112 static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net)
113 {
> 114 return >ct.nf_ct_proto.dccp;
115 }
116
117 static inline struct nf_sctp_net *nf_sctp_pernet(struct net *net)
118 {
> 119 return >ct.nf_ct_proto.sctp;
120 }
121
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:master 1/7] net/ipv4/netfilter/ipt_ECN.c:58:28: error: 'IPT_ECN_OP_SET_ECE' undeclared; did you mean 'IPT_ECN_OP_MATCH_ECE'?
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
head: 60dd57bba519ab75277df610d5d245ed3af3c57c
commit: 25038aaf0cbf7639a18f80aeddb325811aff23c3 [1/7] UAPI: netfilter: Fix
symbol collision issues [ver #2]
config: m68k-mvme16x_defconfig (attached as .config)
compiler: m68k-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
git checkout 25038aaf0cbf7639a18f80aeddb325811aff23c3
# save the attached .config to linux build tree
GCC_VERSION=7.2.0 make.cross ARCH=m68k
All errors (new ones prefixed by >>):
net/ipv4/netfilter/ipt_ECN.c: In function 'set_ect_tcp':
>> net/ipv4/netfilter/ipt_ECN.c:58:28: error: 'IPT_ECN_OP_SET_ECE' undeclared
>> (first use in this function); did you mean 'IPT_ECN_OP_MATCH_ECE'?
if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
^~
IPT_ECN_OP_MATCH_ECE
net/ipv4/netfilter/ipt_ECN.c:58:28: note: each undeclared identifier is
reported only once for each function it appears in
>> net/ipv4/netfilter/ipt_ECN.c:60:28: error: 'IPT_ECN_OP_SET_CWR' undeclared
>> (first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'?
(!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
^~
IPT_ECN_OP_SET_ECE
net/ipv4/netfilter/ipt_ECN.c: In function 'ecn_tg':
>> net/ipv4/netfilter/ipt_ECN.c:84:25: error: 'IPT_ECN_OP_SET_IP' undeclared
>> (first use in this function); did you mean 'IPT_ECN_OP_MATCH_IP'?
if (einfo->operation & IPT_ECN_OP_SET_IP)
^
IPT_ECN_OP_MATCH_IP
>> net/ipv4/netfilter/ipt_ECN.c:88:26: error: 'IPT_ECN_OP_SET_ECE' undeclared
>> (first use in this function); did you mean 'IPT_ECN_OP_SET_IP'?
if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) &&
^~
IPT_ECN_OP_SET_IP
net/ipv4/netfilter/ipt_ECN.c:88:47: error: 'IPT_ECN_OP_SET_CWR' undeclared
(first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'?
if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) &&
^~
IPT_ECN_OP_SET_ECE
net/ipv4/netfilter/ipt_ECN.c: In function 'ecn_tg_check':
>> net/ipv4/netfilter/ipt_ECN.c:101:25: error: 'IPT_ECN_OP_MASK' undeclared
>> (first use in this function); did you mean 'IPT_ECN_IP_MASK'?
if (einfo->operation & IPT_ECN_OP_MASK)
^~~
IPT_ECN_IP_MASK
net/ipv4/netfilter/ipt_ECN.c:107:27: error: 'IPT_ECN_OP_SET_ECE' undeclared
(first use in this function); did you mean 'IPT_ECN_OP_MATCH_ECE'?
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
^~
IPT_ECN_OP_MATCH_ECE
net/ipv4/netfilter/ipt_ECN.c:107:46: error: 'IPT_ECN_OP_SET_CWR' undeclared
(first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'?
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
^~
IPT_ECN_OP_SET_ECE
vim +58 net/ipv4/netfilter/ipt_ECN.c
^1da177e4 Linus Torvalds 2005-04-16 45
e1931b784 Jan Engelhardt 2007-07-07 46 /* Return false if there was an
error. */
e1931b784 Jan Engelhardt 2007-07-07 47 static inline bool
3db05fea5 Herbert Xu 2007-10-15 48 set_ect_tcp(struct sk_buff *skb,
const struct ipt_ECN_info *einfo)
^1da177e4 Linus Torvalds 2005-04-16 49 {
^1da177e4 Linus Torvalds 2005-04-16 50struct tcphdr _tcph, *tcph;
6a19d6147 Al Viro2006-09-28 51__be16 oldval;
^1da177e4 Linus Torvalds 2005-04-16 52
af901ca18 André Goddard Rosa 2009-11-14 53/* Not enough header? */
3db05fea5 Herbert Xu 2007-10-15 54tcph = skb_header_pointer(skb,
ip_hdrlen(skb), sizeof(_tcph), &_tcph);
^1da177e4 Linus Torvalds 2005-04-16 55if (!tcph)
e1931b784 Jan Engelhardt 2007-07-07 56return false;
^1da177e4 Linus Torvalds 2005-04-16 57
fd841326d Patrick McHardy2005-08-20 @58if ((!(einfo->operation &
IPT_ECN_OP_SET_ECE) ||
fd841326d Patrick McHardy2005-08-20 59 tcph->ece ==
einfo->proto.tcp.ece) &&
7c4e36bc1 Jan Engelhardt 2007-07-07 @60(!(einfo->operation &
IPT_ECN_OP_SET_CWR) ||
7c4e36bc1 Jan Engelhardt 2007-07-07 61 tcph->cwr ==
einfo->proto.tcp.cwr))
e1931b784 Jan Engelhardt 2007-07-07 62return true;
^1da177e4 Linus Torvalds 2005-04-16 63
3db05fea5 Herbert Xu
Re: [PATCH nf-next 7/8] netfilter: conntrack: remove l3->l4 mapping information
Hi Florian,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-pass-nf_hook_state-to-packet-and-error-handlers/20180914-024412
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-s1-201836 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
>> net//netfilter/nf_conntrack_proto.c:864:3: error:
>> 'nf_conntrack_l4proto_udplite' undeclared here (not in a function)
_conntrack_l4proto_udplite,
^~~~
vim +/nf_conntrack_l4proto_udplite +864 net//netfilter/nf_conntrack_proto.c
853
854 static const struct nf_conntrack_l4proto * const builtin_l4proto[] = {
855 _conntrack_l4proto_tcp,
856 _conntrack_l4proto_udp,
857 _conntrack_l4proto_icmp,
858 #ifdef CONFIG_NF_CT_PROTO_DCCP
859 _conntrack_l4proto_dccp,
860 #endif
861 #ifdef CONFIG_NF_CT_PROTO_SCTP
862 _conntrack_l4proto_sctp,
863 #endif
> 864 _conntrack_l4proto_udplite,
865 #if IS_ENABLED(CONFIG_IPV6)
866 _conntrack_l4proto_icmpv6,
867 #endif /* CONFIG_IPV6 */
868 };
869
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next 7/8] netfilter: conntrack: remove l3->l4 mapping information
Hi Florian,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-pass-nf_hook_state-to-packet-and-error-handlers/20180914-024412
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-x012-201836 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
>> net//netfilter/nf_conntrack_proto.c:864:3: error:
>> 'nf_conntrack_l4proto_udplite' undeclared here (not in a function); did you
>> mean 'nf_conntrack_l4proto_udp'?
_conntrack_l4proto_udplite,
^~~~
nf_conntrack_l4proto_udp
vim +864 net//netfilter/nf_conntrack_proto.c
853
854 static const struct nf_conntrack_l4proto * const builtin_l4proto[] = {
855 _conntrack_l4proto_tcp,
856 _conntrack_l4proto_udp,
857 _conntrack_l4proto_icmp,
858 #ifdef CONFIG_NF_CT_PROTO_DCCP
859 _conntrack_l4proto_dccp,
860 #endif
861 #ifdef CONFIG_NF_CT_PROTO_SCTP
862 _conntrack_l4proto_sctp,
863 #endif
> 864 _conntrack_l4proto_udplite,
865 #if IS_ENABLED(CONFIG_IPV6)
866 _conntrack_l4proto_icmpv6,
867 #endif /* CONFIG_IPV6 */
868 };
869
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:master 15/20] net/netfilter/nft_tunnel.c:117:25: sparse: incorrect type in assignment (different base types)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
head: 020f6cc5f75511c5974cfd454f224365bc0c2df4
commit: af308b94a2a4a5a27bec9028354c4df444a7c8ba [15/20] netfilter: nf_tables:
add tunnel support
reproduce:
# apt-get install sparse
git checkout af308b94a2a4a5a27bec9028354c4df444a7c8ba
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/nft_tunnel.c:117:25: sparse: incorrect type in assignment
>> (different base types) @@expected unsigned int [unsigned] [usertype]
>> flags @@got ed int [unsigned] [usertype] flags @@
net/netfilter/nft_tunnel.c:117:25:expected unsigned int [unsigned]
[usertype] flags
net/netfilter/nft_tunnel.c:117:25:got restricted __be16 [usertype]
net/netfilter/nft_tunnel.c:166:25: sparse: incorrect type in assignment
(different base types) @@expected unsigned int [unsigned] [usertype] flags
@@got ed int [unsigned] [usertype] flags @@
net/netfilter/nft_tunnel.c:166:25:expected unsigned int [unsigned]
[usertype] flags
net/netfilter/nft_tunnel.c:166:25:got restricted __be16 [usertype]
>> net/netfilter/nft_tunnel.c:242:33: sparse: incorrect type in assignment
>> (different base types) @@expected restricted __be16 [addressable]
>> [assigned] [usertype] tp_src @@got e] tp_src @@
net/netfilter/nft_tunnel.c:242:33:expected restricted __be16
[addressable] [assigned] [usertype] tp_src
net/netfilter/nft_tunnel.c:242:33:got int
>> net/netfilter/nft_tunnel.c:246:33: sparse: incorrect type in assignment
>> (different base types) @@expected restricted __be16 [addressable]
>> [assigned] [usertype] tp_dst @@got e] tp_dst @@
net/netfilter/nft_tunnel.c:246:33:expected restricted __be16
[addressable] [assigned] [usertype] tp_dst
net/netfilter/nft_tunnel.c:246:33:got int
>> net/netfilter/nft_tunnel.c:284:43: sparse: incorrect type in argument 4
>> (different base types) @@expected restricted __be16 [usertype] flags @@
>> got unsignrestricted __be16 [usertype] flags @@
net/netfilter/nft_tunnel.c:284:43:expected restricted __be16 [usertype]
flags
net/netfilter/nft_tunnel.c:284:43:got unsigned int [unsigned] [usertype]
flags
>> net/netfilter/nft_tunnel.c:342:27: sparse: restricted __be16 degrades to
>> integer
net/netfilter/nft_tunnel.c:346:34: sparse: restricted __be16 degrades to
integer
>> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16
>> net/netfilter/nft_tunnel.c:370:54: sparse: incorrect type in argument 1
>> (different base types) @@expected unsigned short [unsigned] [usertype]
>> val @@got short [unsigned] [usertype] val @@
net/netfilter/nft_tunnel.c:370:54:expected unsigned short [unsigned]
[usertype] val
net/netfilter/nft_tunnel.c:370:54:got restricted __be16 [usertype] tp_src
>> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16
>> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16
net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16
net/netfilter/nft_tunnel.c:371:54: sparse: incorrect type in argument 1
(different base types) @@expected unsigned short [unsigned] [usertype] val
@@got short [unsigned] [usertype] val @@
net/netfilter/nft_tunnel.c:371:54:expected unsigned short [unsigned]
[usertype] val
net/netfilter/nft_tunnel.c:371:54:got restricted __be16 [usertype] tp_dst
net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16
net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16
vim +117 net/netfilter/nft_tunnel.c
99
100 static int nft_tunnel_obj_vxlan_init(const struct nlattr *attr,
101 struct nft_tunnel_opts *opts)
102 {
103 struct nlattr *tb[NFTA_TUNNEL_KEY_VXLAN_MAX + 1];
104 int err;
105
106 err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_VXLAN_MAX, attr,
107 nft_tunnel_opts_vxlan_policy, NULL);
108 if (err < 0)
109 return err;
110
111 if (!tb[NFTA_TUNNEL_KEY_VXLAN_GBP])
112 return -EINVAL;
113
114 opts->u.vxlan.gbp =
ntohl(nla_get_be32(tb[NFTA_TUNNEL_KEY_VXLAN_GBP]));
115
116 opts->len = sizeof(struct vxlan_metadata);
> 117 opts->flags = TUNNEL_VXLAN_OPT;
118
119 return 0;
120 }
121
122 static const struct nla_policy
nft_tunnel_opts_erspan_policy[NFTA_TUNNEL_KEY_ERSPAN_MAX + 1] = {
123 [NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX] = { .type = NLA_U32 },
124 [NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] = { .type = NLA_U8 },
125 [NFTA_TUNNEL_KEY_ERSPAN_V2_HWID]= { .type = NLA_U8 },
126 };
127
128 static int
Re: [PATCH nf-next v10] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180802-001147
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-randconfig-ne0-08012247 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy':
>> net/netfilter/nft_ct.c:899:3: error: implicit declaration of function
>> 'nf_ct_untimeout' [-Werror=implicit-function-declaration]
nf_ct_untimeout(ctx->net, priv->timeout);
^~~
cc1: some warnings being treated as errors
vim +/nf_ct_untimeout +899 net/netfilter/nft_ct.c
888
889 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx,
890 struct nft_object *obj)
891 {
892 struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
893
894 nf_ct_tmpl_free(priv->tmpl);
895
896 if (refcount_dec_if_one(>timeout->refcnt)) {
897 nf_ct_l4proto_put(priv->timeout->l4proto);
898 list_del_rcu(>timeout->head);
> 899 nf_ct_untimeout(ctx->net, priv->timeout);
900 }
901 }
902
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next v10] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180802-001147
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: xtensa-allyesconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 8.1.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=8.1.0 make.cross ARCH=xtensa
All errors (new ones prefixed by >>):
net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy':
>> net//netfilter/nft_ct.c:899:3: error: implicit declaration of function
>> 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'?
>> [-Werror=implicit-function-declaration]
nf_ct_untimeout(ctx->net, priv->timeout);
^~~
nf_ct_netns_put
cc1: some warnings being treated as errors
vim +899 net//netfilter/nft_ct.c
888
889 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx,
890 struct nft_object *obj)
891 {
892 struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
893
894 nf_ct_tmpl_free(priv->tmpl);
895
896 if (refcount_dec_if_one(>timeout->refcnt)) {
897 nf_ct_l4proto_put(priv->timeout->l4proto);
898 list_del_rcu(>timeout->head);
> 899 nf_ct_untimeout(ctx->net, priv->timeout);
900 }
901 }
902
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:master 5/7] ./usr/include/linux/netfilter/nf_osf.h:73: userspace cannot reference function or variable defined in the kernel
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 4ed8eb6570a49931c705512060acd50058d61616 commit: f9324952088f1cd62ea4addf9ff532f1e6452a22 [5/7] netfilter: nfnetlink_osf: extract nfnetlink_subsystem code from xt_osf.c config: i386-randconfig-a1-07310851 (attached as .config) compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4 reproduce: git checkout f9324952088f1cd62ea4addf9ff532f1e6452a22 # save the attached .config to linux build tree make ARCH=i386 All warnings (new ones prefixed by >>): >> ./usr/include/linux/netfilter/nf_osf.h:73: userspace cannot reference >> function or variable defined in the kernel --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next v9] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180724-145908
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: openrisc-allmodconfig (attached as .config)
compiler: or1k-linux-gcc (GCC) 6.0.0 20160327 (experimental)
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=openrisc
All errors (new ones prefixed by >>):
net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy':
>> net//netfilter/nft_ct.c:897:3: error: implicit declaration of function
>> 'nf_ct_untimeout' [-Werror=implicit-function-declaration]
nf_ct_untimeout(ctx->net, priv->timeout);
^~~
cc1: some warnings being treated as errors
vim +/nf_ct_untimeout +897 net//netfilter/nft_ct.c
886
887 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx,
888 struct nft_object *obj)
889 {
890 struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
891
892 nf_ct_tmpl_free(priv->tmpl);
893
894 if (refcount_dec_if_one(>timeout->refcnt)) {
895 nf_ct_l4proto_put(priv->timeout->l4proto);
896 list_del_rcu(>timeout->head);
> 897 nf_ct_untimeout(ctx->net, priv->timeout);
898 }
899 }
900
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next v9] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180724-145908
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-x077-201829 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy':
>> net//netfilter/nft_ct.c:897:3: error: implicit declaration of function
>> 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'?
>> [-Werror=implicit-function-declaration]
nf_ct_untimeout(ctx->net, priv->timeout);
^~~
nf_ct_netns_put
cc1: some warnings being treated as errors
vim +897 net//netfilter/nft_ct.c
886
887 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx,
888 struct nft_object *obj)
889 {
890 struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
891
892 nf_ct_tmpl_free(priv->tmpl);
893
894 if (refcount_dec_if_one(>timeout->refcnt)) {
895 nf_ct_l4proto_put(priv->timeout->l4proto);
896 list_del_rcu(>timeout->head);
> 897 nf_ct_untimeout(ctx->net, priv->timeout);
898 }
899 }
900
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next] netfilter: cttimeout: move ctnl_untimeout to nf_conntrack
Hi Harsha,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-cttimeout-move-ctnl_untimeout-to-nf_conntrack/20180714-095352
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/nf_conntrack_timeout.c:38:62: sparse: incompatible types in
>> comparison expression (different base types)
vim +38 net/netfilter/nf_conntrack_timeout.c
33
34 static int untimeout(struct nf_conn *ct, void *timeout)
35 {
36 struct nf_conn_timeout *timeout_ext = nf_ct_timeout_find(ct);
37
> 38 if (timeout_ext && (!timeout || timeout_ext->timeout ==
timeout))
39 RCU_INIT_POINTER(timeout_ext->timeout, NULL);
40
41 /* We are not intended to delete this conntrack. */
42 return 0;
43 }
44
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next v7] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180714-095128
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-allmodconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
>> net/netfilter/nft_ct.c:1106:11: error: 'nft_ct_timeout_obj_eval' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_ops'?
.eval = nft_ct_timeout_obj_eval,
^~~
nft_ct_timeout_obj_ops
>> net/netfilter/nft_ct.c:1107:11: error: 'nft_ct_timeout_obj_init' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_eval'?
.init = nft_ct_timeout_obj_init,
^~~
nft_ct_timeout_obj_eval
>> net/netfilter/nft_ct.c:1108:13: error: 'nft_ct_timeout_obj_destroy'
>> undeclared here (not in a function); did you mean 'nft_ct_timeout_obj_init'?
.destroy = nft_ct_timeout_obj_destroy,
^~
nft_ct_timeout_obj_init
>> net/netfilter/nft_ct.c:1109:11: error: 'nft_ct_timeout_obj_dump' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_init'?
.dump = nft_ct_timeout_obj_dump,
^~~
nft_ct_timeout_obj_init
vim +1106 net/netfilter/nft_ct.c
1101
1102 static struct nft_object_type nft_ct_timeout_obj_type;
1103 static const struct nft_object_ops nft_ct_timeout_obj_ops = {
1104 .type = _ct_timeout_obj_type,
1105 .size = sizeof(struct nft_ct_timeout_obj),
> 1106 .eval = nft_ct_timeout_obj_eval,
> 1107 .init = nft_ct_timeout_obj_init,
> 1108 .destroy= nft_ct_timeout_obj_destroy,
> 1109 .dump = nft_ct_timeout_obj_dump,
1110 };
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next] netfilter: cttimeout: move ctnl_untimeout to nf_conntrack
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-cttimeout-move-ctnl_untimeout-to-nf_conntrack/20180714-095352
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-x015-201827 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net//netfilter/nfnetlink_cttimeout.c: In function 'ctnl_timeout_try_del':
>> net//netfilter/nfnetlink_cttimeout.c:312:3: error: implicit declaration of
>> function 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'?
>> [-Werror=implicit-function-declaration]
nf_ct_untimeout(net, timeout);
^~~
nf_ct_netns_put
cc1: some warnings being treated as errors
vim +312 net//netfilter/nfnetlink_cttimeout.c
299
300 /* try to delete object, fail if it is still in use. */
301 static int ctnl_timeout_try_del(struct net *net, struct ctnl_timeout
*timeout)
302 {
303 int ret = 0;
304
305 /* We want to avoid races with ctnl_timeout_put. So only when
the
306 * current refcnt is 1, we decrease it to 0.
307 */
308 if (refcount_dec_if_one(>refcnt)) {
309 /* We are protected by nfnl mutex. */
310 list_del_rcu(>head);
311 nf_ct_l4proto_put(timeout->l4proto);
> 312 nf_ct_untimeout(net, timeout);
313 kfree_rcu(timeout, rcu_head);
314 } else {
315 ret = -EBUSY;
316 }
317 return ret;
318 }
319
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next v7] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180714-095128
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-x015-201827 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net/netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy':
>> net/netfilter/nft_ct.c:901:3: error: implicit declaration of function
>> 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'?
>> [-Werror=implicit-function-declaration]
nf_ct_untimeout(ctx->net, priv->timeout);
^~~
nf_ct_netns_put
cc1: some warnings being treated as errors
vim +901 net/netfilter/nft_ct.c
890
891 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx,
892 struct nft_object *obj)
893 {
894 struct nft_ct_timeout_obj *priv = nft_obj_data(obj);
895
896 nf_ct_tmpl_free(priv->tmpl);
897
898 if (refcount_dec_if_one(>timeout->refcnt)) {
899 nf_ct_l4proto_put(priv->timeout->l4proto);
900 list_del_rcu(>timeout->head);
> 901 nf_ct_untimeout(ctx->net, priv->timeout);
902 }
903 }
904
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next 3/3] netfilter: nf_osf: add nf_osf_find()
Hi Pablo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_osf-add-nf_osf_match_one/20180714-051307
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/nf_osf.c:267:24: sparse: Using plain integer as NULL pointer
vim +267 net/netfilter/nf_osf.c
251
252 const char *nf_osf_find(const struct sk_buff *skb,
253 const struct list_head *nf_osf_fingers)
254 {
255 const struct iphdr *ip = ip_hdr(skb);
256 const struct nf_osf_user_finger *f;
257 unsigned char opts[MAX_IPOPTLEN];
258 const struct nf_osf_finger *kf;
259 struct nf_osf_hdr_ctx ctx;
260 const struct tcphdr *tcp;
261 const char *genre = NULL;
262
263 memset(, 0, sizeof(ctx));
264
265 tcp = nf_osf_hdr_ctx_init(, skb, ip, opts);
266 if (!tcp)
> 267 return false;
268
269 list_for_each_entry_rcu(kf, _osf_fingers[ctx.df],
finger_entry) {
270 f = >finger;
271 if (!nf_osf_match_one(skb, f, -1, ))
272 continue;
273
274 genre = f->genre;
275 break;
276 }
277
278 return genre;
279 }
280 EXPORT_SYMBOL_GPL(nf_osf_find);
281
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/2 WIP nf-next] netfilter: implement Passive OS fingerprint module in nft_osf
Hi Fernando,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/netfilter-implement-Passive-OS-fingerprint-module-in-nft_osf/20180712-203655
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: ia64-allmodconfig (attached as .config)
compiler: ia64-linux-gcc (GCC) 8.1.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=8.1.0 make.cross ARCH=ia64
Note: the
linux-review/Fernando-Fernandez-Mancera/netfilter-implement-Passive-OS-fingerprint-module-in-nft_osf/20180712-203655
HEAD da6169296e9d1fd467a0717ebcdd42305488927d builds fine.
It only hurts bisectibility.
All errors (new ones prefixed by >>):
In file included from include/linux/netfilter/nf_osf.h:1,
from net/netfilter/nft_osf.c:2:
>> include/uapi/linux/netfilter/nf_osf.h:66:24: error: 'MAX_IPOPTLEN'
>> undeclared here (not in a function); did you mean 'MAY_OPEN'?
struct nf_osf_opt opt[MAX_IPOPTLEN];
^~~~
MAY_OPEN
>> include/uapi/linux/netfilter/nf_osf.h:71:17: error: field 'ip' has
>> incomplete type
struct iphdr ip;
^~
>> include/uapi/linux/netfilter/nf_osf.h:72:18: error: field 'tcp' has
>> incomplete type
struct tcphdr tcp;
^~~
>> net/netfilter/nft_osf.c:20:47: error: 'NFTA_OSF_MAX' undeclared here (not in
>> a function); did you mean 'NFTA_OBJ_MAX'?
static const struct nla_policy nft_osf_policy[NFTA_OSF_MAX + 1] = {
^~~~
NFTA_OBJ_MAX
>> net/netfilter/nft_osf.c:21:3: error: 'NFTA_OSF_GENRE' undeclared here (not
>> in a function); did you mean 'NF_OSF_GENRE'?
[NFTA_OSF_GENRE] = { .type = NLA_STRING, .len = OSF_GENRE_SIZE },
^~
NF_OSF_GENRE
>> net/netfilter/nft_osf.c:21:3: error: array index in initializer not of
>> integer type
net/netfilter/nft_osf.c:21:3: note: (near initialization for
'nft_osf_policy')
>> net/netfilter/nft_osf.c:21:23: error: field name not in record or union
>> initializer
[NFTA_OSF_GENRE] = { .type = NLA_STRING, .len = OSF_GENRE_SIZE },
^
net/netfilter/nft_osf.c:21:23: note: (near initialization for
'nft_osf_policy')
net/netfilter/nft_osf.c:21:43: error: field name not in record or union
initializer
[NFTA_OSF_GENRE] = { .type = NLA_STRING, .len = OSF_GENRE_SIZE },
^
net/netfilter/nft_osf.c:21:43: note: (near initialization for
'nft_osf_policy')
>> net/netfilter/nft_osf.c:22:3: error: 'NFTA_OSF_FLAGS' undeclared here (not
>> in a function); did you mean 'NFTA_FIB_FLAGS'?
[NFTA_OSF_FLAGS] = { .type = NLA_U32 },
^~
NFTA_FIB_FLAGS
net/netfilter/nft_osf.c:22:3: error: array index in initializer not of
integer type
net/netfilter/nft_osf.c:22:3: note: (near initialization for
'nft_osf_policy')
net/netfilter/nft_osf.c:22:23: error: field name not in record or union
initializer
[NFTA_OSF_FLAGS] = { .type = NLA_U32 },
^
net/netfilter/nft_osf.c:22:23: note: (near initialization for
'nft_osf_policy')
>> net/netfilter/nft_osf.c:23:3: error: 'NFTA_OSF_LOGLEVEL' undeclared here
>> (not in a function); did you mean 'NFTA_LOG_LEVEL'?
[NFTA_OSF_LOGLEVEL] = { .type = NLA_U32 },
^
NFTA_LOG_LEVEL
net/netfilter/nft_osf.c:23:3: error: array index in initializer not of
integer type
net/netfilter/nft_osf.c:23:3: note: (near initialization for
'nft_osf_policy')
net/netfilter/nft_osf.c:23:26: error: field name not in record or union
initializer
[NFTA_OSF_LOGLEVEL] = { .type = NLA_U32 },
^
net/netfilter/nft_osf.c:23:26: note: (near initialization for
'nft_osf_policy')
>> net/netfilter/nft_osf.c:24:3: error: 'NFTA_OSF_TTL' undeclared here (not in
>> a function); did you mean 'NF_OSF_TTL'?
[NFTA_OSF_TTL] = { .type = NLA_U32 },
^~~~
NF_OSF_TTL
net/netfilter/nft_osf.c:24:3: error: array index in initializer not of
integer type
net/netfilter/nft_osf.c:24:3: note: (near initialization for
'nft_osf_policy')
net/netfilter/nft_osf.c:24:22: error: field name not in record or union
initializer
[NFTA_OSF_TTL] = { .type = NLA_U32 },
^
net/netfilter/nft_osf.c:24:22: note: (near initialization for
'nft_osf_policy')
net/netfilter/nft_osf.c:20:32: warning: 'nft_osf_policy' defined but not
used [-Wunused-variable]
static const struct nla_policy nft_osf_policy[NFTA_OSF_MAX + 1] = {
Re: [PATCH nf-next v6] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180706-074958
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-fedora-25 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
>> net/netfilter/nft_ct.c:1114:11: error: 'nft_ct_timeout_obj_eval' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_ops'?
.eval = nft_ct_timeout_obj_eval,
^~~
nft_ct_timeout_obj_ops
>> net/netfilter/nft_ct.c:1115:11: error: 'nft_ct_timeout_obj_init' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_eval'?
.init = nft_ct_timeout_obj_init,
^~~
nft_ct_timeout_obj_eval
>> net/netfilter/nft_ct.c:1116:13: error: 'nft_ct_timeout_obj_destroy'
>> undeclared here (not in a function); did you mean 'nft_ct_timeout_obj_init'?
.destroy = nft_ct_timeout_obj_destroy,
^~
nft_ct_timeout_obj_init
>> net/netfilter/nft_ct.c:1117:11: error: 'nft_ct_timeout_obj_dump' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_init'?
.dump = nft_ct_timeout_obj_dump,
^~~
nft_ct_timeout_obj_init
vim +1114 net/netfilter/nft_ct.c
1109
1110 static struct nft_object_type nft_ct_timeout_obj_type;
static const struct nft_object_ops nft_ct_timeout_obj_ops = {
1112 .type = _ct_timeout_obj_type,
1113 .size = sizeof(struct nft_ct_timeout_obj),
> 1114 .eval = nft_ct_timeout_obj_eval,
> 1115 .init = nft_ct_timeout_obj_init,
> 1116 .destroy= nft_ct_timeout_obj_destroy,
> 1117 .dump = nft_ct_timeout_obj_dump,
1118 };
1119
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next v5] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180706-001529
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-x013-201826 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
>> net/netfilter/nft_ct.c:1115:11: error: 'nft_ct_timeout_obj_eval' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_ops'?
.eval = nft_ct_timeout_obj_eval,
^~~
nft_ct_timeout_obj_ops
>> net/netfilter/nft_ct.c:1116:11: error: 'nft_ct_timeout_obj_init' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_eval'?
.init = nft_ct_timeout_obj_init,
^~~
nft_ct_timeout_obj_eval
>> net/netfilter/nft_ct.c:1117:13: error: 'nft_ct_timeout_obj_destroy'
>> undeclared here (not in a function); did you mean 'nft_ct_timeout_obj_init'?
.destroy = nft_ct_timeout_obj_destroy,
^~
nft_ct_timeout_obj_init
>> net/netfilter/nft_ct.c:1118:11: error: 'nft_ct_timeout_obj_dump' undeclared
>> here (not in a function); did you mean 'nft_ct_timeout_obj_init'?
.dump = nft_ct_timeout_obj_dump,
^~~
nft_ct_timeout_obj_init
vim +1115 net/netfilter/nft_ct.c
1110
static struct nft_object_type nft_ct_timeout_obj_type;
1112 static const struct nft_object_ops nft_ct_timeout_obj_ops = {
1113 .type = _ct_timeout_obj_type,
1114 .size = sizeof(struct nft_ct_timeout_obj),
> 1115 .eval = nft_ct_timeout_obj_eval,
> 1116 .init = nft_ct_timeout_obj_init,
> 1117 .destroy= nft_ct_timeout_obj_destroy,
> 1118 .dump = nft_ct_timeout_obj_dump,
1119 };
1120
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next 6/8] netfilter: conntrack: avoid l4proto pkt_to_tuple calls
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-remove-ctnetlink-callbacks-from-l3-protocol-trackers/20180629-053035
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/nf_conntrack_core.c:281:34: sparse: cast to restricted __be16
>> net/netfilter/nf_conntrack_core.c:281:34: sparse: cast from restricted __be32
>> net/netfilter/nf_conntrack_core.c:282:42: sparse: restricted __be32 degrades
>> to integer
net/netfilter/nf_conntrack_core.c:282:34: sparse: cast to restricted __be16
net/netfilter/nf_conntrack_core.c:1998:9: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_conntrack_core.c:2328:9: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_conntrack_core.c:117:13: sparse: context imbalance in
'nf_conntrack_double_unlock' - unexpected unlock
net/netfilter/nf_conntrack_core.c:127:13: sparse: context imbalance in
'nf_conntrack_double_lock' - wrong count at exit
net/netfilter/nf_conntrack_core.c:157:9: sparse: context imbalance in
'nf_conntrack_all_lock' - wrong count at exit
net/netfilter/nf_conntrack_core.c:168:13: sparse: context imbalance in
'nf_conntrack_all_unlock' - unexpected unlock
net/netfilter/nf_conntrack_core.c:1825:28: sparse: context imbalance in
'get_next_corpse' - unexpected unlock
vim +281 net/netfilter/nf_conntrack_core.c
224
225 static bool
226 nf_ct_get_tuple(const struct sk_buff *skb,
227 unsigned int nhoff,
228 unsigned int dataoff,
229 u_int16_t l3num,
230 u_int8_t protonum,
231 struct net *net,
232 struct nf_conntrack_tuple *tuple,
233 const struct nf_conntrack_l4proto *l4proto)
234 {
235 unsigned int size;
236 const __be32 *ap;
237 __be32 _addrs[8];
238
239 memset(tuple, 0, sizeof(*tuple));
240
241 tuple->src.l3num = l3num;
242 switch (l3num) {
243 case NFPROTO_IPV4:
244 nhoff += offsetof(struct iphdr, saddr);
245 size = 2 * sizeof(__be32);
246 break;
247 case NFPROTO_IPV6:
248 nhoff += offsetof(struct ipv6hdr, saddr);
249 size = sizeof(_addrs);
250 break;
251 default:
252 return true;
253 }
254
255 ap = skb_header_pointer(skb, nhoff, size, _addrs);
256 if (!ap)
257 return false;
258
259 switch (l3num) {
260 case NFPROTO_IPV4:
261 tuple->src.u3.ip = ap[0];
262 tuple->dst.u3.ip = ap[1];
263 break;
264 case NFPROTO_IPV6:
265 memcpy(tuple->src.u3.ip6, ap,
sizeof(tuple->src.u3.ip6));
266 memcpy(tuple->dst.u3.ip6, ap + 4,
sizeof(tuple->dst.u3.ip6));
267 break;
268 }
269
270 tuple->dst.protonum = protonum;
271 tuple->dst.dir = IP_CT_DIR_ORIGINAL;
272
273 if (unlikely(l4proto->pkt_to_tuple))
274 return l4proto->pkt_to_tuple(skb, dataoff, net, tuple);
275
276 /* Actually only need first 4 bytes to get ports. */
277 ap = skb_header_pointer(skb, dataoff, sizeof(*ap), &_addrs);
278 if (ap == NULL)
279 return false;
280
> 281 tuple->src.u.udp.port = (__be16)*ap;
> 282 tuple->dst.u.udp.port = (__be16)(*ap >> 16);
283 return true;
284 }
285
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 8/8] netfilter: conntrack: remove l3proto abstraction
Hi Florian,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-remove-ctnetlink-callbacks-from-l3-protocol-trackers/20180629-053035
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-x070-201825 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All error/warnings (new ones prefixed by >>):
net/netfilter/nf_conntrack_proto.c: In function 'nf_ct_netns_do_put':
>> net/netfilter/nf_conntrack_proto.c:836:33: error: 'ipv6_conntrack_ops'
>> undeclared (first use in this function); did you mean 'ipv4_conntrack_ops'?
nf_unregister_net_hooks(net, ipv6_conntrack_ops,
^~
ipv4_conntrack_ops
net/netfilter/nf_conntrack_proto.c:836:33: note: each undeclared identifier
is reported only once for each function it appears in
In file included from include/linux/kernel.h:15:0,
from include/linux/skbuff.h:17,
from include/linux/netfilter.h:6,
from net/netfilter/nf_conntrack_proto.c:4:
>> include/linux/build_bug.h:29:45: error: bit-field '' width not an
>> integer constant
#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
^
include/linux/compiler-gcc.h:65:28: note: in expansion of macro
'BUILD_BUG_ON_ZERO'
#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
^
include/linux/kernel.h:72:59: note: in expansion of macro '__must_be_array'
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) +
__must_be_array(arr))
^~~
>> net/netfilter/nf_conntrack_proto.c:837:7: note: in expansion of macro
>> 'ARRAY_SIZE'
ARRAY_SIZE(ipv6_conntrack_ops));
^~
--
net//netfilter/nf_conntrack_proto.c: In function 'nf_ct_netns_do_put':
net//netfilter/nf_conntrack_proto.c:836:33: error: 'ipv6_conntrack_ops'
undeclared (first use in this function); did you mean 'ipv4_conntrack_ops'?
nf_unregister_net_hooks(net, ipv6_conntrack_ops,
^~
ipv4_conntrack_ops
net//netfilter/nf_conntrack_proto.c:836:33: note: each undeclared identifier
is reported only once for each function it appears in
In file included from include/linux/kernel.h:15:0,
from include/linux/skbuff.h:17,
from include/linux/netfilter.h:6,
from net//netfilter/nf_conntrack_proto.c:4:
>> include/linux/build_bug.h:29:45: error: bit-field '' width not an
>> integer constant
#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); }))
^
include/linux/compiler-gcc.h:65:28: note: in expansion of macro
'BUILD_BUG_ON_ZERO'
#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
^
include/linux/kernel.h:72:59: note: in expansion of macro '__must_be_array'
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) +
__must_be_array(arr))
^~~
net//netfilter/nf_conntrack_proto.c:837:7: note: in expansion of macro
'ARRAY_SIZE'
ARRAY_SIZE(ipv6_conntrack_ops));
^~
vim +836 net/netfilter/nf_conntrack_proto.c
822
823 static void nf_ct_netns_do_put(struct net *net, u8 nfproto)
824 {
825 struct nf_conntrack_net *cnet = net_generic(net,
nf_conntrack_net_id);
826
827 mutex_lock(_ct_proto_mutex);
828 switch (nfproto) {
829 case NFPROTO_IPV4:
830 if (cnet->users4 && (--cnet->users4 == 0))
831 nf_unregister_net_hooks(net, ipv4_conntrack_ops,
832
ARRAY_SIZE(ipv4_conntrack_ops));
833 break;
834 case NFPROTO_IPV6:
835 if (cnet->users6 && (--cnet->users6 == 0))
> 836 nf_unregister_net_hooks(net, ipv6_conntrack_ops,
> 837
> ARRAY_SIZE(ipv6_conntrack_ops));
838 break;
839 }
840
841 mutex_unlock(_ct_proto_mutex);
842 }
843
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH] netfilter: nf_flow_table: add conntrack accounting
Hi John,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
[also build test WARNING on v4.18-rc2 next-20180625]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/John-Crispin/netfilter-nf_flow_table-add-conntrack-accounting/20180626-124429
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-allyesconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All warnings (new ones prefixed by >>):
In file included from include/linux/linkage.h:7:0,
from include/linux/kernel.h:7,
from net/netfilter/nf_flow_table_core.c:1:
net/netfilter/nf_flow_table_core.c:170:19: error: 'nf_flow_table_acct'
undeclared here (not in a function); did you mean 'nf_flow_table_init'?
EXPORT_SYMBOL_GPL(nf_flow_table_acct);
^
include/linux/export.h:59:16: note: in definition of macro '___EXPORT_SYMBOL'
extern typeof(sym) sym; \
^~~
>> net/netfilter/nf_flow_table_core.c:170:1: note: in expansion of macro
>> 'EXPORT_SYMBOL_GPL'
EXPORT_SYMBOL_GPL(nf_flow_table_acct);
^
vim +/EXPORT_SYMBOL_GPL +170 net/netfilter/nf_flow_table_core.c
> 1 #include
2 #include
3 #include
4 #include
5 #include
6 #include
7 #include
8 #include
9 #include
10 #include
11 #include
12 #include
13 #include
14 #include
15
16 struct flow_offload_entry {
17 struct flow_offload flow;
18 struct nf_conn *ct;
19 struct rcu_head rcu_head;
20 };
21
22 static DEFINE_MUTEX(flowtable_lock);
23 static LIST_HEAD(flowtables);
24
25 static void
26 flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct,
27struct nf_flow_route *route,
28enum flow_offload_tuple_dir dir)
29 {
30 struct flow_offload_tuple *ft = >tuplehash[dir].tuple;
31 struct nf_conntrack_tuple *ctt = >tuplehash[dir].tuple;
32 struct dst_entry *dst = route->tuple[dir].dst;
33
34 ft->dir = dir;
35
36 switch (ctt->src.l3num) {
37 case NFPROTO_IPV4:
38 ft->src_v4 = ctt->src.u3.in;
39 ft->dst_v4 = ctt->dst.u3.in;
40 ft->mtu = ip_dst_mtu_maybe_forward(dst, true);
41 break;
42 case NFPROTO_IPV6:
43 ft->src_v6 = ctt->src.u3.in6;
44 ft->dst_v6 = ctt->dst.u3.in6;
45 ft->mtu = ip6_dst_mtu_forward(dst);
46 break;
47 }
48
49 ft->l3proto = ctt->src.l3num;
50 ft->l4proto = ctt->dst.protonum;
51 ft->src_port = ctt->src.u.tcp.port;
52 ft->dst_port = ctt->dst.u.tcp.port;
53
54 ft->iifidx = route->tuple[dir].ifindex;
55 ft->oifidx = route->tuple[!dir].ifindex;
56 ft->dst_cache = dst;
57 }
58
59 struct flow_offload *
60 flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route)
61 {
62 struct flow_offload_entry *entry;
63 struct flow_offload *flow;
64
65 if (unlikely(nf_ct_is_dying(ct) ||
66 !atomic_inc_not_zero(>ct_general.use)))
67 return NULL;
68
69 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
70 if (!entry)
71 goto err_ct_refcnt;
72
73 flow = >flow;
74
75 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst))
76 goto err_dst_cache_original;
77
78 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst))
79 goto err_dst_cache_reply;
80
81 entry->ct = ct;
82
83 flow_offload_fill_dir(flow, ct, route,
FLOW_OFFLOAD_DIR_ORIGINAL);
84 flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY);
85
86 if (ct->status & IPS_SRC_NAT)
87 flow->flags |= FLOW_OFFLOAD_SNAT;
88 if (ct->status & IPS_DST_NAT)
89 flow->flags |= FLOW_OFFLOAD_DNAT;
90
91 return flow;
92
93 err_dst_cache_reply:
94 dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst);
95 err_dst_cache_original:
96 kfree(entry);
97 err_ct_refcnt:
98 nf_ct_put(ct);
99
100 return NULL;
101 }
102
Re: [PATCH] netfilter: nf_flow_table: add conntrack accounting
Hi John,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.18-rc2 next-20180625]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/John-Crispin/netfilter-nf_flow_table-add-conntrack-accounting/20180626-124429
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: xtensa-allyesconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 8.1.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=8.1.0 make.cross ARCH=xtensa
All errors (new ones prefixed by >>):
In file included from include/linux/linkage.h:7,
from include/linux/kernel.h:7,
from net/netfilter/nf_flow_table_core.c:1:
>> net/netfilter/nf_flow_table_core.c:170:19: error: 'nf_flow_table_acct'
>> undeclared here (not in a function); did you mean 'nf_flow_table_init'?
EXPORT_SYMBOL_GPL(nf_flow_table_acct);
^~
include/linux/export.h:59:16: note: in definition of macro '___EXPORT_SYMBOL'
extern typeof(sym) sym; \
^~~
net/netfilter/nf_flow_table_core.c:170:1: note: in expansion of macro
'EXPORT_SYMBOL_GPL'
EXPORT_SYMBOL_GPL(nf_flow_table_acct);
^
vim +170 net/netfilter/nf_flow_table_core.c
> 1 #include
2 #include
3 #include
4 #include
5 #include
6 #include
7 #include
8 #include
9 #include
10 #include
11 #include
12 #include
13 #include
14 #include
15
16 struct flow_offload_entry {
17 struct flow_offload flow;
18 struct nf_conn *ct;
19 struct rcu_head rcu_head;
20 };
21
22 static DEFINE_MUTEX(flowtable_lock);
23 static LIST_HEAD(flowtables);
24
25 static void
26 flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct,
27struct nf_flow_route *route,
28enum flow_offload_tuple_dir dir)
29 {
30 struct flow_offload_tuple *ft = >tuplehash[dir].tuple;
31 struct nf_conntrack_tuple *ctt = >tuplehash[dir].tuple;
32 struct dst_entry *dst = route->tuple[dir].dst;
33
34 ft->dir = dir;
35
36 switch (ctt->src.l3num) {
37 case NFPROTO_IPV4:
38 ft->src_v4 = ctt->src.u3.in;
39 ft->dst_v4 = ctt->dst.u3.in;
40 ft->mtu = ip_dst_mtu_maybe_forward(dst, true);
41 break;
42 case NFPROTO_IPV6:
43 ft->src_v6 = ctt->src.u3.in6;
44 ft->dst_v6 = ctt->dst.u3.in6;
45 ft->mtu = ip6_dst_mtu_forward(dst);
46 break;
47 }
48
49 ft->l3proto = ctt->src.l3num;
50 ft->l4proto = ctt->dst.protonum;
51 ft->src_port = ctt->src.u.tcp.port;
52 ft->dst_port = ctt->dst.u.tcp.port;
53
54 ft->iifidx = route->tuple[dir].ifindex;
55 ft->oifidx = route->tuple[!dir].ifindex;
56 ft->dst_cache = dst;
57 }
58
59 struct flow_offload *
60 flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route)
61 {
62 struct flow_offload_entry *entry;
63 struct flow_offload *flow;
64
65 if (unlikely(nf_ct_is_dying(ct) ||
66 !atomic_inc_not_zero(>ct_general.use)))
67 return NULL;
68
69 entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
70 if (!entry)
71 goto err_ct_refcnt;
72
73 flow = >flow;
74
75 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst))
76 goto err_dst_cache_original;
77
78 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst))
79 goto err_dst_cache_reply;
80
81 entry->ct = ct;
82
83 flow_offload_fill_dir(flow, ct, route,
FLOW_OFFLOAD_DIR_ORIGINAL);
84 flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY);
85
86 if (ct->status & IPS_SRC_NAT)
87 flow->flags |= FLOW_OFFLOAD_SNAT;
88 if (ct->status & IPS_DST_NAT)
89 flow->flags |= FLOW_OFFLOAD_DNAT;
90
91 return flow;
92
93 err_dst_cache_reply:
94 dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst);
95 err_dst_cache_original:
96
Re: [PATCH nf-next] netfilter: Add native tproxy support for nf_tables
Hi MĂ¡tĂ©,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-Add-native-tproxy-support-for-nf_tables/20180620-222749
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: ia64-allmodconfig (attached as .config)
compiler: ia64-linux-gcc (GCC) 8.1.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=8.1.0 make.cross ARCH=ia64
All errors (new ones prefixed by >>):
net/netfilter/nft_tproxy.c: In function 'nft_tproxy_eval_v4':
>> net/netfilter/nft_tproxy.c:65:3: error: implicit declaration of function
>> 'nf_tproxy_assign_sock'; did you mean 'nf_tproxy_get_sock_v6'?
>> [-Werror=implicit-function-declaration]
nf_tproxy_assign_sock(skb, sk);
^
nf_tproxy_get_sock_v6
cc1: some warnings being treated as errors
vim +65 net/netfilter/nft_tproxy.c
16
17 static void nft_tproxy_eval_v4(const struct nft_expr *expr,
18 struct nft_regs *regs,
19 const struct nft_pktinfo *pkt)
20 {
21 const struct nft_tproxy *priv = nft_expr_priv(expr);
22 struct sk_buff *skb = pkt->skb;
23 struct sock *sk = skb->sk;
24 const struct iphdr *iph = ip_hdr(skb);
25 struct udphdr _hdr, *hp;
26 __be32 taddr = 0;
27 __be16 tport = 0;
28
29 hp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_hdr),
&_hdr);
30 if (!hp)
31 regs->verdict.code = NFT_BREAK;
32
33 /* check if there's an ongoing connection on the packet
34 * addresses, this happens if the redirect already happened
35 * and the current packet belongs to an already established
36 * connection */
37 sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
38 iph->saddr, iph->daddr,
39 hp->source, hp->dest,
40 skb->dev,
NF_TPROXY_LOOKUP_ESTABLISHED);
41
42 if (priv->sreg_addr)
43 taddr = regs->data[priv->sreg_addr];
44 taddr = nf_tproxy_laddr4(skb, taddr, iph->daddr);
45
46 if (priv->sreg_port) {
47 tport = regs->data[priv->sreg_port];
48 }
49 if (!tport)
50 tport = hp->dest;
51
52 /* UDP has no TCP_TIME_WAIT state, so we never enter here */
53 if (sk && sk->sk_state == TCP_TIME_WAIT)
54 /* reopening a TIME_WAIT connection needs special
handling */
55 sk = nf_tproxy_handle_time_wait4(nft_net(pkt), skb,
taddr, tport, sk);
56 else if (!sk)
57 /* no, there's no established connection, check if
58 * there's a listener on the redirected addr/port */
59 sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp,
iph->protocol,
60 iph->saddr, taddr,
61 hp->source, tport,
62 skb->dev,
NF_TPROXY_LOOKUP_LISTENER);
63
64 if (sk && nf_tproxy_sk_is_transparent(sk)) {
> 65 nf_tproxy_assign_sock(skb, sk);
66 }
67 }
68
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next v4] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180612-061838
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-randconfig-s0-06120905 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All warnings (new ones prefixed by >>):
In file included from include/linux/kernel.h:10:0,
from net//netfilter/nft_ct.c:12:
net//netfilter/nft_ct.c: In function 'ctnl_timeout_parse_policy':
net//netfilter/nft_ct.c:783:14: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
if (!l4proto->ctnl_timeout.nlattr_to_obj)
^
include/linux/compiler.h:58:30: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> net//netfilter/nft_ct.c:783:2: note: in expansion of macro 'if'
if (!l4proto->ctnl_timeout.nlattr_to_obj)
^~
net//netfilter/nft_ct.c:783:14: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
if (!l4proto->ctnl_timeout.nlattr_to_obj)
^
include/linux/compiler.h:58:42: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> net//netfilter/nft_ct.c:783:2: note: in expansion of macro 'if'
if (!l4proto->ctnl_timeout.nlattr_to_obj)
^~
net//netfilter/nft_ct.c:783:14: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
if (!l4proto->ctnl_timeout.nlattr_to_obj)
^
include/linux/compiler.h:69:16: note: in definition of macro '__trace_if'
__r = !!(cond); \
^~~~
>> net//netfilter/nft_ct.c:783:2: note: in expansion of macro 'if'
if (!l4proto->ctnl_timeout.nlattr_to_obj)
^~
net//netfilter/nft_ct.c:786:22: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
tb = kcalloc(l4proto->ctnl_timeout.nlattr_max + 1, sizeof(*tb),
^~
net//netfilter/nft_ct.c:792:36: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max,
^~
net//netfilter/nft_ct.c:793:24: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
attr, l4proto->ctnl_timeout.nla_policy,
^~
net//netfilter/nft_ct.c:798:15: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeouts);
^~
net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_init':
net//netfilter/nft_ct.c:850:26: error: 'struct net' has no member named
'nfct_timeout_list'
INIT_LIST_HEAD(>net->nfct_timeout_list);
^~
In file included from net//netfilter/nft_ct.c:12:0:
net//netfilter/nft_ct.c:851:40: error: 'struct net' has no member named
'nfct_timeout_list'
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^
include/linux/kernel.h:961:26: note: in definition of macro 'container_of'
void *__mptr = (void *)(ptr); \
^~~
include/linux/list.h:377:2: note: in expansion of macro 'list_entry'
list_entry((ptr)->next, type, member)
^~
include/linux/list.h:464:13: note: in expansion of macro 'list_first_entry'
for (pos = list_first_entry(head, typeof(*pos), member); \
^~~~
net//netfilter/nft_ct.c:851:2: note: in expansion of macro
'list_for_each_entry'
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^~~
In file included from include/linux/kernel.h:10:0,
from net//netfilter/nft_ct.c:12:
net//netfilter/nft_ct.c:851:40: error: 'struct net' has no member named
'nfct_timeout_list'
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^
include/linux/compiler.h:316:19: note: in definition of macro
'__compiletime_assert'
bool __cond = !(condition);\
^
include/linux/compiler.h:339:2: note: in expansion of macro
'_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~
Re: [PATCH nf-next v4] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180612-061838
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: m68k-sun3_defconfig (attached as .config)
compiler: m68k-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=7.2.0 make.cross ARCH=m68k
All errors (new ones prefixed by >>):
net/netfilter/nft_ct.c: In function 'ctnl_timeout_parse_policy':
net/netfilter/nft_ct.c:783:16: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
if (!l4proto->ctnl_timeout.nlattr_to_obj)
^~~~
get_timeouts
net/netfilter/nft_ct.c:786:24: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
tb = kcalloc(l4proto->ctnl_timeout.nlattr_max + 1, sizeof(*tb),
^~~~
get_timeouts
net/netfilter/nft_ct.c:792:38: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max,
^~~~
get_timeouts
net/netfilter/nft_ct.c:793:26: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
attr, l4proto->ctnl_timeout.nla_policy,
^~~~
get_timeouts
net/netfilter/nft_ct.c:798:17: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeouts);
^~~~
get_timeouts
net/netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_init':
>> net/netfilter/nft_ct.c:850:28: error: 'struct net' has no member named
>> 'nfct_timeout_list'; did you mean 'nfnl_acct_list'?
INIT_LIST_HEAD(>net->nfct_timeout_list);
^
nfnl_acct_list
In file included from net/netfilter/nft_ct.c:12:0:
net/netfilter/nft_ct.c:851:42: error: 'struct net' has no member named
'nfct_timeout_list'; did you mean 'nfnl_acct_list'?
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^
include/linux/kernel.h:961:26: note: in definition of macro 'container_of'
void *__mptr = (void *)(ptr); \
^~~
include/linux/list.h:377:2: note: in expansion of macro 'list_entry'
list_entry((ptr)->next, type, member)
^~
include/linux/list.h:464:13: note: in expansion of macro 'list_first_entry'
for (pos = list_first_entry(head, typeof(*pos), member); \
^~~~
net/netfilter/nft_ct.c:851:2: note: in expansion of macro
'list_for_each_entry'
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^~~
In file included from include/linux/kernel.h:10:0,
from net/netfilter/nft_ct.c:12:
net/netfilter/nft_ct.c:851:42: error: 'struct net' has no member named
'nfct_timeout_list'; did you mean 'nfnl_acct_list'?
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^
include/linux/compiler.h:316:19: note: in definition of macro
'__compiletime_assert'
bool __cond = !(condition);\
^
include/linux/compiler.h:339:2: note: in expansion of macro
'_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~
include/linux/build_bug.h:45:37: note: in expansion of macro
'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~
include/linux/kernel.h:962:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
^~~~
include/linux/kernel.h:962:20: note: in expansion of macro '__same_type'
BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
^~~
include/linux/list.h:366:2: note: in expansion of macro 'container_of'
container_of(ptr, type, member)
^~~~
include/linux/list.h:377:2: note: in expansion of macro 'list_entry'
list_entry((ptr)->next, type, member)
^~
Re: [PATCH v3 nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180601-094951
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-allyesconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
In file included from net//netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to
incomplete type 'struct sock'
switch (sk->sk_state) {
^~
include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared
(first use in this function); did you mean 'BPF_TCP_TIME_WAIT'?
case TCP_TIME_WAIT:
^
BPF_TCP_TIME_WAIT
include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is
reported only once for each function it appears in
>> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of
>> function 'inet_twsk'; did you mean 'idle_task'?
>> [-Werror=implicit-function-declaration]
return inet_twsk(sk)->tw_transparent;
^
idle_task
include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of
'->' (have 'int')
return inet_twsk(sk)->tw_transparent;
^~
include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared
(first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'?
case TCP_NEW_SYN_RECV:
^~~~
BPF_TCP_NEW_SYN_RECV
>> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of
>> function 'inet_rsk'; did you mean 'net_eq'?
>> [-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
net_eq
include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of
function 'inet_reqsk'; did you mean 'net_eq'?
[-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
net_eq
include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of
'->' (have 'int')
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
>> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of
>> function 'inet_sk'; did you mean 'net_eq'?
>> [-Werror=implicit-function-declaration]
return inet_sk(sk)->transparent;
^~~
net_eq
include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of
'->' (have 'int')
return inet_sk(sk)->transparent;
^~
In file included from include/net/inet_sock.h:27:0,
from net//netfilter/nft_socket.c:8:
include/net/request_sock.h: At top level:
include/net/request_sock.h:72:100: error: conflicting types for 'inet_reqsk'
static inline struct request_sock *inet_reqsk(const struct sock *sk)
^
In file included from net//netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration
of 'inet_reqsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
In file included from net//netfilter/nft_socket.c:8:0:
include/net/inet_sock.h:107:105: error: conflicting types for 'inet_rsk'
static inline struct inet_request_sock *inet_rsk(const struct request_sock
*sk)
^
In file included from net//netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration
of 'inet_rsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
In file included from net//netfilter/nft_socket.c:8:0:
include/net/inet_sock.h:273:97: error: conflicting types for 'inet_sk'
static inline struct inet_sock *inet_sk(const struct sock *sk)
^
In file included from net//netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration
of 'inet_sk' was here
return inet_sk(sk)->transparent;
^~~
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of
non-void function [-Wreturn-type]
}
^
cc1: some warnings being treated as errors
vim +14
Re: [PATCH v3 nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180601-094951
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: openrisc-allyesconfig (attached as .config)
compiler: or1k-linux-gcc (GCC) 6.0.0 20160327 (experimental)
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=openrisc
All errors (new ones prefixed by >>):
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to
incomplete type 'struct sock'
switch (sk->sk_state) {
^~
>> include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared
>> (first use in this function)
case TCP_TIME_WAIT:
^
include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is
reported only once for each function it appears in
>> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of
>> function 'inet_twsk' [-Werror=implicit-function-declaration]
return inet_twsk(sk)->tw_transparent;
^
include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of
'->' (have 'int')
return inet_twsk(sk)->tw_transparent;
^~
>> include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared
>> (first use in this function)
case TCP_NEW_SYN_RECV:
^~~~
>> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of
>> function 'inet_rsk' [-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
>> include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of
>> function 'inet_reqsk' [-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of
'->' (have 'int')
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
>> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of
>> function 'inet_sk' [-Werror=implicit-function-declaration]
return inet_sk(sk)->transparent;
^~~
include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of
'->' (have 'int')
return inet_sk(sk)->transparent;
^~
In file included from include/net/inet_sock.h:27:0,
from net/netfilter/nft_socket.c:8:
include/net/request_sock.h: At top level:
include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk'
static inline struct request_sock *inet_reqsk(const struct sock *sk)
^~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration
of 'inet_reqsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
In file included from net/netfilter/nft_socket.c:8:0:
include/net/inet_sock.h:107:41: error: conflicting types for 'inet_rsk'
static inline struct inet_request_sock *inet_rsk(const struct request_sock
*sk)
^~~~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration
of 'inet_rsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
In file included from net/netfilter/nft_socket.c:8:0:
include/net/inet_sock.h:273:33: error: conflicting types for 'inet_sk'
static inline struct inet_sock *inet_sk(const struct sock *sk)
^~~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration
of 'inet_sk' was here
return inet_sk(sk)->transparent;
^~~
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of
non-void function [-Wreturn-type]
}
^
cc1: some warnings being treated as errors
vim +/TCP_TIME_WAIT +13 include/net/netfilter/nf_socket.h
8db4c5be Pablo Neira Ayuso 2016-10-27 9
8db4c5be Pablo Neira Ayuso 2016-10-27 10 static inline bool
nf_sk_is_transparent(struct sock *sk)
8db4c5be Pablo Neira Ayuso 2016-10-27 11 {
8db4c5be Pablo Neira Ayuso 2016-10-27 @12 switch (sk->sk_state) {
8db4c5be Pablo Neira Ayuso 2016-10-27 @13
Re: [PATCH nf-next,v2] netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer
Hi Pablo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf/master]
[also build test WARNING on v4.17-rc7 next-20180531]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nft_fwd_netdev-allow-to-forward-packets-via-neighbour-layer/20180601-093630
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: i386-allmodconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings
All warnings (new ones prefixed by >>):
net/netfilter/nft_fwd_netdev.c: In function 'nft_fwd_neigh_eval':
>> net/netfilter/nft_fwd_netdev.c:130:2: warning: 'neigh_table' may be used
>> uninitialized in this function [-Wmaybe-uninitialized]
neigh_xmit(neigh_table, dev, addr, skb);
^~~
vim +/neigh_table +130 net/netfilter/nft_fwd_netdev.c
76
77 static void nft_fwd_neigh_eval(const struct nft_expr *expr,
78struct nft_regs *regs,
79const struct nft_pktinfo *pkt)
80 {
81 struct nft_fwd_neigh *priv = nft_expr_priv(expr);
82 void *addr = >data[priv->sreg_addr];
83 int oif = regs->data[priv->sreg_dev];
84 unsigned int verdict = NF_STOLEN;
85 struct sk_buff *skb = pkt->skb;
86 struct net_device *dev;
87 int neigh_table;
88
89 dev = dev_get_by_index_rcu(nft_net(pkt), oif);
90 if (dev == NULL)
91 return;
92
93 skb->dev = dev;
94
95 switch (priv->nfproto) {
96 case NFPROTO_IPV4: {
97 struct iphdr *iph;
98
99 if (skb->protocol != htons(ETH_P_IP)) {
100 verdict = NFT_BREAK;
101 goto out;
102 }
103 if (skb_try_make_writable(skb, sizeof(*iph))) {
104 verdict = NF_DROP;
105 goto out;
106 }
107 iph = ip_hdr(skb);
108 ip_decrease_ttl(iph);
109 neigh_table = NEIGH_ARP_TABLE;
110 break;
111 }
112 case NFPROTO_IPV6: {
113 struct ipv6hdr *ip6h;
114
115 if (skb->protocol != htons(ETH_P_IPV6)) {
116 verdict = NFT_BREAK;
117 goto out;
118 }
119 if (skb_try_make_writable(skb, sizeof(*ip6h))) {
120 verdict = NF_DROP;
121 goto out;
122 }
123 ip6h = ipv6_hdr(skb);
124 ip6h->hop_limit--;
125 neigh_table = NEIGH_ND_TABLE;
126 break;
127 }
128 }
129
> 130 neigh_xmit(neigh_table, dev, addr, skb);
131 out:
132 regs->verdict.code = verdict;
133 }
134
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH v2 nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180601-080238
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-allmodconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
>> include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to
>> incomplete type 'struct sock'
switch (sk->sk_state) {
^~
>> include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared
>> (first use in this function); did you mean 'BPF_TCP_TIME_WAIT'?
case TCP_TIME_WAIT:
^
BPF_TCP_TIME_WAIT
include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is
reported only once for each function it appears in
>> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of
>> function 'inet_twsk'; did you mean 'in_task'?
>> [-Werror=implicit-function-declaration]
return inet_twsk(sk)->tw_transparent;
^
in_task
>> include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of
>> '->' (have 'int')
return inet_twsk(sk)->tw_transparent;
^~
>> include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared
>> (first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'?
case TCP_NEW_SYN_RECV:
^~~~
BPF_TCP_NEW_SYN_RECV
>> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of
>> function 'inet_rsk'; did you mean 'in_task'?
>> [-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
in_task
>> include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of
>> function 'inet_reqsk'; did you mean 'net_eq'?
>> [-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
net_eq
include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of
'->' (have 'int')
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
>> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of
>> function 'inet_sk'; did you mean 'in_task'?
>> [-Werror=implicit-function-declaration]
return inet_sk(sk)->transparent;
^~~
in_task
include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of
'->' (have 'int')
return inet_sk(sk)->transparent;
^~
In file included from include/net/inet_sock.h:27:0,
from net/netfilter/nft_socket.c:8:
include/net/request_sock.h: At top level:
>> include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk'
static inline struct request_sock *inet_reqsk(const struct sock *sk)
^~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration
of 'inet_reqsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
In file included from net/netfilter/nft_socket.c:8:0:
>> include/net/inet_sock.h:107:41: error: conflicting types for 'inet_rsk'
static inline struct inet_request_sock *inet_rsk(const struct request_sock
*sk)
^~~~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration
of 'inet_rsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
In file included from net/netfilter/nft_socket.c:8:0:
>> include/net/inet_sock.h:273:33: error: conflicting types for 'inet_sk'
static inline struct inet_sock *inet_sk(const struct sock *sk)
^~~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration
of 'inet_sk' was here
return inet_sk(sk)->transparent;
^~~
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of
non-void function [-Wreturn-type]
}
^
cc1: some warnings being treated as errors
vim +12 include/net/netfilter/nf_socket.h
8db4c5be Pablo Neira Ayuso 2016-10-27 9
8db4c5be Pablo Neira Ayuso 2016-10-27 10 static inline bool
nf_sk_is_transparent(struct sock *sk)
8db4c5be Pablo
Re: [PATCH nf-next 2/8] netfilter: nf_tables: nf_tables_gettable: use call_rcu
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-nf_tables-make-get-and-dump-operations-lockless/20180529-071211 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/netfilter/nf_tables_api.c:1193:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1193:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1193:31:got void * net/netfilter/nf_tables_api.c:1196:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1196:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1196:31:got void * net/netfilter/nf_tables_api.c:1200:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1200:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1200:31:got void * net/netfilter/nf_tables_api.c:1223:28: sparse: cast between address spaces (->) net/netfilter/nf_tables_api.c:1223:28: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_tables_api.c:1472:23: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats *stats @@got struct nft_stats struct nft_stats *stats @@ net/netfilter/nf_tables_api.c:1480:29: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:1484:38: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats [noderef] *stats @@got [noderef] *stats @@ net/netfilter/nf_tables_api.c:1498:37: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:2772:16: sparse: incorrect type in return expression (different base types) @@expected unsigned long long @@got restricted unsigned long long @@ net/netfilter/nf_tables_api.c:2822:47: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ net/netfilter/nf_tables_api.c:3481:47: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ net/netfilter/nf_tables_api.c:3495:55: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ >> include/linux/rcupdate.h:686:9: sparse: context imbalance in >> 'nft_netlink_dump_start_rcu' - unexpected unlock vim +/nft_netlink_dump_start_rcu +686 include/linux/rcupdate.h ^1da177e4 Linus Torvalds 2005-04-16 636 ^1da177e4 Linus Torvalds 2005-04-16 637 /* ^1da177e4 Linus Torvalds 2005-04-16 638 * So where is rcu_write_lock()? It does not exist, as there is no ^1da177e4 Linus Torvalds 2005-04-16 639 * way for writers to lock out RCU readers. This is a feature, not ^1da177e4 Linus Torvalds 2005-04-16 640 * a bug -- this property is what provides RCU's performance benefits. ^1da177e4 Linus Torvalds 2005-04-16 641 * Of course, writers must coordinate with each other. The normal ^1da177e4 Linus Torvalds 2005-04-16 642 * spinlock primitives work well for this, but any other technique may be ^1da177e4 Linus Torvalds 2005-04-16 643 * used as well. RCU does not care how the writers keep out of each ^1da177e4 Linus Torvalds 2005-04-16 644 * others' way, as long as they do so. ^1da177e4 Linus Torvalds 2005-04-16 645 */ 3d76c0829 Paul E. McKenney 2009-09-28 646 3d76c0829 Paul E. McKenney 2009-09-28 647 /** ca5ecddfa Paul E. McKenney 2010-04-28 648 * rcu_read_unlock() - marks the end of an RCU read-side critical section. 3d76c0829 Paul E. McKenney 2009-09-28 649 * f27bc4873 Paul E. McKenney 2014-05-04 650 * In most situations, rcu_read_unlock() is immune from deadlock. f27bc4873 Paul E. McKenney 2014-05-04 651 * However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock() f27bc4873 Paul E. McKenney 2014-05-04 652 * is responsible for deboosting, which it does via rt_mutex_unlock(). f27bc4873 Paul E. McKenney 2014-05-04 653 * Unfortunately, this function acquires the scheduler's runqueue and f27bc4873 Paul E.
[RFC PATCH] netfilter: nft: nft_socket_type can be static
Fixes: 809f719f9b3f ("netfilter: nft: add support for native socket matching")
Signed-off-by: kbuild test robot
---
nft_socket.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
index 5eb1069..3429a2e 100644
--- a/net/netfilter/nft_socket.c
+++ b/net/netfilter/nft_socket.c
@@ -108,7 +108,7 @@ static int nft_socket_dump(struct sk_buff *skb,
return 0;
}
-struct nft_expr_type nft_socket_type;
+static struct nft_expr_type nft_socket_type;
static const struct nft_expr_ops nft_socket_ops = {
.type = _socket_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_socket)),
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180529-064304
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
include/net/netfilter/nf_socket.h:12:19: sparse: no member 'sk_state' in
struct sock
include/net/netfilter/nf_socket.h:13:14: sparse: undefined identifier
'TCP_TIME_WAIT'
include/net/netfilter/nf_socket.h:14:24: sparse: undefined identifier
'inet_twsk'
include/net/netfilter/nf_socket.h:15:14: sparse: undefined identifier
'TCP_NEW_SYN_RECV'
include/net/netfilter/nf_socket.h:16:24: sparse: undefined identifier
'inet_rsk'
include/net/netfilter/nf_socket.h:18:24: sparse: undefined identifier
'inet_sk'
>> include/net/netfilter/nf_socket.h:13:14: sparse: incompatible types for
>> 'case' statement
include/net/netfilter/nf_socket.h:15:14: sparse: incompatible types for
'case' statement
>> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32
>> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32
>> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32
>> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32
>> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32
>> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32
>> net/netfilter/nft_socket.c:104:47: sparse: incorrect type in argument 3
>> (different base types) @@expected unsigned int [unsigned] [usertype]
>> value @@got ed int [unsigned] [usertype] value @@
net/netfilter/nft_socket.c:104:47:expected unsigned int [unsigned]
[usertype] value
net/netfilter/nft_socket.c:104:47:got restricted __be32 [usertype]
>> net/netfilter/nft_socket.c:111:22: sparse: symbol 'nft_socket_type' was not
>> declared. Should it be static?
include/net/netfilter/nf_socket.h:13:14: sparse: Expected constant
expression in case statement
include/net/netfilter/nf_socket.h:15:14: sparse: Expected constant
expression in case statement
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to
incomplete type 'struct sock'
switch (sk->sk_state) {
^~
include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared
(first use in this function); did you mean 'BPF_TCP_TIME_WAIT'?
case TCP_TIME_WAIT:
^
BPF_TCP_TIME_WAIT
include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is
reported only once for each function it appears in
include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of
function 'inet_twsk'; did you mean 'in_task'?
[-Werror=implicit-function-declaration]
return inet_twsk(sk)->tw_transparent;
^
in_task
include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of
'->' (have 'int')
return inet_twsk(sk)->tw_transparent;
^~
include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared
(first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'?
case TCP_NEW_SYN_RECV:
^~~~
BPF_TCP_NEW_SYN_RECV
include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of
function 'inet_rsk'; did you mean 'in_task'?
[-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
in_task
include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of
function 'inet_reqsk'; did you mean 'net_eq'?
[-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
net_eq
include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of
'->' (have 'int')
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of
function 'inet_sk'; did you mean 'in_task'?
[-Werror=implicit-function-declaration]
return inet_sk(sk)->transparent;
^~~
in_task
include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of
'->' (have 'int')
return inet_sk(sk)->transparent;
^~
In file included from include/net/inet_sock.h:27:0,
from net/netfilter/nft_socket.c:8:
include/net/request_sock.h: At top level:
include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk'
static inline struct
Re: [PATCH nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180529-064304
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-allmodconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All error/warnings (new ones prefixed by >>):
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
>> include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to
>> incomplete type 'struct sock'
switch (sk->sk_state) {
^~
>> include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared
>> (first use in this function); did you mean 'BPF_TCP_TIME_WAIT'?
case TCP_TIME_WAIT:
^
BPF_TCP_TIME_WAIT
include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is
reported only once for each function it appears in
>> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of
>> function 'inet_twsk'; did you mean 'in_task'?
>> [-Werror=implicit-function-declaration]
return inet_twsk(sk)->tw_transparent;
^
in_task
>> include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of
>> '->' (have 'int')
return inet_twsk(sk)->tw_transparent;
^~
>> include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared
>> (first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'?
case TCP_NEW_SYN_RECV:
^~~~
BPF_TCP_NEW_SYN_RECV
>> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of
>> function 'inet_rsk'; did you mean 'in_task'?
>> [-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
in_task
>> include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of
>> function 'inet_reqsk'; did you mean 'net_eq'?
>> [-Werror=implicit-function-declaration]
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
net_eq
include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of
'->' (have 'int')
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
>> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of
>> function 'inet_sk'; did you mean 'in_task'?
>> [-Werror=implicit-function-declaration]
return inet_sk(sk)->transparent;
^~~
in_task
include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of
'->' (have 'int')
return inet_sk(sk)->transparent;
^~
In file included from include/net/inet_sock.h:27:0,
from net/netfilter/nft_socket.c:8:
include/net/request_sock.h: At top level:
>> include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk'
static inline struct request_sock *inet_reqsk(const struct sock *sk)
^~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration
of 'inet_reqsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~
In file included from net/netfilter/nft_socket.c:8:0:
>> include/net/inet_sock.h:107:41: error: conflicting types for 'inet_rsk'
static inline struct inet_request_sock *inet_rsk(const struct request_sock
*sk)
^~~~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration
of 'inet_rsk' was here
return inet_rsk(inet_reqsk(sk))->no_srccheck;
^~~~
In file included from net/netfilter/nft_socket.c:8:0:
>> include/net/inet_sock.h:273:33: error: conflicting types for 'inet_sk'
static inline struct inet_sock *inet_sk(const struct sock *sk)
^~~
In file included from net/netfilter/nft_socket.c:7:0:
include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration
of 'inet_sk' was here
return inet_sk(sk)->transparent;
^~~
include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent':
>> include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of
>> non-void function [-Wreturn-type]
}
^
cc1: some warnings being treated as errors
vim +12 include/net/netfilter/nf_socket.h
8db4c5be Pablo Neira Ayuso 2016-10-27 9
8db4c5be Pablo Neira Ayuso 2016-10-27 10 static inline bool
nf_sk_is_transparent(struct sock *sk)
Re: [PATCH net-next 2/2] ipvs: add ipv6 support to ftp
Hi Julian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on net-next/master]
url:
https://github.com/0day-ci/linux/commits/Julian-Anastasov/Add-IPv6-support-to-IPVS-FTP-NAT/20180525-153345
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/ipvs/ip_vs_ftp.c:399:24: sparse: Using plain integer as NULL
>> pointer
net/netfilter/ipvs/ip_vs_ftp.c:533:24: sparse: Using plain integer as NULL
pointer
vim +399 net/netfilter/ipvs/ip_vs_ftp.c
239
240 /* Look at outgoing ftp packets to catch the response to a PASV/EPSV
command
241 * from the server (inside-to-outside).
242 * When we see one, we build a connection entry with the client address,
243 * client port 0 (unknown at the moment), the server address and the
244 * server port. Mark the current connection entry as a control channel
245 * of the new entry. All this work is just to make the data connection
246 * can be scheduled to the right server later.
247 *
248 * The outgoing packet should be something like
249 * "227 Entering Passive Mode (xxx,xxx,xxx,xxx,ppp,ppp)".
250 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port
number.
251 * The extended format for EPSV response provides usually only port:
252 * "229 Entering Extended Passive Mode (|||ppp|)"
253 */
254 static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
255 struct sk_buff *skb, int *diff,
256 struct ip_vs_iphdr *ipvsh)
257 {
258 char *data, *data_limit;
259 char *start, *end;
260 union nf_inet_addr from;
261 __be16 port;
262 struct ip_vs_conn *n_cp;
263 char buf[24]; /* xxx.xxx.xxx.xxx,ppp,ppp\000 */
264 unsigned int buf_len;
265 int ret = 0;
266 enum ip_conntrack_info ctinfo;
267 struct nf_conn *ct;
268
269 *diff = 0;
270
271 /* Only useful for established sessions */
272 if (cp->state != IP_VS_TCP_S_ESTABLISHED)
273 return 1;
274
275 /* Linear packets are much easier to deal with. */
276 if (!skb_make_writable(skb, skb->len))
277 return 0;
278
279 if (cp->app_data == (void *) IP_VS_FTP_PASV) {
280 data = ip_vs_ftp_data_ptr(skb, ipvsh);
281 data_limit = skb_tail_pointer(skb);
282
283 if (!data || data >= data_limit)
284 return 1;
285
286 if (ip_vs_ftp_get_addrport(data, data_limit,
287 SERVER_STRING_PASV,
288 sizeof(SERVER_STRING_PASV)-1,
289 '(', false, IP_VS_FTP_PASV,
290 , , cp->af,
291 , ) != 1)
292 return 1;
293
294 IP_VS_DBG(7, "PASV response (%pI4:%u) -> %pI4:%u
detected\n",
295, ntohs(port), >caddr.ip, 0);
296 } else if (cp->app_data == (void *) IP_VS_FTP_EPSV) {
297 data = ip_vs_ftp_data_ptr(skb, ipvsh);
298 data_limit = skb_tail_pointer(skb);
299
300 if (!data || data >= data_limit)
301 return 1;
302
303 /* Usually, data address is not specified but
304 * we support different address, so pre-set it.
305 */
306 from = cp->daddr;
307 if (ip_vs_ftp_get_addrport(data, data_limit,
308 SERVER_STRING_EPSV,
309 sizeof(SERVER_STRING_EPSV)-1,
310 '(', true, IP_VS_FTP_EPSV,
311 , , cp->af,
312 , ) != 1)
313 return 1;
314
315 IP_VS_DBG_BUF(7, "EPSV response (%s:%u) -> %s:%u
detected\n",
316IP_VS_DBG_ADDR(cp->af, ),
ntohs(port),
317IP_VS_DBG_ADDR(cp->af, >caddr), 0);
318 } else {
319 return 1;
320 }
321
322 /* Now update or create a connection entry for it */
323 {
324 struct ip_vs_conn_param p;
325
326 ip_vs_conn_fill_param(cp->ipvs, cp->af,
327
[PATCH] netfilter: nft_numgen: fix ptr_ret.cocci warnings
From: kbuild test robot <fengguang...@intel.com>
net/netfilter/nft_numgen.c:117:1-3: WARNING: PTR_ERR_OR_ZERO can be used
Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR
Generated by: scripts/coccinelle/api/ptr_ret.cocci
Fixes: d734a2888922 ("netfilter: nft_numgen: add map lookups for numgen
statements")
CC: Laura Garcia Liebana <nev...@gmail.com>
Signed-off-by: kbuild test robot <fengguang...@intel.com>
---
nft_numgen.c |5 +
1 file changed, 1 insertion(+), 4 deletions(-)
--- a/net/netfilter/nft_numgen.c
+++ b/net/netfilter/nft_numgen.c
@@ -114,10 +114,7 @@ static int nft_ng_inc_map_init(const str
tb[NFTA_NG_SET_NAME],
tb[NFTA_NG_SET_ID], genmask);
- if (IS_ERR(priv->map))
- return PTR_ERR(priv->map);
-
- return 0;
+ return PTR_ERR_OR_ZERO(priv->map);
}
static int nft_ng_dump(struct sk_buff *skb, enum nft_registers dreg,
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:master 4/18] net/netfilter/nft_hash.c:180:1-3: WARNING: PTR_ERR_OR_ZERO can be used
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 0c6bca747111dee19aa48c8f73d77fc85fcb8dd0 commit: b9ccc07e3f31ad8073697982bac014fbceef7ecb [4/18] netfilter: nft_hash: add map lookups for hashing operations coccinelle warnings: (new ones prefixed by >>) >> net/netfilter/nft_hash.c:180:1-3: WARNING: PTR_ERR_OR_ZERO can be used net/netfilter/nft_hash.c:223:1-3: WARNING: PTR_ERR_OR_ZERO can be used Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: nft_hash: fix ptr_ret.cocci warnings
From: kbuild test robot <fengguang...@intel.com>
net/netfilter/nft_hash.c:180:1-3: WARNING: PTR_ERR_OR_ZERO can be used
net/netfilter/nft_hash.c:223:1-3: WARNING: PTR_ERR_OR_ZERO can be used
Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR
Generated by: scripts/coccinelle/api/ptr_ret.cocci
Fixes: b9ccc07e3f31 ("netfilter: nft_hash: add map lookups for hashing
operations")
CC: Laura Garcia Liebana <nev...@gmail.com>
Signed-off-by: kbuild test robot <fengguang...@intel.com>
---
nft_hash.c | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -177,10 +177,7 @@ static int nft_jhash_map_init(const stru
priv->map = nft_set_lookup_global(ctx->net, ctx->table,
tb[NFTA_HASH_SET_NAME],
tb[NFTA_HASH_SET_ID], genmask);
- if (IS_ERR(priv->map))
- return PTR_ERR(priv->map);
-
- return 0;
+ return PTR_ERR_OR_ZERO(priv->map);
}
static int nft_symhash_init(const struct nft_ctx *ctx,
@@ -220,10 +217,7 @@ static int nft_symhash_map_init(const st
priv->map = nft_set_lookup_global(ctx->net, ctx->table,
tb[NFTA_HASH_SET_NAME],
tb[NFTA_HASH_SET_ID], genmask);
- if (IS_ERR(priv->map))
- return PTR_ERR(priv->map);
-
- return 0;
+ return PTR_ERR_OR_ZERO(priv->map);
}
static int nft_jhash_dump(struct sk_buff *skb,
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next,v3 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.17-rc5]
[cannot apply to nf/master next-20180517]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180518-093914
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: arm64-defconfig (attached as .config)
compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm64
All errors (new ones prefixed by >>):
net//netfilter/nf_conntrack_core.c: In function 'nf_conntrack_update':
>> net//netfilter/nf_conntrack_core.c:1656:36: error: 'struct nf_conn' has no
>> member named 'zone'
h = nf_conntrack_find_get(net, >zone, );
^~
vim +1656 net//netfilter/nf_conntrack_core.c
1609
1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb)
1611 {
1612 const struct nf_conntrack_l3proto *l3proto;
1613 const struct nf_conntrack_l4proto *l4proto;
1614 struct nf_conntrack_tuple_hash *h;
1615 struct nf_conntrack_tuple tuple;
1616 enum ip_conntrack_info ctinfo;
1617 struct nf_nat_hook *nat_hook;
1618 unsigned int dataoff, status;
1619 struct nf_conn *ct;
1620 u16 l3num;
1621 u8 l4num;
1622
1623 ct = nf_ct_get(skb, );
1624 if (!ct || nf_ct_is_confirmed(ct))
1625 return 0;
1626
1627 l3num = nf_ct_l3num(ct);
1628 l3proto = nf_ct_l3proto_find_get(l3num);
1629
1630 if (l3proto->get_l4proto(skb, skb_network_offset(skb), ,
1631 ) <= 0)
1632 return -1;
1633
1634 l4proto = nf_ct_l4proto_find_get(l3num, l4num);
1635
1636 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff,
l3num,
1637 l4num, net, , l3proto, l4proto))
1638 return -1;
1639
1640 if (ct->status & IPS_SRC_NAT) {
1641 memcpy(tuple.src.u3.all,
1642
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all,
1643 sizeof(tuple.src.u3.all));
1644 tuple.src.u.all =
1645
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all;
1646 }
1647
1648 if (ct->status & IPS_DST_NAT) {
1649 memcpy(tuple.dst.u3.all,
1650
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all,
1651 sizeof(tuple.dst.u3.all));
1652 tuple.dst.u.all =
1653
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all;
1654 }
1655
> 1656 h = nf_conntrack_find_get(net, >zone, );
1657 if (!h)
1658 return 0;
1659
1660 /* Store status bits of the conntrack that is clashing to re-do
NAT
1661 * mangling according to what it has been done already to this
packet.
1662 */
1663 status = ct->status;
1664
1665 nf_ct_put(ct);
1666 ct = nf_ct_tuplehash_to_ctrack(h);
1667 nf_ct_set(skb, ct, ctinfo);
1668
1669 nat_hook = rcu_dereference(nf_nat_hook);
1670 if (!nat_hook)
1671 return 0;
1672
1673 if (status & IPS_SRC_NAT &&
1674 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC,
1675 IP_CT_DIR_ORIGINAL) == NF_DROP)
1676 return -1;
1677
1678 if (status & IPS_DST_NAT &&
1679 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST,
1680 IP_CT_DIR_ORIGINAL) == NF_DROP)
1681 return -1;
1682
1683 return 0;
1684 }
1685
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next,v3 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180517] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180518-093914 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: mips-fuloong2e_defconfig (attached as .config) compiler: mips64el-linux-gnuabi64-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=mips All errors (new ones prefixed by >>): >> ERROR: "nf_ct_hook" [net/netfilter/nfnetlink_queue.ko] undefined! --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next,v2 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.17-rc5]
[cannot apply to nf/master next-20180516]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-randconfig-u0-05170929 (attached as .config)
compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/nfnetlink_queue.c: In function 'nfqnl_reinject':
>> net/netfilter/nfnetlink_queue.c:237:7: error: implicit declaration of
>> function 'nf_ct_get' [-Werror=implicit-function-declaration]
ct = nf_ct_get(entry->skb, );
^
net/netfilter/nfnetlink_queue.c:237:5: warning: assignment makes pointer
from integer without a cast [-Wint-conversion]
ct = nf_ct_get(entry->skb, );
^
>> net/netfilter/nfnetlink_queue.c:238:13: error: implicit declaration of
>> function 'nf_ct_is_confirmed' [-Werror=implicit-function-declaration]
if (ct && !nf_ct_is_confirmed(ct) &&
^
cc1: some warnings being treated as errors
vim +/nf_ct_get +237 net/netfilter/nfnetlink_queue.c
229
230 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int
verdict)
231 {
232 enum ip_conntrack_info ctinfo;
233 struct nf_ct_hook *ct_hook;
234 struct nf_conn *ct;
235 int err;
236
> 237 ct = nf_ct_get(entry->skb, );
> 238 if (ct && !nf_ct_is_confirmed(ct) &&
239 (verdict == NF_ACCEPT || verdict == NF_STOP)) {
240 rcu_read_lock();
241 ct_hook = rcu_dereference(nf_ct_hook);
242 if (ct_hook) {
243 err = ct_hook->update(entry->state.net,
entry->skb,
244ct, ctinfo);
245 if (err < 0)
246 verdict = NF_DROP;
247 }
248 rcu_read_unlock();
249 }
250
251 nf_reinject(entry, verdict);
252 }
253
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next,v2 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.17-rc5]
[cannot apply to nf/master next-20180516]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-n0-201819 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:36:
include/linux/netfilter/x_tables.h: In function 'xt_net':
>> include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to
>> incomplete type 'const struct nf_hook_state'
return par->state->net;
^~
In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:36:
include/linux/netfilter/x_tables.h: At top level:
>> include/linux/netfilter/x_tables.h:450:64: error: unknown type name
>> 'nf_hookfn'
struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *);
^
In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:36:
include/net/netfilter/nf_conntrack_tuple.h: In function
'__nf_ct_tuple_src_equal':
>> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit
>> declaration of function 'nf_inet_addr_cmp'; did you mean 'inet_addr_type'?
>> [-Werror=implicit-function-declaration]
return (nf_inet_addr_cmp(>src.u3, >src.u3) &&
^~~~
inet_addr_type
In file included from include/net/netfilter/nf_nat_core.h:5:0,
from net/xfrm/xfrm_policy.c:36:
include/net/netfilter/nf_conntrack.h: At top level:
>> include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has
>> incomplete type
struct nf_conntrack ct_general;
^~
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get':
>> include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff'
>> has no member named '_nfct'
*ctinfo = skb->_nfct & NFCT_INFOMASK;
^~
include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff'
has no member named '_nfct'
return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
^~
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put':
>> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of
>> function 'nf_conntrack_put'; did you mean 'nf_ct_put'?
>> [-Werror=implicit-function-declaration]
nf_conntrack_put(>ct_general);
^~~~
nf_ct_put
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set':
>> include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no
>> member named '_nfct'
skb->_nfct = (unsigned long)ct | info;
^~
cc1: some warnings being treated as errors
vim +148 include/net/netfilter/nf_conntrack.h
f8eb24a89a Patrick McHardy2006-11-29 49
ea781f197d Eric Dumazet 2009-03-25 50 struct nf_conn {
f330a7fdbe Florian Westphal 2016-08-25 51 /* Usage count in here
is 1 for hash table, 1 per skb,
b476b72a0f Jesper Dangaard Brouer 2014-03-03 52* plus 1 for any
connection(s) we are `master' for
b476b72a0f Jesper Dangaard Brouer 2014-03-03 53*
a9e419dc7b Florian Westphal 2017-01-23 54* Hint, SKB address
this struct and refcnt via skb->_nfct and
b476b72a0f Jesper Dangaard Brouer 2014-03-03 55* helpers
nf_conntrack_get() and nf_conntrack_put().
b476b72a0f Jesper Dangaard Brouer 2014-03-03 56* Helper nf_ct_put()
equals nf_conntrack_put() by dec refcnt,
b476b72a0f Jesper Dangaard Brouer 2014-03-03 57* beware nf_ct_get()
is different and don't inc refcnt.
b476b72a0f Jesper Dangaard Brouer 2014-03-03 58*/
9fb9cbb108 Yasuyuki Kozakai 2005-11-09 @59 struct nf_conntrack
Re: [PATCH nf-next,v2 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.17-rc5]
[cannot apply to nf/master next-20180516]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: i386-randconfig-s1-201819 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:36:
include/linux/netfilter/x_tables.h: In function 'xt_net':
include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to
incomplete type 'const struct nf_hook_state'
return par->state->net;
^~
In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:36:
include/linux/netfilter/x_tables.h: At top level:
include/linux/netfilter/x_tables.h:450:64: error: unknown type name
'nf_hookfn'
struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *);
^
In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:36:
include/net/netfilter/nf_conntrack_tuple.h: In function
'__nf_ct_tuple_src_equal':
>> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit
>> declaration of function 'nf_inet_addr_cmp'
>> [-Werror=implicit-function-declaration]
return (nf_inet_addr_cmp(>src.u3, >src.u3) &&
^~~~
In file included from include/net/netfilter/nf_nat_core.h:5:0,
from net/xfrm/xfrm_policy.c:36:
include/net/netfilter/nf_conntrack.h: At top level:
include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has
incomplete type
struct nf_conntrack ct_general;
^~
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get':
include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff'
has no member named '_nfct'
*ctinfo = skb->_nfct & NFCT_INFOMASK;
^~
include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff'
has no member named '_nfct'
return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
^~
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put':
>> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of
>> function 'nf_conntrack_put' [-Werror=implicit-function-declaration]
nf_conntrack_put(>ct_general);
^~~~
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set':
include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no
member named '_nfct'
skb->_nfct = (unsigned long)ct | info;
^~
cc1: some warnings being treated as errors
vim +/nf_inet_addr_cmp +127 include/net/netfilter/nf_conntrack_tuple.h
9fb9cbb1 Yasuyuki Kozakai 2005-11-09 123
5f2b4c90 Jan Engelhardt 2008-04-14 124 static inline bool
__nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
9fb9cbb1 Yasuyuki Kozakai 2005-11-09 125
const struct nf_conntrack_tuple *t2)
9fb9cbb1 Yasuyuki Kozakai 2005-11-09 126 {
b8beedd2 Patrick McHardy 2008-03-25 @127 return
(nf_inet_addr_cmp(>src.u3, >src.u3) &&
9fb9cbb1 Yasuyuki Kozakai 2005-11-09 128 t1->src.u.all ==
t2->src.u.all &&
380517de Patrick McHardy 2008-01-31 129 t1->src.l3num ==
t2->src.l3num);
9fb9cbb1 Yasuyuki Kozakai 2005-11-09 130 }
9fb9cbb1 Yasuyuki Kozakai 2005-11-09 131
:: The code at line 127 was first introduced by commit
:: b8beedd25d3913d45b8330a08ab88fdf90eb54b8 [NETFILTER]: Add
nf_inet_addr_cmp()
:: TO: Patrick McHardy
:: CC: David S. Miller
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel
Re: [PATCH nf-next,v2 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.17-rc5]
[cannot apply to nf/master next-20180516]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-acpi-redef (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
net/netfilter/nfnetlink_queue.c: In function 'nfqnl_reinject':
>> net/netfilter/nfnetlink_queue.c:237:7: error: implicit declaration of
>> function 'nf_ct_get'; did you mean 'sk_dst_get'?
>> [-Werror=implicit-function-declaration]
ct = nf_ct_get(entry->skb, );
^
sk_dst_get
>> net/netfilter/nfnetlink_queue.c:237:5: warning: assignment makes pointer
>> from integer without a cast [-Wint-conversion]
ct = nf_ct_get(entry->skb, );
^
>> net/netfilter/nfnetlink_queue.c:238:13: error: implicit declaration of
>> function 'nf_ct_is_confirmed'; did you mean 'sk_dst_confirm'?
>> [-Werror=implicit-function-declaration]
if (ct && !nf_ct_is_confirmed(ct) &&
^~
sk_dst_confirm
cc1: some warnings being treated as errors
vim +237 net/netfilter/nfnetlink_queue.c
229
230 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int
verdict)
231 {
232 enum ip_conntrack_info ctinfo;
233 struct nf_ct_hook *ct_hook;
234 struct nf_conn *ct;
235 int err;
236
> 237 ct = nf_ct_get(entry->skb, );
> 238 if (ct && !nf_ct_is_confirmed(ct) &&
239 (verdict == NF_ACCEPT || verdict == NF_STOP)) {
240 rcu_read_lock();
241 ct_hook = rcu_dereference(nf_ct_hook);
242 if (ct_hook) {
243 err = ct_hook->update(entry->state.net,
entry->skb,
244ct, ctinfo);
245 if (err < 0)
246 verdict = NF_DROP;
247 }
248 rcu_read_unlock();
249 }
250
251 nf_reinject(entry, verdict);
252 }
253
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH ghak81 V3 3/3] audit: collect audit task parameters
Hi Richard,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on next-20180516]
[cannot apply to linus/master tip/sched/core v4.17-rc5 v4.17-rc4 v4.17-rc3
v4.17-rc5]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-group-task-params/20180517-090703
config: i386-tinyconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
kernel/fork.c: In function 'copy_process':
>> kernel/fork.c:1739:3: error: 'struct task_struct' has no member named 'audit'
p->audit = NULL;
^~
vim +1739 kernel/fork.c
1728
1729 p->default_timer_slack_ns = current->timer_slack_ns;
1730
1731 task_io_accounting_init(>ioac);
1732 acct_clear_integrals(p);
1733
1734 posix_cpu_timers_init(p);
1735
1736 p->start_time = ktime_get_ns();
1737 p->real_start_time = ktime_get_boot_ns();
1738 p->io_context = NULL;
> 1739 p->audit = NULL;
1740 cgroup_fork(p);
1741 #ifdef CONFIG_NUMA
1742 p->mempolicy = mpol_dup(p->mempolicy);
1743 if (IS_ERR(p->mempolicy)) {
1744 retval = PTR_ERR(p->mempolicy);
1745 p->mempolicy = NULL;
1746 goto bad_fork_cleanup_threadgroup_lock;
1747 }
1748 #endif
1749 #ifdef CONFIG_CPUSETS
1750 p->cpuset_mem_spread_rotor = NUMA_NO_NODE;
1751 p->cpuset_slab_spread_rotor = NUMA_NO_NODE;
1752 seqcount_init(>mems_allowed_seq);
1753 #endif
1754 #ifdef CONFIG_TRACE_IRQFLAGS
1755 p->irq_events = 0;
1756 p->hardirqs_enabled = 0;
1757 p->hardirq_enable_ip = 0;
1758 p->hardirq_enable_event = 0;
1759 p->hardirq_disable_ip = _THIS_IP_;
1760 p->hardirq_disable_event = 0;
1761 p->softirqs_enabled = 1;
1762 p->softirq_enable_ip = _THIS_IP_;
1763 p->softirq_enable_event = 0;
1764 p->softirq_disable_ip = 0;
1765 p->softirq_disable_event = 0;
1766 p->hardirq_context = 0;
1767 p->softirq_context = 0;
1768 #endif
1769
1770 p->pagefault_disabled = 0;
1771
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[RFC PATCH] net: sched: __tcf_idr_check() can be static
Fixes: 446adedb5339 ("net: sched: always take reference to action")
Signed-off-by: Fengguang Wu
---
act_api.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 9459cce..27e80cf 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -284,8 +284,8 @@ int tcf_generic_walker(struct tc_action_net *tn, struct
sk_buff *skb,
}
EXPORT_SYMBOL(tcf_generic_walker);
-bool __tcf_idr_check(struct tc_action_net *tn, u32 index, struct tc_action **a,
-int bind)
+static bool __tcf_idr_check(struct tc_action_net *tn, u32 index, struct
tc_action **a,
+ int bind)
{
struct tcf_idrinfo *idrinfo = tn->idrinfo;
struct tc_action *p;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 05/14] net: sched: always take reference to action
Hi Vlad, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on net/master] [also build test WARNING on v4.17-rc5 next-20180514] [cannot apply to net-next/master] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Vlad-Buslov/Modify-action-API-for-implementing-lockless-actions/20180515-025420 reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/sched/act_api.c:71:15: sparse: incorrect type in initializer (different address spaces) @@expected struct tc_cookie [noderef] *__ret @@ got [noderef] *__ret @@ net/sched/act_api.c:71:15:expected struct tc_cookie [noderef] *__ret net/sched/act_api.c:71:15:got struct tc_cookie *new_cookie net/sched/act_api.c:71:13: sparse: incorrect type in assignment (different address spaces) @@expected struct tc_cookie *old @@got struct tc_cookie [noderef] *[assigned] __ret >> net/sched/act_api.c:287:6: sparse: symbol '__tcf_idr_check' was not >> declared. Should it be static? net/sched/act_api.c:144:48: sparse: dereference of noderef expression Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
net/xfrm/xfrm_policy.c:592:22: sparse: incorrect type in assignment
(different address spaces) @@expected struct hlist_head *odst @@got
struct hlist_headstruct hlist_head *odst @@
net/xfrm/xfrm_policy.c:592:22:expected struct hlist_head *odst
net/xfrm/xfrm_policy.c:592:22:got struct hlist_head [noderef]
*table
>> include/net/netfilter/nf_nat_core.h:44:20: sparse: incorrect type in
>> argument 1 (different address spaces) @@expected void const volatile *p
>> @@got struct nf_nat_hoovoid const volatile *p @@
include/net/netfilter/nf_nat_core.h:44:20:expected void const volatile *p
include/net/netfilter/nf_nat_core.h:44:20:got struct nf_nat_hook
*[noderef] *
>> include/net/netfilter/nf_nat_core.h:44:20: sparse: incorrect type in
>> argument 1 (different address spaces) @@expected void const volatile *p
>> @@got struct nf_nat_hoovoid const volatile *p @@
include/net/netfilter/nf_nat_core.h:44:20:expected void const volatile *p
include/net/netfilter/nf_nat_core.h:44:20:got struct nf_nat_hook
*[noderef] *
>> include/net/netfilter/nf_nat_core.h:44:20: sparse: incompatible types in
>> comparison expression (different address spaces)
net/xfrm/xfrm_policy.c:2808:43: sparse: incompatible types in comparison
expression (different address spaces)
net/xfrm/xfrm_policy.c:2879:29: sparse: incorrect type in assignment
(different address spaces) @@expected struct hlist_head [noderef]
*table @@got [noderef] *table @@
net/xfrm/xfrm_policy.c:2879:29:expected struct hlist_head [noderef]
*table
net/xfrm/xfrm_policy.c:2879:29:got struct hlist_head *
net/xfrm/xfrm_policy.c:2905:36: sparse: incorrect type in argument 1
(different address spaces) @@expected struct hlist_head *n @@got struct
hlist_headstruct hlist_head *n @@
net/xfrm/xfrm_policy.c:2905:36:expected struct hlist_head *n
net/xfrm/xfrm_policy.c:2905:36:got struct hlist_head [noderef]
*table
net/xfrm/xfrm_policy.c:2932:17: sparse: incorrect type in argument 1
(different address spaces) @@expected struct hlist_head const *h @@got
struct hlisstruct hlist_head const *h @@
net/xfrm/xfrm_policy.c:2932:17:expected struct hlist_head const *h
net/xfrm/xfrm_policy.c:2932:17:got struct hlist_head [noderef]
*table
net/xfrm/xfrm_policy.c:2933:36: sparse: incorrect type in argument 1
(different address spaces) @@expected struct hlist_head *n @@got struct
hlist_headstruct hlist_head *n @@
net/xfrm/xfrm_policy.c:2933:36:expected struct hlist_head *n
net/xfrm/xfrm_policy.c:2933:36:got struct hlist_head [noderef]
*table
net/xfrm/xfrm_policy.c:109:40: sparse: context imbalance in
'xfrm_policy_get_afinfo' - different lock contexts for basic block
include/linux/rcupdate.h:686:9: sparse: context imbalance in
'__xfrm_dst_lookup' - unexpected unlock
net/xfrm/xfrm_policy.c:900:25: sparse: dereference of noderef expression
net/xfrm/xfrm_policy.c:958:25: sparse: dereference of noderef expression
include/linux/rcupdate.h:686:9: sparse: context imbalance in
'xfrm_get_saddr' - unexpected unlock
include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_get_tos'
- unexpected unlock
include/linux/rcupdate.h:686:9: sparse: context imbalance in
'xfrm_bundle_create' - unexpected unlock
include/linux/rcupdate.h:686:9: sparse: context imbalance in
'xfrm_create_dummy_bundle' - unexpected unlock
include/linux/rcupdate.h:686:9: sparse: context imbalance in
'make_blackhole' - unexpected unlock
include/linux/rcupdate.h:686:9: sparse: context imbalance in
'__xfrm_decode_session' - unexpected unlock
vim +44 include/net/netfilter/nf_nat_core.h
36
37 static inline void
38 nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t
family)
39 {
40 #ifdef CONFIG_NF_NAT_NEEDED
41 struct nf_nat_hook *nat_hook;
42
43 rcu_read_lock();
> 44 nat_hook = rcu_dereference(nf_nat_hook);
45 if (nat_hook->decode_session)
46 nat_hook->decode_session(skb, fl);
47 rcu_read_unlock();
48 #endif
49 }
50
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to
Re: [PATCH nf-next 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/netfilter/nf_conntrack_core.c:1665:20: sparse: incorrect type in
>> argument 1 (different address spaces) @@expected void const volatile *p
>> @@got struct nf_nat_hoovoid const volatile *p @@
net/netfilter/nf_conntrack_core.c:1665:20:expected void const volatile *p
net/netfilter/nf_conntrack_core.c:1665:20:got struct nf_nat_hook
*[noderef] *
>> net/netfilter/nf_conntrack_core.c:1665:20: sparse: incorrect type in
>> argument 1 (different address spaces) @@expected void const volatile *p
>> @@got struct nf_nat_hoovoid const volatile *p @@
net/netfilter/nf_conntrack_core.c:1665:20:expected void const volatile *p
net/netfilter/nf_conntrack_core.c:1665:20:got struct nf_nat_hook
*[noderef] *
net/netfilter/nf_conntrack_core.c:1665:20: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_conntrack_core.c:1878:9: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_conntrack_core.c:2208:9: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_conntrack_core.c:117:13: sparse: context imbalance in
'nf_conntrack_double_unlock' - unexpected unlock
net/netfilter/nf_conntrack_core.c:127:13: sparse: context imbalance in
'nf_conntrack_double_lock' - wrong count at exit
net/netfilter/nf_conntrack_core.c:157:9: sparse: context imbalance in
'nf_conntrack_all_lock' - wrong count at exit
net/netfilter/nf_conntrack_core.c:168:13: sparse: context imbalance in
'nf_conntrack_all_unlock' - unexpected unlock
net/netfilter/nf_conntrack_core.c:1705:28: sparse: context imbalance in
'get_next_corpse' - unexpected unlock
vim +1665 net/netfilter/nf_conntrack_core.c
1609
1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb,
1611 struct nf_conn *ct,
1612 enum ip_conntrack_info ctinfo)
1613 {
1614 const struct nf_conntrack_l3proto *l3proto;
1615 const struct nf_conntrack_l4proto *l4proto;
1616 struct nf_conntrack_tuple_hash *h;
1617 struct nf_conntrack_tuple tuple;
1618 struct nf_nat_hook *nat_hook;
1619 unsigned int dataoff, status;
1620 u16 l3num;
1621 u8 l4num;
1622
1623 l3num = nf_ct_l3num(ct);
1624 l3proto = nf_ct_l3proto_find_get(l3num);
1625
1626 if (l3proto->get_l4proto(skb, skb_network_offset(skb), ,
1627 ) <= 0)
1628 return 0;
1629
1630 l4proto = nf_ct_l4proto_find_get(l3num, l4num);
1631
1632 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff,
l3num,
1633 l4num, net, , l3proto, l4proto))
1634 return 0;
1635
1636 if (ct->status & IPS_SRC_NAT) {
1637 memcpy(tuple.src.u3.all,
1638
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all,
1639 sizeof(tuple.src.u3.all));
1640 tuple.src.u.all =
1641
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all;
1642 }
1643
1644 if (ct->status & IPS_DST_NAT) {
1645 memcpy(tuple.dst.u3.all,
1646
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all,
1647 sizeof(tuple.src.u3.all));
1648 tuple.dst.u.all =
1649
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all;
1650 }
1651
1652 h = nf_conntrack_find_get(net, >zone, );
1653 if (!h)
1654 return 0;
1655
1656 /* Store status bits of the conntrack that is clashing to re-do
NAT
1657 * mangling according to what it has been done already to this
packet.
1658 */
1659 status = ct->status;
1660
1661 nf_ct_put(ct);
1662 ct = nf_ct_tuplehash_to_ctrack(h);
1663 nf_ct_set(skb, ct, ctinfo);
1664
> 1665 nat_hook = rcu_dereference(nf_nat_hook);
1666 if (!nat_hook)
1667 return 0;
1668
1669 if (status & IPS_SRC_NAT &&
1670 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC,
1671 IP_CT_DIR_ORIGINAL) == NF_DROP)
Re: [PATCH 01/14] net: sched: use rcu for action cookie update
Hi Vlad,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net/master]
[also build test WARNING on v4.17-rc5 next-20180514]
[cannot apply to net-next/master]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Vlad-Buslov/Modify-action-API-for-implementing-lockless-actions/20180515-025420
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/sched/act_api.c:71:15: sparse: incorrect type in initializer (different
>> address spaces) @@expected struct tc_cookie [noderef] *__ret @@
>> got [noderef] *__ret @@
net/sched/act_api.c:71:15:expected struct tc_cookie [noderef]
*__ret
net/sched/act_api.c:71:15:got struct tc_cookie *new_cookie
>> net/sched/act_api.c:71:13: sparse: incorrect type in assignment (different
>> address spaces) @@expected struct tc_cookie *old @@got struct
>> tc_cookie [noderef] *[assigned] __ret
>> net/sched/act_api.c:132:48: sparse: dereference of noderef expression
vim +71 net/sched/act_api.c
65
66 static void tcf_set_action_cookie(struct tc_cookie __rcu **old_cookie,
67struct tc_cookie *new_cookie)
68 {
69 struct tc_cookie *old;
70
> 71 old = xchg(old_cookie, new_cookie);
72 if (old)
73 call_rcu(>rcu, tcf_free_cookie_rcu);
74 }
75
76 /* XXX: For standalone actions, we don't need a RCU grace period
either, because
77 * actions are always connected to filters and filters are already
destroyed in
78 * RCU callbacks, so after a RCU grace period actions are already
disconnected
79 * from filters. Readers later can not find us.
80 */
81 static void free_tcf(struct tc_action *p)
82 {
83 free_percpu(p->cpu_bstats);
84 free_percpu(p->cpu_qstats);
85
86 tcf_set_action_cookie(>act_cookie, NULL);
87 if (p->goto_chain)
88 tcf_action_goto_chain_fini(p);
89
90 kfree(p);
91 }
92
93 static void tcf_idr_remove(struct tcf_idrinfo *idrinfo, struct
tc_action *p)
94 {
95 spin_lock_bh(>lock);
96 idr_remove(>action_idr, p->tcfa_index);
97 spin_unlock_bh(>lock);
98 gen_kill_estimator(>tcfa_rate_est);
99 free_tcf(p);
100 }
101
102 int __tcf_idr_release(struct tc_action *p, bool bind, bool strict)
103 {
104 int ret = 0;
105
106 ASSERT_RTNL();
107
108 if (p) {
109 if (bind)
110 p->tcfa_bindcnt--;
111 else if (strict && p->tcfa_bindcnt > 0)
112 return -EPERM;
113
114 p->tcfa_refcnt--;
115 if (p->tcfa_bindcnt <= 0 && p->tcfa_refcnt <= 0) {
116 if (p->ops->cleanup)
117 p->ops->cleanup(p);
118 tcf_idr_remove(p->idrinfo, p);
119 ret = ACT_P_DELETED;
120 }
121 }
122
123 return ret;
124 }
125 EXPORT_SYMBOL(__tcf_idr_release);
126
127 static size_t tcf_action_shared_attrs_size(const struct tc_action *act)
128 {
129 u32 cookie_len = 0;
130
131 if (act->act_cookie)
> 132 cookie_len = nla_total_size(act->act_cookie->len);
133
134 return nla_total_size(0) /* action number nested */
135 + nla_total_size(IFNAMSIZ) /* TCA_ACT_KIND */
136 + cookie_len /* TCA_ACT_COOKIE */
137 + nla_total_size(0) /* TCA_ACT_STATS nested */
138 /* TCA_STATS_BASIC */
139 + nla_total_size_64bit(sizeof(struct gnet_stats_basic))
140 /* TCA_STATS_QUEUE */
141 + nla_total_size_64bit(sizeof(struct gnet_stats_queue))
142 + nla_total_size(0) /* TCA_OPTIONS nested */
143 + nla_total_size(sizeof(struct tcf_t)); /* TCA_GACT_TM
*/
144 }
145
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: arm-at91_dt_defconfig (attached as .config)
compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm
All warnings (new ones prefixed by >>):
In file included from include/linux/netfilter_ingress.h:5:0,
from net//core/dev.c:144:
>> include/linux/netfilter.h:363:14: warning: 'enum ip_conntrack_info' declared
>> inside parameter list will not be visible outside of this definition or
>> declaration
enum ip_conntrack_info ctinfo);
^
vim +363 include/linux/netfilter.h
360
361 struct nf_ct_hook {
362 int (*update)(struct net *net, struct sk_buff *skb, struct
nf_conn *ct,
> 363enum ip_conntrack_info ctinfo);
364 void (*destroy)(struct nf_conntrack *);
365 };
366 extern struct nf_ct_hook __rcu *nf_ct_hook;
367
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
net/netfilter/nf_nat_core.c:599:25: sparse: incompatible types in comparison
expression (different address spaces)
net/netfilter/nf_nat_core.c:837:9: sparse: incompatible types in comparison
expression (different address spaces)
net/netfilter/nf_nat_core.c:851:9: sparse: incompatible types in comparison
expression (different address spaces)
>> net/netfilter/nf_nat_core.c:836:9: sparse: dereference of noderef expression
--
>> net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incorrect type in
>> argument 1 (different address spaces) @@expected void const volatile *p
>> @@got struct nf_nat_hoovoid const volatile *p @@
net/netfilter/nf_conntrack_netlink.c:1437:20:expected void const
volatile *p
net/netfilter/nf_conntrack_netlink.c:1437:20:got struct nf_nat_hook
*[noderef] *
>> net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incorrect type in
>> argument 1 (different address spaces) @@expected void const volatile *p
>> @@got struct nf_nat_hoovoid const volatile *p @@
net/netfilter/nf_conntrack_netlink.c:1437:20:expected void const
volatile *p
net/netfilter/nf_conntrack_netlink.c:1437:20:got struct nf_nat_hook
*[noderef] *
net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_conntrack_netlink.c:1589:34: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_conntrack_netlink.c:3014:29: sparse: incorrect type in
argument 1 (different address spaces) @@expected char const * @@
got char [noderchar const * @@
net/netfilter/nf_conntrack_netlink.c:3014:29:expected char const
*
net/netfilter/nf_conntrack_netlink.c:3014:29:got char [noderef]
*
net/netfilter/nf_conntrack_netlink.c:868:36: sparse: context imbalance in
'ctnetlink_dump_table' - unexpected unlock
include/linux/rcupdate.h:686:9: sparse: context imbalance in
'ctnetlink_parse_nat_setup' - unexpected unlock
vim +836 net/netfilter/nf_nat_core.c
810
811 static int __init nf_nat_init(void)
812 {
813 int ret, i;
814
815 /* Leave them the same for the moment. */
816 nf_nat_htable_size = nf_conntrack_htable_size;
817 if (nf_nat_htable_size < CONNTRACK_LOCKS)
818 nf_nat_htable_size = CONNTRACK_LOCKS;
819
820 nf_nat_bysource = nf_ct_alloc_hashtable(_nat_htable_size, 0);
821 if (!nf_nat_bysource)
822 return -ENOMEM;
823
824 ret = nf_ct_extend_register(_extend);
825 if (ret < 0) {
826 nf_ct_free_hashtable(nf_nat_bysource,
nf_nat_htable_size);
827 pr_err("Unable to register extension\n");
828 return ret;
829 }
830
831 for (i = 0; i < CONNTRACK_LOCKS; i++)
832 spin_lock_init(_nat_locks[i]);
833
834 nf_ct_helper_expectfn_register(_master_nat);
835
> 836 WARN_ON(nf_nat_hook != NULL);
837 RCU_INIT_POINTER(nf_nat_hook, _hook);
838
839 return 0;
840 }
841
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-randconfig-u0-05141234 (attached as .config)
compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
In file included from include/net/netfilter/nf_nat_core.h:5:0,
from net//xfrm/xfrm_policy.c:35:
include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has
incomplete type
struct nf_conntrack ct_general;
^
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get':
include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff'
has no member named '_nfct'
*ctinfo = skb->_nfct & NFCT_INFOMASK;
^
include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff'
has no member named '_nfct'
return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
^
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put':
>> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of
>> function 'nf_conntrack_put' [-Werror=implicit-function-declaration]
nf_conntrack_put(>ct_general);
^
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set':
include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no
member named '_nfct'
skb->_nfct = (unsigned long)ct | info;
^
cc1: some warnings being treated as errors
vim +/nf_conntrack_put +157 include/net/netfilter/nf_conntrack.h
303223092 Florian Westphal 2017-01-23 143
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 144 /* Return conntrack_info and tuple
hash for given skb. */
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 145 static inline struct nf_conn *
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 146 nf_ct_get(const struct sk_buff
*skb, enum ip_conntrack_info *ctinfo)
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 147 {
a9e419dc7 Florian Westphal 2017-01-23 @148 *ctinfo = skb->_nfct &
NFCT_INFOMASK;
a9e419dc7 Florian Westphal 2017-01-23 149
a9e419dc7 Florian Westphal 2017-01-23 150 return (struct nf_conn
*)(skb->_nfct & NFCT_PTRMASK);
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 151 }
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 152
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 153 /* decrement reference count on a
conntrack */
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 154 static inline void nf_ct_put(struct
nf_conn *ct)
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 155 {
44d6e2f27 Varsha Rao 2017-08-30 156 WARN_ON(!ct);
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 @157
nf_conntrack_put(>ct_general);
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 158 }
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 159
:: The code at line 157 was first introduced by commit
:: 9fb9cbb1082d6b31fb45aa1a14432449a0df6cf1 [NETFILTER]: Add nf_conntrack
subsystem.
:: TO: Yasuyuki Kozakai
:: CC: David S. Miller
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: arm64-defconfig (attached as .config)
compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm64
All errors (new ones prefixed by >>):
net//netfilter/nf_conntrack_core.c: In function 'nf_conntrack_update':
>> net//netfilter/nf_conntrack_core.c:1652:36: error: 'struct nf_conn' has no
>> member named 'zone'
h = nf_conntrack_find_get(net, >zone, );
^~
vim +1652 net//netfilter/nf_conntrack_core.c
1609
1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb,
1611 struct nf_conn *ct,
1612 enum ip_conntrack_info ctinfo)
1613 {
1614 const struct nf_conntrack_l3proto *l3proto;
1615 const struct nf_conntrack_l4proto *l4proto;
1616 struct nf_conntrack_tuple_hash *h;
1617 struct nf_conntrack_tuple tuple;
1618 struct nf_nat_hook *nat_hook;
1619 unsigned int dataoff, status;
1620 u16 l3num;
1621 u8 l4num;
1622
1623 l3num = nf_ct_l3num(ct);
1624 l3proto = nf_ct_l3proto_find_get(l3num);
1625
1626 if (l3proto->get_l4proto(skb, skb_network_offset(skb), ,
1627 ) <= 0)
1628 return 0;
1629
1630 l4proto = nf_ct_l4proto_find_get(l3num, l4num);
1631
1632 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff,
l3num,
1633 l4num, net, , l3proto, l4proto))
1634 return 0;
1635
1636 if (ct->status & IPS_SRC_NAT) {
1637 memcpy(tuple.src.u3.all,
1638
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all,
1639 sizeof(tuple.src.u3.all));
1640 tuple.src.u.all =
1641
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all;
1642 }
1643
1644 if (ct->status & IPS_DST_NAT) {
1645 memcpy(tuple.dst.u3.all,
1646
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all,
1647 sizeof(tuple.src.u3.all));
1648 tuple.dst.u.all =
1649
ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all;
1650 }
1651
> 1652 h = nf_conntrack_find_get(net, >zone, );
1653 if (!h)
1654 return 0;
1655
1656 /* Store status bits of the conntrack that is clashing to re-do
NAT
1657 * mangling according to what it has been done already to this
packet.
1658 */
1659 status = ct->status;
1660
1661 nf_ct_put(ct);
1662 ct = nf_ct_tuplehash_to_ctrack(h);
1663 nf_ct_set(skb, ct, ctinfo);
1664
1665 nat_hook = rcu_dereference(nf_nat_hook);
1666 if (!nat_hook)
1667 return 0;
1668
1669 if (status & IPS_SRC_NAT &&
1670 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC,
1671 IP_CT_DIR_ORIGINAL) == NF_DROP)
1672 return -1;
1673
1674 if (status & IPS_DST_NAT &&
1675 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST,
1676 IP_CT_DIR_ORIGINAL) == NF_DROP)
1677 return -1;
1678
1679 return 0;
1680 }
1681
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: arm-multi_v5_defconfig (attached as .config)
compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm
All errors (new ones prefixed by >>):
In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:35:
include/linux/netfilter/x_tables.h: In function 'xt_net':
>> include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to
>> incomplete type 'const struct nf_hook_state'
return par->state->net;
^~
In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0,
from include/linux/netfilter/nf_conntrack_proto_gre.h:14,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:35:
include/linux/netfilter/x_tables.h: At top level:
>> include/linux/netfilter/x_tables.h:450:64: error: unknown type name
>> 'nf_hookfn'
struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *);
^
In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0,
from include/net/netfilter/nf_conntrack.h:25,
from include/net/netfilter/nf_nat_core.h:5,
from net/xfrm/xfrm_policy.c:35:
include/net/netfilter/nf_conntrack_tuple.h: In function
'__nf_ct_tuple_src_equal':
>> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit
>> declaration of function 'nf_inet_addr_cmp'; did you mean 'inet_addr_type'?
>> [-Werror=implicit-function-declaration]
return (nf_inet_addr_cmp(>src.u3, >src.u3) &&
^~~~
inet_addr_type
In file included from include/net/netfilter/nf_nat_core.h:5:0,
from net/xfrm/xfrm_policy.c:35:
include/net/netfilter/nf_conntrack.h: At top level:
>> include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has
>> incomplete type
struct nf_conntrack ct_general;
^~
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get':
>> include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff'
>> has no member named '_nfct'
*ctinfo = skb->_nfct & NFCT_INFOMASK;
^~
include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff'
has no member named '_nfct'
return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
^~
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put':
>> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of
>> function 'nf_conntrack_put'; did you mean 'nf_ct_put'?
>> [-Werror=implicit-function-declaration]
nf_conntrack_put(>ct_general);
^~~~
nf_ct_put
include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set':
>> include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no
>> member named '_nfct'
skb->_nfct = (unsigned long)ct | info;
^~
cc1: some warnings being treated as errors
vim +148 include/net/netfilter/nf_conntrack.h
f8eb24a89 Patrick McHardy2006-11-29 49
ea781f197 Eric Dumazet 2009-03-25 50 struct nf_conn {
f330a7fdb Florian Westphal 2016-08-25 51/* Usage count in here
is 1 for hash table, 1 per skb,
b476b72a0 Jesper Dangaard Brouer 2014-03-03 52 * plus 1 for any
connection(s) we are `master' for
b476b72a0 Jesper Dangaard Brouer 2014-03-03 53 *
a9e419dc7 Florian Westphal 2017-01-23 54 * Hint, SKB address
this struct and refcnt via skb->_nfct and
b476b72a0 Jesper Dangaard Brouer 2014-03-03 55 * helpers
nf_conntrack_get() and nf_conntrack_put().
b476b72a0 Jesper Dangaard Brouer 2014-03-03 56 * Helper nf_ct_put()
equals nf_conntrack_put() by dec refcnt,
b476b72a0 Jesper Dangaard Brouer 2014-03-03 57 * beware nf_ct_get()
is different and don't inc refcnt.
b476b72a0 Jesper Dangaard Brouer 2014-03-03 58 */
9fb9cbb10 Yasuyuki Kozakai 2005-11-09 @59struct nf_conntrack
ct_general;
9fb9cbb10
[nf:master 12/14] net/netfilter/nft_compat.c:359:55: error: expected ')' before ';' token
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
head: ccc4ef2178bf6f7a552319e868fcbb7670a3ba85
commit: 439df632d9e508d66cd203f888b48d313249277c [12/14] netfilter: nft_compat:
prepare for indirect info storage
config: x86_64-federa-25 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
git checkout 439df632d9e508d66cd203f888b48d313249277c
# save the attached .config to linux build tree
make ARCH=x86_64
Note: the nf/master HEAD ccc4ef2178bf6f7a552319e868fcbb7670a3ba85 builds fine.
It only hurts bisectibility.
All errors (new ones prefixed by >>):
net/netfilter/nft_compat.c: In function 'nft_match_eval':
>> net/netfilter/nft_compat.c:359:55: error: expected ')' before ';' token
__nft_match_eval(expr, regs, pkt, nft_expr_priv(expr);
^
>> net/netfilter/nft_compat.c:360:1: error: expected ';' before '}' token
}
^
vim +359 net/netfilter/nft_compat.c
354
355 static void nft_match_eval(const struct nft_expr *expr,
356 struct nft_regs *regs,
357 const struct nft_pktinfo *pkt)
358 {
> 359 __nft_match_eval(expr, regs, pkt, nft_expr_priv(expr);
> 360 }
361
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH] netfilter: nf_queue: Replace conntrack entry
Hi Kristian,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.17-rc3 next-20180503]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Kristian-Evensen/netfilter-nf_queue-Replace-conntrack-entry/20180504-051218
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-randconfig-s5-05041850 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/nfnetlink_queue.o: In function `nfqnl_update_ct':
>> net/netfilter/nfnetlink_queue.c:1062: undefined reference to
>> `nf_ct_l3proto_find_get'
>> net/netfilter/nfnetlink_queue.c:1069: undefined reference to
>> `nf_ct_l4proto_find_get'
>> net/netfilter/nfnetlink_queue.c:1071: undefined reference to
>> `nf_ct_get_tuple'
>> net/netfilter/nfnetlink_queue.c:1079: undefined reference to
>> `nf_conntrack_find_get'
vim +1062 net/netfilter/nfnetlink_queue.c
1046
1047 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
1048 static void nfqnl_update_ct(struct net *net, struct sk_buff *skb)
1049 {
1050 const struct nf_conntrack_l3proto *l3proto;
1051 const struct nf_conntrack_l4proto *l4proto;
1052 struct nf_conntrack_tuple_hash *h;
1053 struct nf_conntrack_tuple tuple;
1054 enum ip_conntrack_info ctinfo;
1055 struct nf_conn *ct = NULL;
1056 unsigned int dataoff;
1057 u16 l3num;
1058 u8 l4num;
1059
1060 ct = nf_ct_get(skb, );
1061 l3num = nf_ct_l3num(ct);
> 1062 l3proto = nf_ct_l3proto_find_get(l3num);
1063
1064 if (l3proto->get_l4proto(skb, skb_network_offset(skb), ,
1065 ) <= 0) {
1066 return;
1067 }
1068
> 1069 l4proto = nf_ct_l4proto_find_get(l3num, l4num);
1070
> 1071 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff,
> l3num,
1072 l4num, net, , l3proto, l4proto)) {
1073 return;
1074 }
1075
1076 #if IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)
1077 h = nf_conntrack_find_get(net, >zone, );
1078 #else
> 1079 h = nf_conntrack_find_get(net, NULL, );
1080 #endif
1081
1082 if (h) {
1083 pr_debug("%s: tuple %u %pI4:%hu -> %pI4:%hu\n",
__func__,
1084 tuple.dst.protonum, ,
1085 ntohs(tuple.src.u.all), ,
1086 ntohs(tuple.dst.u.all));
1087 nf_ct_put(ct);
1088 ct = nf_ct_tuplehash_to_ctrack(h);
1089 nf_ct_set(skb, ct, IP_CT_NEW);
1090 }
1091 }
1092 #endif
1093
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH nf-next] netfilter: nf_tables: support timeouts larger than 23 days
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-nf_tables-support-timeouts-larger-than-23-days/20180417-032146
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
net/netfilter/nf_tables_api.c:1238:31: sparse: incorrect type in return
expression (different address spaces) @@expected struct nft_stats [noderef]
* @@got sn:3>* @@
net/netfilter/nf_tables_api.c:1238:31:expected struct nft_stats
[noderef] *
net/netfilter/nf_tables_api.c:1238:31:got void *
net/netfilter/nf_tables_api.c:1241:31: sparse: incorrect type in return
expression (different address spaces) @@expected struct nft_stats [noderef]
* @@got sn:3>* @@
net/netfilter/nf_tables_api.c:1241:31:expected struct nft_stats
[noderef] *
net/netfilter/nf_tables_api.c:1241:31:got void *
net/netfilter/nf_tables_api.c:1245:31: sparse: incorrect type in return
expression (different address spaces) @@expected struct nft_stats [noderef]
* @@got sn:3>* @@
net/netfilter/nf_tables_api.c:1245:31:expected struct nft_stats
[noderef] *
net/netfilter/nf_tables_api.c:1245:31:got void *
net/netfilter/nf_tables_api.c:1268:28: sparse: cast between address spaces
(->)
net/netfilter/nf_tables_api.c:1268:28: sparse: incompatible types in
comparison expression (different address spaces)
net/netfilter/nf_tables_api.c:1526:23: sparse: incorrect type in assignment
(different address spaces) @@expected struct nft_stats *stats @@got
struct nft_stats struct nft_stats *stats @@
net/netfilter/nf_tables_api.c:1534:29: sparse: incorrect type in argument 1
(different address spaces) @@expected void [noderef] *__pdata @@
got [noderef] *__pdata @@
net/netfilter/nf_tables_api.c:1538:38: sparse: incorrect type in assignment
(different address spaces) @@expected struct nft_stats [noderef]
*stats @@got [noderef] *stats @@
net/netfilter/nf_tables_api.c:1552:37: sparse: incorrect type in argument 1
(different address spaces) @@expected void [noderef] *__pdata @@
got [noderef] *__pdata @@
>> net/netfilter/nf_tables_api.c:2789:16: sparse: incorrect type in return
>> expression (different base types) @@expected unsigned long long @@
>> got restricted unsigned long long @@
>> net/netfilter/nf_tables_api.c:2839:47: sparse: incorrect type in argument 3
>> (different base types) @@expected restricted __be64 [usertype] value @@
>> got __be64 [usertype] value @@
net/netfilter/nf_tables_api.c:3477:47: sparse: incorrect type in argument 3
(different base types) @@expected restricted __be64 [usertype] value @@
got __be64 [usertype] value @@
net/netfilter/nf_tables_api.c:3491:55: sparse: incorrect type in argument 3
(different base types) @@expected restricted __be64 [usertype] value @@
got __be64 [usertype] value @@
vim +2789 net/netfilter/nf_tables_api.c
2784
2785 static u64 nf_jiffies64_to_msecs(u64 input)
2786 {
2787 u64 ms = jiffies64_to_nsecs(input);
2788
> 2789 return cpu_to_be64(div_u64(ms, NSEC_PER_MSEC));
2790 }
2791
2792 static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx
*ctx,
2793const struct nft_set *set, u16 event, u16
flags)
2794 {
2795 struct nfgenmsg *nfmsg;
2796 struct nlmsghdr *nlh;
2797 struct nlattr *desc;
2798 u32 portid = ctx->portid;
2799 u32 seq = ctx->seq;
2800
2801 event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
2802 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct
nfgenmsg),
2803 flags);
2804 if (nlh == NULL)
2805 goto nla_put_failure;
2806
2807 nfmsg = nlmsg_data(nlh);
2808 nfmsg->nfgen_family = ctx->family;
2809 nfmsg->version = NFNETLINK_V0;
2810 nfmsg->res_id = htons(ctx->net->nft.base_seq &
0x);
2811
2812 if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
2813 goto nla_put_failure;
2814 if (nla_put_string(skb, NFTA_SET_NAME, set->name))
2815 goto nla_put_failure;
2816 if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle),
2817 NFTA_SET_PAD))
2818 goto nla_put_failure;
2819 if (set->flags != 0)
2820 if (nla_put_be32(skb, NFTA_SET_FLAGS,
htonl(set->flags)))
2821 goto nla_put_failure;
2822
2823 if (nla_put_be32(skb, NFTA_SET_KEY_TYPE,
Re: [PATCH] netfilter: CONFIG_NF_REJECT_IPV{4,6} becomes bool toggle
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.16 next-20180413] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-CONFIG_NF_REJECT_IPV-4-6-becomes-bool-toggle/20180414-101337 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: powerpc64-allmodconfig (attached as .config) compiler: powerpc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=powerpc64 All error/warnings (new ones prefixed by >>): powerpc64-linux-gnu-ld: warning: orphan section `.gnu.hash' from `linker stubs' being placed in section `.gnu.hash'. net/ipv6/netfilter/nf_reject_ipv6.o: In function `.nf_reject_ip6_tcphdr_get': >> (.text+0x1f0): undefined reference to `.nf_ip6_checksum' net/ipv6/netfilter/nf_reject_ipv6.o: In function `.nf_send_reset6': >> (.text+0x794): undefined reference to `.ip6_route_output_flags' net/ipv6/netfilter/nf_reject_ipv6.o: In function `.nf_send_unreach6': (.text+0xab8): undefined reference to `.nf_ip6_checksum' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH] netfilter: CONFIG_NF_REJECT_IPV{4,6} becomes bool toggle
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.16 next-20180413] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-CONFIG_NF_REJECT_IPV-4-6-becomes-bool-toggle/20180414-101337 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: ia64-allmodconfig (attached as .config) compiler: ia64-linux-gcc (GCC) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=ia64 All errors (new ones prefixed by >>): net/ipv6/netfilter/nf_reject_ipv6.o: In function `nf_reject_ip6_tcphdr_get': >> nf_reject_ipv6.c:(.text+0x342): undefined reference to `nf_ip6_checksum' net/ipv6/netfilter/nf_reject_ipv6.o: In function `nf_send_reset6': >> nf_reject_ipv6.c:(.text+0xcc2): undefined reference to >> `ip6_route_output_flags' net/ipv6/netfilter/nf_reject_ipv6.o: In function `nf_send_unreach6': nf_reject_ipv6.c:(.text+0x12b2): undefined reference to `nf_ip6_checksum' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v5] netfilter : add NAT support for shifted portmap ranges
Hi Thierry,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf/master]
[also build test ERROR on v4.16 next-20180403]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Thierry-Du-Tre/netfilter-add-NAT-support-for-shifted-portmap-ranges/20180404-074845
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: i386-allmodconfig (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net/openvswitch/conntrack.c: In function 'ovs_ct_nat_execute':
>> net/openvswitch/conntrack.c:766:29: error: passing argument 2 of
>> 'nf_nat_setup_info' from incompatible pointer type
>> [-Werror=incompatible-pointer-types]
? nf_nat_setup_info(ct, range, maniptype)
^
In file included from include/net/netfilter/nf_nat_core.h:6:0,
from net/openvswitch/conntrack.c:29:
include/net/netfilter/nf_nat.h:41:14: note: expected 'const struct
nf_nat_range2 *' but argument is of type 'const struct nf_nat_range *'
unsigned int nf_nat_setup_info(struct nf_conn *ct,
^
cc1: some warnings being treated as errors
vim +/nf_nat_setup_info +766 net/openvswitch/conntrack.c
7f8a436e Joe Stringer2015-08-26 705
05752523 Jarno Rajahalme 2016-03-10 706 #ifdef CONFIG_NF_NAT_NEEDED
05752523 Jarno Rajahalme 2016-03-10 707 /* Modelled after
nf_nat_ipv[46]_fn().
05752523 Jarno Rajahalme 2016-03-10 708 * range is only used for new,
uninitialized NAT state.
05752523 Jarno Rajahalme 2016-03-10 709 * Returns either NF_ACCEPT or
NF_DROP.
05752523 Jarno Rajahalme 2016-03-10 710 */
05752523 Jarno Rajahalme 2016-03-10 711 static int
ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
05752523 Jarno Rajahalme 2016-03-10 712 enum
ip_conntrack_info ctinfo,
05752523 Jarno Rajahalme 2016-03-10 713 const
struct nf_nat_range *range,
05752523 Jarno Rajahalme 2016-03-10 714 enum
nf_nat_manip_type maniptype)
05752523 Jarno Rajahalme 2016-03-10 715 {
05752523 Jarno Rajahalme 2016-03-10 716int hooknum, nh_off, err =
NF_ACCEPT;
05752523 Jarno Rajahalme 2016-03-10 717
05752523 Jarno Rajahalme 2016-03-10 718nh_off =
skb_network_offset(skb);
75f01a4c Lance Richardson2017-01-12 719skb_pull_rcsum(skb, nh_off);
05752523 Jarno Rajahalme 2016-03-10 720
05752523 Jarno Rajahalme 2016-03-10 721/* See HOOK2MANIP(). */
05752523 Jarno Rajahalme 2016-03-10 722if (maniptype ==
NF_NAT_MANIP_SRC)
05752523 Jarno Rajahalme 2016-03-10 723hooknum =
NF_INET_LOCAL_IN; /* Source NAT */
05752523 Jarno Rajahalme 2016-03-10 724else
05752523 Jarno Rajahalme 2016-03-10 725hooknum =
NF_INET_LOCAL_OUT; /* Destination NAT */
05752523 Jarno Rajahalme 2016-03-10 726
05752523 Jarno Rajahalme 2016-03-10 727switch (ctinfo) {
05752523 Jarno Rajahalme 2016-03-10 728case IP_CT_RELATED:
05752523 Jarno Rajahalme 2016-03-10 729case IP_CT_RELATED_REPLY:
99b7248e Arnd Bergmann 2016-03-18 730if
(IS_ENABLED(CONFIG_NF_NAT_IPV4) &&
99b7248e Arnd Bergmann 2016-03-18 731skb->protocol ==
htons(ETH_P_IP) &&
05752523 Jarno Rajahalme 2016-03-10 732
ip_hdr(skb)->protocol == IPPROTO_ICMP) {
05752523 Jarno Rajahalme 2016-03-10 733if
(!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
05752523 Jarno Rajahalme 2016-03-10 734
hooknum))
05752523 Jarno Rajahalme 2016-03-10 735err =
NF_DROP;
05752523 Jarno Rajahalme 2016-03-10 736goto push;
99b7248e Arnd Bergmann 2016-03-18 737} else if
(IS_ENABLED(CONFIG_NF_NAT_IPV6) &&
99b7248e Arnd Bergmann 2016-03-18 738
skb->protocol == htons(ETH_P_IPV6)) {
05752523 Jarno Rajahalme 2016-03-10 739__be16 frag_off;
05752523 Jarno Rajahalme 2016-03-10 740u8 nexthdr =
ipv6_hdr(skb)->nexthdr;
05752523 Jarno Rajahalme 2016-03-10 741int hdrlen =
ipv6_skip_exthdr(skb,
05752523 Jarno Rajahalme 2016-03-10 742
sizeof(struct ipv6hdr),
05752523 Jarno Rajahalme 2016-03-10 743
, _off);
05752523 Jarno Rajahalme 2016-03-10 744
05752523 Jarno Rajahalme 2016-03-10 745if (hdrlen >= 0
&& nexthdr == IPPROTO_ICMPV6) {
05752523 Jarno Rajahalme 2016-03-10 746
Re: [PATCH nf-next v3] netfilter: nf_osf: nf_osf_ttl() and nf_osf_match()
Hi Fernando, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/netfilter-nf_osf-nf_osf_ttl-and-nf_osf_match/20180404-075948 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-acpi-redef (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): warning: (NETFILTER_XT_MATCH_OSF) selects NF_OSF which has unmet direct dependencies (NET && INET && NETFILTER && NF_TABLES) --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v5] netfilter : add NAT support for shifted portmap ranges
Hi Thierry,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf/master]
[also build test WARNING on v4.16 next-20180403]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Thierry-Du-Tre/netfilter-add-NAT-support-for-shifted-portmap-ranges/20180404-074845
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/openvswitch/conntrack.c:766:57: sparse: incorrect type in argument 2
>> (different base types) @@expected struct nf_nat_range2 const *range @@
>> got truct nf_nat_range2 const *range @@
net/openvswitch/conntrack.c:766:57:expected struct nf_nat_range2 const
*range
net/openvswitch/conntrack.c:766:57:got struct nf_nat_range const *range
net/openvswitch/conntrack.c: In function 'ovs_ct_nat_execute':
net/openvswitch/conntrack.c:766:29: error: passing argument 2 of
'nf_nat_setup_info' from incompatible pointer type
[-Werror=incompatible-pointer-types]
? nf_nat_setup_info(ct, range, maniptype)
^
In file included from include/net/netfilter/nf_nat_core.h:6:0,
from net/openvswitch/conntrack.c:29:
include/net/netfilter/nf_nat.h:41:14: note: expected 'const struct
nf_nat_range2 *' but argument is of type 'const struct nf_nat_range *'
unsigned int nf_nat_setup_info(struct nf_conn *ct,
^
cc1: some warnings being treated as errors
vim +766 net/openvswitch/conntrack.c
7f8a436e Joe Stringer2015-08-26 705
05752523 Jarno Rajahalme 2016-03-10 706 #ifdef CONFIG_NF_NAT_NEEDED
05752523 Jarno Rajahalme 2016-03-10 707 /* Modelled after
nf_nat_ipv[46]_fn().
05752523 Jarno Rajahalme 2016-03-10 708 * range is only used for new,
uninitialized NAT state.
05752523 Jarno Rajahalme 2016-03-10 709 * Returns either NF_ACCEPT or
NF_DROP.
05752523 Jarno Rajahalme 2016-03-10 710 */
05752523 Jarno Rajahalme 2016-03-10 711 static int
ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
05752523 Jarno Rajahalme 2016-03-10 712 enum
ip_conntrack_info ctinfo,
05752523 Jarno Rajahalme 2016-03-10 713 const
struct nf_nat_range *range,
05752523 Jarno Rajahalme 2016-03-10 714 enum
nf_nat_manip_type maniptype)
05752523 Jarno Rajahalme 2016-03-10 715 {
05752523 Jarno Rajahalme 2016-03-10 716int hooknum, nh_off, err =
NF_ACCEPT;
05752523 Jarno Rajahalme 2016-03-10 717
05752523 Jarno Rajahalme 2016-03-10 718nh_off =
skb_network_offset(skb);
75f01a4c Lance Richardson2017-01-12 719skb_pull_rcsum(skb, nh_off);
05752523 Jarno Rajahalme 2016-03-10 720
05752523 Jarno Rajahalme 2016-03-10 721/* See HOOK2MANIP(). */
05752523 Jarno Rajahalme 2016-03-10 722if (maniptype ==
NF_NAT_MANIP_SRC)
05752523 Jarno Rajahalme 2016-03-10 723hooknum =
NF_INET_LOCAL_IN; /* Source NAT */
05752523 Jarno Rajahalme 2016-03-10 724else
05752523 Jarno Rajahalme 2016-03-10 725hooknum =
NF_INET_LOCAL_OUT; /* Destination NAT */
05752523 Jarno Rajahalme 2016-03-10 726
05752523 Jarno Rajahalme 2016-03-10 727switch (ctinfo) {
05752523 Jarno Rajahalme 2016-03-10 728case IP_CT_RELATED:
05752523 Jarno Rajahalme 2016-03-10 729case IP_CT_RELATED_REPLY:
99b7248e Arnd Bergmann 2016-03-18 730if
(IS_ENABLED(CONFIG_NF_NAT_IPV4) &&
99b7248e Arnd Bergmann 2016-03-18 731skb->protocol ==
htons(ETH_P_IP) &&
05752523 Jarno Rajahalme 2016-03-10 732
ip_hdr(skb)->protocol == IPPROTO_ICMP) {
05752523 Jarno Rajahalme 2016-03-10 733if
(!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
05752523 Jarno Rajahalme 2016-03-10 734
hooknum))
05752523 Jarno Rajahalme 2016-03-10 735err =
NF_DROP;
05752523 Jarno Rajahalme 2016-03-10 736goto push;
99b7248e Arnd Bergmann 2016-03-18 737} else if
(IS_ENABLED(CONFIG_NF_NAT_IPV6) &&
99b7248e Arnd Bergmann 2016-03-18 738
skb->protocol == htons(ETH_P_IPV6)) {
05752523 Jarno Rajahalme 2016-03-10 739__be16 frag_off;
05752523 Jarno Rajahalme 2016-03-10 740u8 nexthdr =
ipv6_hdr(skb)->nexthdr;
05752523 Jarno Rajahalme 2016-03-10 741int hdrlen =
ipv6_skip_exthdr(skb,
05752523 Jarno Rajahalme 2016-03-10 742
sizeof(struct ipv6hdr),
05752523
Re: [PATCH WIP nf-next] netfilter: nft_ct: add ct timeout support
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf/master]
[also build test ERROR on v4.16-rc7]
[cannot apply to nf-next/master next-20180329]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180401-070944
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
In file included from include/linux/kernel.h:10:0,
from net//netfilter/nft_ct.c:12:
net//netfilter/nft_ct.c: In function 'ctnl_timeout_parse_policy':
net//netfilter/nft_ct.c:743:22: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
if (likely(l4proto->ctnl_timeout.nlattr_to_obj)) {
^
include/linux/compiler.h:76:40: note: in definition of macro 'likely'
# define likely(x) __builtin_expect(!!(x), 1)
^
net//netfilter/nft_ct.c:744:30: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max + 1];
^~~~
get_timeouts
net//netfilter/nft_ct.c:746:39: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max,
^~~~
get_timeouts
net//netfilter/nft_ct.c:747:27: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
attr, l4proto->ctnl_timeout.nla_policy,
^~~~
get_timeouts
net//netfilter/nft_ct.c:752:18: error: 'const struct nf_conntrack_l4proto'
has no member named 'ctnl_timeout'; did you mean 'get_timeouts'?
ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeouts);
^~~~
get_timeouts
net//netfilter/nft_ct.c:744:18: warning: unused variable 'tb'
[-Wunused-variable]
struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max + 1];
^~
net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_init':
>> net//netfilter/nft_ct.c:782:28: error: 'struct net' has no member named
>> 'nfct_timeout_list'; did you mean 'nfnl_acct_list'?
INIT_LIST_HEAD(>net->nfct_timeout_list);
^
nfnl_acct_list
In file included from net//netfilter/nft_ct.c:12:0:
net//netfilter/nft_ct.c:783:42: error: 'struct net' has no member named
'nfct_timeout_list'; did you mean 'nfnl_acct_list'?
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^
include/linux/kernel.h:930:26: note: in definition of macro 'container_of'
void *__mptr = (void *)(ptr); \
^~~
include/linux/list.h:377:2: note: in expansion of macro 'list_entry'
list_entry((ptr)->next, type, member)
^~
include/linux/list.h:464:13: note: in expansion of macro 'list_first_entry'
for (pos = list_first_entry(head, typeof(*pos), member); \
^~~~
net//netfilter/nft_ct.c:783:2: note: in expansion of macro
'list_for_each_entry'
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^~~
In file included from include/linux/kernel.h:10:0,
from net//netfilter/nft_ct.c:12:
net//netfilter/nft_ct.c:783:42: error: 'struct net' has no member named
'nfct_timeout_list'; did you mean 'nfnl_acct_list'?
list_for_each_entry(timeout, >net->nfct_timeout_list, head) {
^
include/linux/compiler.h:316:19: note: in definition of macro
'__compiletime_assert'
bool __cond = !(condition);\
^
include/linux/compiler.h:339:2: note: in expansion of macro
'_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~
include/linux/build_bug.h:45:37: note: in expansion of macro
'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~
include/linux/kernel.h:931:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \
^~~~
Re: [PATCH nf-next v2] netfilter: nf_osf implementation: nf_osf_ttl() and nf_osf_match()
Hi Fernando, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/netfilter-nf_osf-implementation-nf_osf_ttl-and-nf_osf_match/20180331-225302 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-tinyconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): >> ./usr/include/linux/netfilter/xt_osf.h:26: included file >> 'linux/netfilter/nf_osf.h' is not exported --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next] nf_osf implementation: nf_osf_ttl() and nf_osf_match()
Hi Fernando,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
url:
https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/nf_osf-implementation-nf_osf_ttl-and-nf_osf_match/20180328-045714
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
>> ./usr/include/linux/netfilter/nf_osf.h:19: found __[us]{8,16,32,64} type
>> without #include
--
>> ERROR: "nf_osf_match" [net/netfilter/xt_osf.ko] undefined!
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[RFC PATCH] netfilter: nf_tables: nf_tables_allow_nat_conflict() can be static
Fixes: 301c9cd2848d ("netfilter: nf_tables: permit second nat hook if colliding
hook is going away")
Signed-off-by: Fengguang Wu
---
nf_tables_api.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 6923922..d59cc21 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -89,8 +89,8 @@ static void nft_trans_destroy(struct nft_trans *trans)
* Either transaction is aborted (new/colliding hook is removed), or
* transaction is committed (old hook is removed).
*/
-bool nf_tables_allow_nat_conflict(const struct net *net,
- const struct nf_hook_ops *ops)
+static bool nf_tables_allow_nat_conflict(const struct net *net,
+const struct nf_hook_ops *ops)
{
const struct nft_trans *trans;
bool ret = false;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf] netfilter: nf_tables: permit second nat hook if colliding hook is going away
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on v4.16-rc4] [also build test WARNING on next-20180319] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-nf_tables-permit-second-nat-hook-if-colliding-hook-is-going-away/20180319-161221 reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nf_tables_api.c:92:6: sparse: symbol >> 'nf_tables_allow_nat_conflict' was not declared. Should it be static? net/netfilter/nf_tables_api.c:1242:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1242:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1242:31:got void * net/netfilter/nf_tables_api.c:1245:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1245:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1245:31:got void * net/netfilter/nf_tables_api.c:1249:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1249:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1249:31:got void * net/netfilter/nf_tables_api.c:1272:28: sparse: cast between address spaces (->) net/netfilter/nf_tables_api.c:1272:28: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_tables_api.c:1526:23: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats *stats @@got struct nft_stats struct nft_stats *stats @@ net/netfilter/nf_tables_api.c:1534:29: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:1538:38: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats [noderef] *stats @@got [noderef] *stats @@ net/netfilter/nf_tables_api.c:1552:37: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:4393:19: sparse: symbol 'nf_tables_obj_lookup_byhandle' was not declared. Should it be static? net/netfilter/nf_tables_api.c:4422:41: sparse: Variable length array is used. net/netfilter/nf_tables_api.c:4915:22: sparse: symbol 'nf_tables_flowtable_lookup_byhandle' was not declared. Should it be static? Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:master 7/24] net/netfilter/x_tables.c:797:3: error: implicit declaration of function 'verdict_ok'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
head: 16ac8a76bb641919747e8dd64d29890464df5c58
commit: 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 [7/24] netfilter: x_tables:
check standard verdicts in core
config: i386-randconfig-b0-03061207 (attached as .config)
compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4
reproduce:
git checkout 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net/netfilter/x_tables.c: In function 'xt_check_entry_offsets':
>> net/netfilter/x_tables.c:797:3: error: implicit declaration of function
>> 'verdict_ok' [-Werror=implicit-function-declaration]
if (!verdict_ok(st->verdict))
^
cc1: some warnings being treated as errors
vim +/verdict_ok +797 net/netfilter/x_tables.c
724
725 /**
726 * xt_check_entry_offsets - validate arp/ip/ip6t_entry
727 *
728 * @base: pointer to arp/ip/ip6t_entry
729 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems
730 * @target_offset: the arp/ip/ip6_t->target_offset
731 * @next_offset: the arp/ip/ip6_t->next_offset
732 *
733 * validates that target_offset and next_offset are sane and that all
734 * match sizes (if any) align with the target offset.
735 *
736 * This function does not validate the targets or matches themselves, it
737 * only tests that all the offsets and sizes are correct, that all
738 * match structures are aligned, and that the last structure ends where
739 * the target structure begins.
740 *
741 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version.
742 *
743 * The arp/ip/ip6t_entry structure @base must have passed following
tests:
744 * - it must point to a valid memory location
745 * - base to base + next_offset must be accessible, i.e. not exceed
allocated
746 * length.
747 *
748 * A well-formed entry looks like this:
749 *
750 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata]
ip(6)t_entry
751 * e->elems[]-' | |
752 *matchsize | |
753 *matchsize | |
754 * | |
755 * target_offset-' |
756 * next_offset---'
757 *
758 * elems[]: flexible array member at end of ip(6)/arpt_entry struct.
759 * This is where matches (if any) and the target reside.
760 * target_offset: beginning of target.
761 * next_offset: start of the next rule; also: size of this rule.
762 * Since targets have a minimum size, target_offset + minlen <=
next_offset.
763 *
764 * Every match stores its size, sum of sizes must not exceed
target_offset.
765 *
766 * Return: 0 on success, negative errno on failure.
767 */
768 int xt_check_entry_offsets(const void *base,
769 const char *elems,
770 unsigned int target_offset,
771 unsigned int next_offset)
772 {
773 long size_of_base_struct = elems - (const char *)base;
774 const struct xt_entry_target *t;
775 const char *e = base;
776
777 /* target start is within the ip/ip6/arpt_entry struct */
778 if (target_offset < size_of_base_struct)
779 return -EINVAL;
780
781 if (target_offset + sizeof(*t) > next_offset)
782 return -EINVAL;
783
784 t = (void *)(e + target_offset);
785 if (t->u.target_size < sizeof(*t))
786 return -EINVAL;
787
788 if (target_offset + t->u.target_size > next_offset)
789 return -EINVAL;
790
791 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
792 const struct xt_standard_target *st = (const void *)t;
793
794 if (XT_ALIGN(target_offset + sizeof(*st)) !=
next_offset)
795 return -EINVAL;
796
> 797 if (!verdict_ok(st->verdict))
798 return -EINVAL;
799 }
800
801 return xt_check_entry_match(elems, base + target_offset,
802 __alignof__(struct xt_entry_match));
803 }
804 EXPORT_SYMBOL(xt_check_entry_offsets);
805
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:master 8/24] net/netfilter/x_tables.c:819:8: error: implicit declaration of function 'error_tg_ok'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
head: 16ac8a76bb641919747e8dd64d29890464df5c58
commit: 472ebdcd15ebdb8ebe20474ef1ce09abcb241e7d [8/24] netfilter: x_tables:
check error target size too
config: alpha-defconfig (attached as .config)
compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
git checkout 472ebdcd15ebdb8ebe20474ef1ce09abcb241e7d
# save the attached .config to linux build tree
make.cross ARCH=alpha
All errors (new ones prefixed by >>):
net/netfilter/x_tables.c: In function 'xt_check_entry_offsets':
net/netfilter/x_tables.c:814:8: error: implicit declaration of function
'verdict_ok'; did you mean 'vprintk'? [-Werror=implicit-function-declaration]
if (!verdict_ok(st->verdict))
^~
vprintk
>> net/netfilter/x_tables.c:819:8: error: implicit declaration of function
>> 'error_tg_ok' [-Werror=implicit-function-declaration]
if (!error_tg_ok(t->u.target_size, sizeof(*et),
^~~
cc1: some warnings being treated as errors
vim +/error_tg_ok +819 net/netfilter/x_tables.c
741
742 /**
743 * xt_check_entry_offsets - validate arp/ip/ip6t_entry
744 *
745 * @base: pointer to arp/ip/ip6t_entry
746 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems
747 * @target_offset: the arp/ip/ip6_t->target_offset
748 * @next_offset: the arp/ip/ip6_t->next_offset
749 *
750 * validates that target_offset and next_offset are sane and that all
751 * match sizes (if any) align with the target offset.
752 *
753 * This function does not validate the targets or matches themselves, it
754 * only tests that all the offsets and sizes are correct, that all
755 * match structures are aligned, and that the last structure ends where
756 * the target structure begins.
757 *
758 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version.
759 *
760 * The arp/ip/ip6t_entry structure @base must have passed following
tests:
761 * - it must point to a valid memory location
762 * - base to base + next_offset must be accessible, i.e. not exceed
allocated
763 * length.
764 *
765 * A well-formed entry looks like this:
766 *
767 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata]
ip(6)t_entry
768 * e->elems[]-' | |
769 *matchsize | |
770 *matchsize | |
771 * | |
772 * target_offset-' |
773 * next_offset---'
774 *
775 * elems[]: flexible array member at end of ip(6)/arpt_entry struct.
776 * This is where matches (if any) and the target reside.
777 * target_offset: beginning of target.
778 * next_offset: start of the next rule; also: size of this rule.
779 * Since targets have a minimum size, target_offset + minlen <=
next_offset.
780 *
781 * Every match stores its size, sum of sizes must not exceed
target_offset.
782 *
783 * Return: 0 on success, negative errno on failure.
784 */
785 int xt_check_entry_offsets(const void *base,
786 const char *elems,
787 unsigned int target_offset,
788 unsigned int next_offset)
789 {
790 long size_of_base_struct = elems - (const char *)base;
791 const struct xt_entry_target *t;
792 const char *e = base;
793
794 /* target start is within the ip/ip6/arpt_entry struct */
795 if (target_offset < size_of_base_struct)
796 return -EINVAL;
797
798 if (target_offset + sizeof(*t) > next_offset)
799 return -EINVAL;
800
801 t = (void *)(e + target_offset);
802 if (t->u.target_size < sizeof(*t))
803 return -EINVAL;
804
805 if (target_offset + t->u.target_size > next_offset)
806 return -EINVAL;
807
808 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
809 const struct xt_standard_target *st = (const void *)t;
810
811 if (XT_ALIGN(target_offset + sizeof(*st)) !=
next_offset)
812 return -EINVAL;
813
> 814 if (!verdict_ok(st->verdict))
815 return -EINVAL;
816 } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0) {
[nf-next:master 7/24] net/netfilter/x_tables.c:797:8: error: implicit declaration of function 'verdict_ok'; did you mean 'vprintk'?
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
head: 16ac8a76bb641919747e8dd64d29890464df5c58
commit: 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 [7/24] netfilter: x_tables:
check standard verdicts in core
config: alpha-defconfig (attached as .config)
compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
git checkout 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64
# save the attached .config to linux build tree
make.cross ARCH=alpha
All errors (new ones prefixed by >>):
net/netfilter/x_tables.c: In function 'xt_check_entry_offsets':
>> net/netfilter/x_tables.c:797:8: error: implicit declaration of function
>> 'verdict_ok'; did you mean 'vprintk'? [-Werror=implicit-function-declaration]
if (!verdict_ok(st->verdict))
^~
vprintk
cc1: some warnings being treated as errors
vim +797 net/netfilter/x_tables.c
724
725 /**
726 * xt_check_entry_offsets - validate arp/ip/ip6t_entry
727 *
728 * @base: pointer to arp/ip/ip6t_entry
729 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems
730 * @target_offset: the arp/ip/ip6_t->target_offset
731 * @next_offset: the arp/ip/ip6_t->next_offset
732 *
733 * validates that target_offset and next_offset are sane and that all
734 * match sizes (if any) align with the target offset.
735 *
736 * This function does not validate the targets or matches themselves, it
737 * only tests that all the offsets and sizes are correct, that all
738 * match structures are aligned, and that the last structure ends where
739 * the target structure begins.
740 *
741 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version.
742 *
743 * The arp/ip/ip6t_entry structure @base must have passed following
tests:
744 * - it must point to a valid memory location
745 * - base to base + next_offset must be accessible, i.e. not exceed
allocated
746 * length.
747 *
748 * A well-formed entry looks like this:
749 *
750 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata]
ip(6)t_entry
751 * e->elems[]-' | |
752 *matchsize | |
753 *matchsize | |
754 * | |
755 * target_offset-' |
756 * next_offset---'
757 *
758 * elems[]: flexible array member at end of ip(6)/arpt_entry struct.
759 * This is where matches (if any) and the target reside.
760 * target_offset: beginning of target.
761 * next_offset: start of the next rule; also: size of this rule.
762 * Since targets have a minimum size, target_offset + minlen <=
next_offset.
763 *
764 * Every match stores its size, sum of sizes must not exceed
target_offset.
765 *
766 * Return: 0 on success, negative errno on failure.
767 */
768 int xt_check_entry_offsets(const void *base,
769 const char *elems,
770 unsigned int target_offset,
771 unsigned int next_offset)
772 {
773 long size_of_base_struct = elems - (const char *)base;
774 const struct xt_entry_target *t;
775 const char *e = base;
776
777 /* target start is within the ip/ip6/arpt_entry struct */
778 if (target_offset < size_of_base_struct)
779 return -EINVAL;
780
781 if (target_offset + sizeof(*t) > next_offset)
782 return -EINVAL;
783
784 t = (void *)(e + target_offset);
785 if (t->u.target_size < sizeof(*t))
786 return -EINVAL;
787
788 if (target_offset + t->u.target_size > next_offset)
789 return -EINVAL;
790
791 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) {
792 const struct xt_standard_target *st = (const void *)t;
793
794 if (XT_ALIGN(target_offset + sizeof(*st)) !=
next_offset)
795 return -EINVAL;
796
> 797 if (!verdict_ok(st->verdict))
798 return -EINVAL;
799 }
800
801 return xt_check_entry_match(elems, base + target_offset,
802 __alignof__(struct xt_entry_match));
803 }
804 EXPORT_SYMBOL(xt_check_entry_offsets);
805
---
0-DAY kernel test infrastructure
Re: [PATCH nf 1/2] netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount
Hi Florian,
I love your patch! Perhaps something to improve:
[auto build test WARNING on nf/master]
url:
https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-ipt_CLUSTERIP-two-more-fixes/20180219-090236
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> include/linux/rculist.h:130:25: sparse: context imbalance in
>> 'clusterip_tg_check' - unexpected unlock
include/linux/rculist.h:130:25: sparse: context imbalance in
'clusterip_tg_destroy' - unexpected unlock
vim +/clusterip_tg_check +130 include/linux/rculist.h
82524746 Franck Bui-Huu 2008-05-12 103
82524746 Franck Bui-Huu 2008-05-12 104 /**
82524746 Franck Bui-Huu 2008-05-12 105 * list_del_rcu - deletes entry from
list without re-initialization
82524746 Franck Bui-Huu 2008-05-12 106 * @entry: the element to delete from
the list.
82524746 Franck Bui-Huu 2008-05-12 107 *
82524746 Franck Bui-Huu 2008-05-12 108 * Note: list_empty() on entry does
not return true after this,
82524746 Franck Bui-Huu 2008-05-12 109 * the entry is in an undefined state.
It is useful for RCU based
82524746 Franck Bui-Huu 2008-05-12 110 * lockfree traversal.
82524746 Franck Bui-Huu 2008-05-12 111 *
82524746 Franck Bui-Huu 2008-05-12 112 * In particular, it means that we can
not poison the forward
82524746 Franck Bui-Huu 2008-05-12 113 * pointers that may still be used for
walking the list.
82524746 Franck Bui-Huu 2008-05-12 114 *
82524746 Franck Bui-Huu 2008-05-12 115 * The caller must take whatever
precautions are necessary
82524746 Franck Bui-Huu 2008-05-12 116 * (such as holding appropriate locks)
to avoid racing
82524746 Franck Bui-Huu 2008-05-12 117 * with another list-mutation
primitive, such as list_del_rcu()
82524746 Franck Bui-Huu 2008-05-12 118 * or list_add_rcu(), running on this
same list.
82524746 Franck Bui-Huu 2008-05-12 119 * However, it is perfectly legal to
run concurrently with
82524746 Franck Bui-Huu 2008-05-12 120 * the _rcu list-traversal primitives,
such as
82524746 Franck Bui-Huu 2008-05-12 121 * list_for_each_entry_rcu().
82524746 Franck Bui-Huu 2008-05-12 122 *
82524746 Franck Bui-Huu 2008-05-12 123 * Note that the caller is not
permitted to immediately free
82524746 Franck Bui-Huu 2008-05-12 124 * the newly deleted entry. Instead,
either synchronize_rcu()
82524746 Franck Bui-Huu 2008-05-12 125 * or call_rcu() must be used to defer
freeing until an RCU
82524746 Franck Bui-Huu 2008-05-12 126 * grace period has elapsed.
82524746 Franck Bui-Huu 2008-05-12 127 */
82524746 Franck Bui-Huu 2008-05-12 128 static inline void list_del_rcu(struct
list_head *entry)
82524746 Franck Bui-Huu 2008-05-12 129 {
559f9bad Dave Jones 2012-03-14 @130 __list_del_entry(entry);
82524746 Franck Bui-Huu 2008-05-12 131 entry->prev = LIST_POISON2;
82524746 Franck Bui-Huu 2008-05-12 132 }
82524746 Franck Bui-Huu 2008-05-12 133
:: The code at line 130 was first introduced by commit
:: 559f9badd11ddf399f88b18b4c0f110fd511ae53 rcu: List-debug variants of rcu
list routines.
:: TO: Dave Jones
:: CC: Paul E. McKenney
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf:master 1/9] arch/x86/tools/insn_decoder_test: warning: ffffffff817c07c3: 0f ff e9 ud0 %ecx,%ebp
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master head: b408c5b04f82fe4e20bceb8e4f219453d4f21f02 commit: 0537250fdc6c876ed4cbbe874c739aebef493ee2 [1/9] netfilter: x_tables: make allocation less aggressive config: x86_64-rhel-7.2 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: git checkout 0537250fdc6c876ed4cbbe874c739aebef493ee2 # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817aed81: 0f ff c3 ud0%ebx,%eax arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817aedb1: 0f ff c3 ud0%ebx,%eax arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817af95b: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b03d7: 0f ff e9 ud0%ecx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b050c: 0f ff e9 ud0%ecx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b0dcf: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b0e20: 0f ff e9 ud0%ecx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2b67: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2b91: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2bc7: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2bf1: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2c2f: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2c61: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2d4d: 0f ff 48 8d ud0-0x73(%rax),%ecx arch/x86/tools/insn_decoder_test: warning: objdump says 4 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test:
[nf:flow-offload-hw-v2 6/6] net/netfilter/nf_flow_table_inet.o:undefined reference to `nf_flow_table_init'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git flow-offload-hw-v2 head: d2a66b6aae8b1294d8cb550520485eeb03fa1619 commit: d2a66b6aae8b1294d8cb550520485eeb03fa1619 [6/6] netfilter: nf_flow_table: add hardware offload support config: sparc64-allyesconfig (attached as .config) compiler: sparc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout d2a66b6aae8b1294d8cb550520485eeb03fa1619 # save the attached .config to linux build tree make.cross ARCH=sparc64 All errors (new ones prefixed by >>): `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o >> net/netfilter/nf_flow_table_inet.o:(.data+0x20): undefined reference to >> `nf_flow_table_init' >> net/ipv4/netfilter/nf_flow_table_ipv4.o:(.data+0x20): undefined reference to >> `nf_flow_table_init' >> net/ipv6/netfilter/nf_flow_table_ipv6.o:(.data+0x20): undefined reference to >> `nf_flow_table_init' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf:flow-offload-hw-v2 6/6] net/netfilter/nf_flow_table_inet.o:undefined reference to `nf_flow_table_init'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git flow-offload-hw-v2 head: d2a66b6aae8b1294d8cb550520485eeb03fa1619 commit: d2a66b6aae8b1294d8cb550520485eeb03fa1619 [6/6] netfilter: nf_flow_table: add hardware offload support config: alpha-allyesconfig (attached as .config) compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout d2a66b6aae8b1294d8cb550520485eeb03fa1619 # save the attached .config to linux build tree make.cross ARCH=alpha All errors (new ones prefixed by >>): >> net/netfilter/nf_flow_table_inet.o:(.data.rel+0x20): undefined reference to >> `nf_flow_table_init' >> net/ipv4/netfilter/nf_flow_table_ipv4.o:(.data.rel+0x20): undefined >> reference to `nf_flow_table_init' >> net/ipv6/netfilter/nf_flow_table_ipv6.o:(.data.rel+0x20): undefined >> reference to `nf_flow_table_init' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:master 27/32] net/netfilter/nf_tables_api.c:4331:19: sparse: symbol 'nf_tables_obj_lookup_byhandle' was not declared. Should it be static?
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: e55311665286ab2744295575948c2b08dc001bf3 commit: 3ecbfd65f50e5ff9c538c1bfa3356ef52cc66586 [27/32] netfilter: nf_tables: allocate handle and delete objects via handle reproduce: # apt-get install sparse git checkout 3ecbfd65f50e5ff9c538c1bfa3356ef52cc66586 make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/netfilter/nf_tables_api.c:1180:31: sparse: incorrect type in return expression (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1180:31: expected struct nft_stats net/netfilter/nf_tables_api.c:1180:31: got void COPYING CREDITS Documentation Kbuild Kconfig MAINTAINERS Makefile README arch block certs crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools usr virt net/netfilter/nf_tables_api.c:1183:31: sparse: incorrect type in return expression (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1183:31: expected struct nft_stats net/netfilter/nf_tables_api.c:1183:31: got void COPYING CREDITS Documentation Kbuild Kconfig MAINTAINERS Makefile README arch block certs crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools usr virt net/netfilter/nf_tables_api.c:1187:31: sparse: incorrect type in return expression (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1187:31: expected struct nft_stats net/netfilter/nf_tables_api.c:1187:31: got void COPYING CREDITS Documentation Kbuild Kconfig MAINTAINERS Makefile README arch block certs crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools usr virt net/netfilter/nf_tables_api.c:1210:28: sparse: cast between address spaces (->) net/netfilter/nf_tables_api.c:1210:28: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_tables_api.c:1464:23: sparse: incorrect type in assignment (different address spaces) @@ expected struct nft_stats @@ got struct nft_stats struct nft_stats @@ net/netfilter/nf_tables_api.c:1472:29: sparse: incorrect type in argument 1 (different address spaces) @@ expected void @@ got @@ net/netfilter/nf_tables_api.c:1476:38: sparse: incorrect type in assignment (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1490:37: sparse: incorrect type in argument 1 (different address spaces) @@ expected void @@ got @@ >> net/netfilter/nf_tables_api.c:4331:19: sparse: symbol >> 'nf_tables_obj_lookup_byhandle' was not declared. Should it be net/netfilter/nf_tables_api.c:4360:41: sparse: Variable length array is used. >> net/netfilter/nf_tables_api.c:4853:22: sparse: symbol >> 'nf_tables_flowtable_lookup_byhandle' was not declared. Should it be Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH nf-next] netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static
Fixes: 3ecbfd65f50e ("netfilter: nf_tables: allocate handle and delete objects
via handle")
Signed-off-by: Fengguang Wu
---
nf_tables_api.c |8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 1addc401..b0129a0 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4328,9 +4328,9 @@ struct nft_object *nf_tables_obj_lookup(const struct
nft_table *table,
}
EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
-struct nft_object *nf_tables_obj_lookup_byhandle(const struct nft_table *table,
-const struct nlattr *nla,
-u32 objtype, u8 genmask)
+static struct nft_object *nf_tables_obj_lookup_byhandle(const struct nft_table
*table,
+ const struct nlattr
*nla,
+ u32 objtype, u8 genmask)
{
struct nft_object *obj;
@@ -4850,7 +4850,7 @@ struct nft_flowtable *nf_tables_flowtable_lookup(const
struct nft_table *table,
}
EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
-struct nft_flowtable *
+static struct nft_flowtable *
nf_tables_flowtable_lookup_byhandle(const struct nft_table *table,
const struct nlattr *nla, u8 genmask)
{
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:master 16/16] net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
head: 902d6a4c2a4f411582689e53fb101895ffe99028
commit: 902d6a4c2a4f411582689e53fb101895ffe99028 [16/16] netfilter: nf_defrag:
Skip defrag if NOTRACK is set
config: x86_64-randconfig-it0-01121151 (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
git checkout 902d6a4c2a4f411582689e53fb101895ffe99028
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
In file included from include/uapi/linux/swab.h:6:0,
from include/linux/swab.h:5,
from include/uapi/linux/byteorder/little_endian.h:13,
from include/linux/byteorder/little_endian.h:5,
from arch/x86/include/uapi/asm/byteorder.h:5,
from include/uapi/linux/ipv6.h:8,
from include/linux/ipv6.h:5,
from net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:10:
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: In function 'ipv6_defrag':
>> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has
>> no member named '_nfct'
if (skb->_nfct == IP_CT_UNTRACKED)
^
include/linux/compiler.h:58:30: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:2: note: in expansion of macro
>> 'if'
if (skb->_nfct == IP_CT_UNTRACKED)
^~
>> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has
>> no member named '_nfct'
if (skb->_nfct == IP_CT_UNTRACKED)
^
include/linux/compiler.h:58:42: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:2: note: in expansion of macro
>> 'if'
if (skb->_nfct == IP_CT_UNTRACKED)
^~
>> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has
>> no member named '_nfct'
if (skb->_nfct == IP_CT_UNTRACKED)
^
include/linux/compiler.h:69:16: note: in definition of macro '__trace_if'
__r = !!(cond); \
^~~~
>> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:2: note: in expansion of macro
>> 'if'
if (skb->_nfct == IP_CT_UNTRACKED)
^~
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: At top level:
include/linux/compiler.h:64:4: warning: '__f' is static but declared in
inline function 'strcpy' which is not static
__f = { \
^
include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
^~
include/linux/string.h:425:2: note: in expansion of macro 'if'
if (p_size == (size_t)-1 && q_size == (size_t)-1)
^~
include/linux/compiler.h:64:4: warning: '__f' is static but declared in
inline function 'kmemdup' which is not static
__f = { \
^
include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
^~
include/linux/string.h:415:2: note: in expansion of macro 'if'
if (p_size < size)
^~
include/linux/compiler.h:64:4: warning: '__f' is static but declared in
inline function 'kmemdup' which is not static
__f = { \
^
include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
^~
include/linux/string.h:413:2: note: in expansion of macro 'if'
if (__builtin_constant_p(size) && p_size < size)
^~
include/linux/compiler.h:64:4: warning: '__f' is static but declared in
inline function 'memchr_inv' which is not static
__f = { \
^
include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
^~
include/linux/string.h:404:2: note: in expansion of macro 'if'
if (p_size < size)
^~
include/linux/compiler.h:64:4: warning: '__f' is static but declared in
inline function 'memchr_inv' which is not static
__f = { \
^
include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if'
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
^~
include/linux/string.h:402:2: note: in expansion of macro 'if'
if (__builtin_constant_p(size) && p_size < size)
^~
include/linux/compiler.h:64:4: warning: '__f' is static but declared in
inline function 'memchr' which is not static
__f = { \
^
[nf-next:master 16/16] WARNING: vmlinux.o(.data+0x1911f0): Section mismatch in reference from the variable packet_raw to the function .init.text:iptable_raw_table_init()
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 902d6a4c2a4f411582689e53fb101895ffe99028 commit: 902d6a4c2a4f411582689e53fb101895ffe99028 [16/16] netfilter: nf_defrag: Skip defrag if NOTRACK is set config: x86_64-nfsroot (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 902d6a4c2a4f411582689e53fb101895ffe99028 # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): >> WARNING: vmlinux.o(.data+0x1911f0): Section mismatch in reference from the >> variable packet_raw to the function .init.text:iptable_raw_table_init() The variable packet_raw references the function __init iptable_raw_table_init() If the reference is valid then annotate the variable with or __refdata (see linux/init.h) or name the variable: --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf/master]
[also build test ERROR on v4.15-rc7 next-20180110]
[cannot apply to nf-next/master]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nf_tables-delete-table-via-table-handle/20180111-153748
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net//netfilter/nf_tables_api.c: In function '__nft_table_lookup_byhandle':
>> net//netfilter/nf_tables_api.c:375:22: error: 'struct nft_table' has no
>> member named 'handle'
if (handle == table->handle &&
^~
net//netfilter/nf_tables_api.c: In function 'nf_tables_deltable':
>> net//netfilter/nf_tables_api.c:890:66: error: 'NFTA_TABLE_HANDLE' undeclared
>> (first use in this function); did you mean 'NFTA_RULE_HANDLE'?
if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL &&
nla[NFTA_TABLE_HANDLE] == NULL))
^
NFTA_RULE_HANDLE
net//netfilter/nf_tables_api.c:890:66: note: each undeclared identifier is
reported only once for each function it appears in
vim +375 net//netfilter/nf_tables_api.c
368
369 static struct nft_table *__nft_table_lookup_byhandle(const struct
nft_af_info *afi,
370 u64 handle, u8
genmask)
371 {
372 struct nft_table *table;
373
374 list_for_each_entry(table, >tables, list) {
> 375 if (handle == table->handle &&
376 nft_active_genmask(table, genmask))
377 return table;
378 }
379 return NULL;
380 }
381
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf/master]
[also build test ERROR on v4.15-rc7 next-20180110]
[cannot apply to nf-next/master]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nf_tables-delete-table-via-table-handle/20180111-153748
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-randconfig-u0-0920 (attached as .config)
compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net//netfilter/nf_tables_api.c: In function '__nft_table_lookup_byhandle':
net//netfilter/nf_tables_api.c:375:22: error: 'struct nft_table' has no
member named 'handle'
if (handle == table->handle &&
^
net//netfilter/nf_tables_api.c: In function 'nf_tables_deltable':
>> net//netfilter/nf_tables_api.c:890:66: error: 'NFTA_TABLE_HANDLE' undeclared
>> (first use in this function)
if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL &&
nla[NFTA_TABLE_HANDLE] == NULL))
^
net//netfilter/nf_tables_api.c:890:66: note: each undeclared identifier is
reported only once for each function it appears in
vim +/NFTA_TABLE_HANDLE +890 net//netfilter/nf_tables_api.c
876
877 static int nf_tables_deltable(struct net *net, struct sock *nlsk,
878struct sk_buff *skb, const struct
nlmsghdr *nlh,
879const struct nlattr * const nla[],
880struct netlink_ext_ack *extack)
881 {
882 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
883 u8 genmask = nft_genmask_next(net);
884 struct nft_af_info *afi;
885 struct nft_table *table;
886 int family = nfmsg->nfgen_family;
887 struct nft_ctx ctx;
888
889 nft_ctx_init(, net, skb, nlh, NULL, NULL, NULL, nla);
> 890 if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL &&
> nla[NFTA_TABLE_HANDLE] == NULL))
891 return nft_flush(, family);
892
893 afi = nf_tables_afinfo_lookup(net, family, false);
894 if (IS_ERR(afi))
895 return PTR_ERR(afi);
896 if (nla[NFTA_TABLE_HANDLE])
897 table = nf_tables_table_lookup_byhandle(afi,
nla[NFTA_TABLE_HANDLE], genmask);
898 else
899 table = nf_tables_table_lookup(afi,
nla[NFTA_TABLE_NAME], genmask);
900
901 if (IS_ERR(table))
902 return PTR_ERR(table);
903
904 if (nlh->nlmsg_flags & NLM_F_NONREC &&
905 table->use > 0)
906 return -EBUSY;
907
908 ctx.afi = afi;
909 ctx.table = table;
910
911 return nft_flush_table();
912 }
913
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[RFC PATCH nf-next] netfilter: nf_tables: nft_flow_offload_type can be static
Fixes: db2ff0f2f440 ("netfilter: nf_tables: flow offload expression")
Signed-off-by: Fengguang Wu
---
nft_flow_offload.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index b7c7082..e7f16fe 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -176,7 +176,7 @@ static int nft_flow_offload_dump(struct sk_buff *skb, const
struct nft_expr *exp
return -1;
}
-struct nft_expr_type nft_flow_offload_type;
+static struct nft_expr_type nft_flow_offload_type;
static const struct nft_expr_ops nft_flow_offload_ops = {
.type = _flow_offload_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_flow_offload)),
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH V5 5/5] netfilter: nf_nat_snmp_basic: use asn1 decoder library
Hi Taehee,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
[also build test WARNING on v4.15-rc7 next-20180105]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Taehee-Yoo/netfilter-nf_nat_snmp_basic-remove-useless-comment/20180108-110506
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
>> net/ipv4/netfilter/nf_nat_snmp_basic_main.c:222:9: sparse: incompatible
>> types in comparison expression (different address spaces)
net/ipv4/netfilter/nf_nat_snmp_basic_main.c:229:9: sparse: incompatible
types in comparison expression (different address spaces)
vim +222 net/ipv4/netfilter/nf_nat_snmp_basic_main.c
218
219 static int __init nf_nat_snmp_basic_init(void)
220 {
221 BUG_ON(nf_nat_snmp_hook != NULL);
> 222 RCU_INIT_POINTER(nf_nat_snmp_hook, help);
223
224 return nf_conntrack_helper_register(_trap_helper);
225 }
226
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:for-net-next4 37/40] net/netfilter/utils.c:60: undefined reference to `nf_ip_route'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next4
head: 9b68071a2526dae4aeae359916ce31698a64599f
commit: 6c23627f164a73658e5d7d5032025e459bd0a485 [37/40] netfilter: move route
indirection to struct nf_ipv6_ops
config: i386-randconfig-a1-201752 (attached as .config)
compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4
reproduce:
git checkout 6c23627f164a73658e5d7d5032025e459bd0a485
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:15: undefined reference to `nf_ip_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
net/netfilter/utils.c:37: undefined reference to `nf_ip_checksum_partial'
net/netfilter/utils.o: In function `nf_route':
>> net/netfilter/utils.c:60: undefined reference to `nf_ip_route'
vim +60 net/netfilter/utils.c
5
6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
7 unsigned int dataoff, u_int8_t protocol,
8 unsigned short family)
9 {
10 const struct nf_ipv6_ops *v6ops;
11 __sum16 csum = 0;
12
13 switch (family) {
14 case AF_INET:
> 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
16 break;
17 case AF_INET6:
18 v6ops = rcu_dereference(nf_ipv6_ops);
19 if (v6ops)
20 csum = v6ops->checksum(skb, hook, dataoff,
protocol);
21 break;
22 }
23
24 return csum;
25 }
26 EXPORT_SYMBOL_GPL(nf_checksum);
27
28 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
29 unsigned int dataoff, unsigned int len,
30 u_int8_t protocol, unsigned short family)
31 {
32 const struct nf_ipv6_ops *v6ops;
33 __sum16 csum = 0;
34
35 switch (family) {
36 case AF_INET:
37 csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
38protocol);
39 break;
40 case AF_INET6:
41 v6ops = rcu_dereference(nf_ipv6_ops);
42 if (v6ops)
43 csum = v6ops->checksum_partial(skb, hook,
dataoff, len,
44 protocol);
45 break;
46 }
47
48 return csum;
49 }
50 EXPORT_SYMBOL_GPL(nf_checksum_partial);
51
52 int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl,
53 bool strict, unsigned short family)
54 {
55 const struct nf_ipv6_ops *v6ops;
56 int ret = 0;
57
58 switch (family) {
59 case AF_INET:
> 60 ret = nf_ip_route(net, dst, fl, strict);
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
Re: [PATCH V4 5/5] netfilter: nf_nat_snmp_basic: use asn1 decoder library
Hi Taehee, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] [also build test WARNING on v4.15-rc5 next-20171222] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Taehee-Yoo/netfilter-nf_nat_snmp_basic-use-ASN-1-decoder/20171226-091030 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH] netfilter: nf_nat_snmp_basic: snmp_version() can be static
Fixes: 499b2f89cea8 ("netfilter: nf_nat_snmp_basic: use asn1 decoder library")
Signed-off-by: Fengguang Wu
---
nf_nat_snmp_basic_main.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic_main.c
b/net/ipv4/netfilter/nf_nat_snmp_basic_main.c
index b6e2770..b16d3ad 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic_main.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic_main.c
@@ -101,8 +101,8 @@ static void fast_csum(struct snmp_ctx *ctx, unsigned char
offset)
~csum_unfold(*ctx->check)));
}
-int snmp_version(void *context, size_t hdrlen, unsigned char tag,
-const void *data, size_t datalen)
+static int snmp_version(void *context, size_t hdrlen, unsigned char tag,
+ const void *data, size_t datalen)
{
if (*(unsigned char *)data > 1)
return -ENOTSUPP;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:for-net-next3 38/40] net/netfilter/utils.c:56: undefined reference to `nf_ip6_reroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next3
head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6
commit: 63cfa51ca37a4b4fb6b3d994c9c775920457252e [38/40] netfilter: remove
reroute indirection in struct nf_afinfo
config: x86_64-randconfig-s2-12200210 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
git checkout 63cfa51ca37a4b4fb6b3d994c9c775920457252e
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:18: undefined reference to `nf_ip6_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
net/netfilter/utils.c:38: undefined reference to `nf_ip6_checksum_partial'
net/netfilter/utils.o: In function `nf_reroute':
>> net/netfilter/utils.c:56: undefined reference to `nf_ip6_reroute'
net/netfilter/utils.o: In function `nf_saveroute':
net/netfilter/utils.c:70: undefined reference to `nf_ip6_saveroute'
vim +56 net/netfilter/utils.c
6
7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
8 unsigned int dataoff, u_int8_t protocol,
9 unsigned short family)
10 {
11 __sum16 csum = 0;
12
13 switch (family) {
14 case AF_INET:
15 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
16 break;
17 case AF_INET6:
> 18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
19 break;
20 }
21
22 return csum;
23 }
24 EXPORT_SYMBOL_GPL(nf_checksum);
25
26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
27 unsigned int dataoff, unsigned int len,
28 u_int8_t protocol, unsigned short family)
29 {
30 __sum16 csum = 0;
31
32 switch (family) {
33 case AF_INET:
34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
35protocol);
36 break;
37 case AF_INET6:
38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
39 protocol);
40 break;
41 }
42
43 return csum;
44 }
45 EXPORT_SYMBOL_GPL(nf_checksum_partial);
46
47 int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry)
48 {
49 int ret = 0;
50
51 switch (entry->state.pf) {
52 case AF_INET:
53 ret = nf_ip_reroute(skb, entry);
54 break;
55 case AF_INET6:
> 56 ret = nf_ip6_reroute(skb, entry);
57 break;
58 }
59
60 return ret;
61 }
62
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:for-net-next3 38/40] (.text.nf_reroute+0x58): undefined reference to `nf_ip6_reroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 63cfa51ca37a4b4fb6b3d994c9c775920457252e [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: parisc-allmodconfig (attached as .config) compiler: hppa-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 63cfa51ca37a4b4fb6b3d994c9c775920457252e # save the attached .config to linux build tree make.cross ARCH=parisc All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': (.text.nf_checksum+0x78): undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': (.text.nf_checksum_partial+0x88): undefined reference to `nf_ip6_checksum_partial' net/netfilter/utils.o: In function `nf_reroute': >> (.text.nf_reroute+0x58): undefined reference to `nf_ip6_reroute' net/netfilter/utils.o: In function `nf_saveroute': (.text.nf_saveroute+0x58): undefined reference to `nf_ip6_saveroute' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 36/40] net/netfilter/utils.c:54: undefined reference to `nf_ip6_saveroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next3
head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6
commit: e58c72119d0fa35020c144317509fe9494c441bd [36/40] netfilter: remove
saveroute indirection in struct nf_afinfo
config: x86_64-randconfig-s2-12200210 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
git checkout e58c72119d0fa35020c144317509fe9494c441bd
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:18: undefined reference to `nf_ip6_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
net/netfilter/utils.c:38: undefined reference to `nf_ip6_checksum_partial'
net/netfilter/utils.o: In function `nf_saveroute':
>> net/netfilter/utils.c:54: undefined reference to `nf_ip6_saveroute'
vim +54 net/netfilter/utils.c
6
7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
8 unsigned int dataoff, u_int8_t protocol,
9 unsigned short family)
10 {
11 __sum16 csum = 0;
12
13 switch (family) {
14 case AF_INET:
15 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
16 break;
17 case AF_INET6:
> 18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
19 break;
20 }
21
22 return csum;
23 }
24 EXPORT_SYMBOL_GPL(nf_checksum);
25
26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
27 unsigned int dataoff, unsigned int len,
28 u_int8_t protocol, unsigned short family)
29 {
30 __sum16 csum = 0;
31
32 switch (family) {
33 case AF_INET:
34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
35protocol);
36 break;
37 case AF_INET6:
38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
39 protocol);
40 break;
41 }
42
43 return csum;
44 }
45 EXPORT_SYMBOL_GPL(nf_checksum_partial);
46
47 void nf_saveroute(const struct sk_buff *skb, struct nf_queue_entry
*entry)
48 {
49 switch (entry->state.pf) {
50 case AF_INET:
51 nf_ip_saveroute(skb, entry);
52 break;
53 case AF_INET6:
> 54 nf_ip6_saveroute(skb, entry);
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:for-net-next3 36/40] (.text.nf_saveroute+0x58): undefined reference to `nf_ip6_saveroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: e58c72119d0fa35020c144317509fe9494c441bd [36/40] netfilter: remove saveroute indirection in struct nf_afinfo config: parisc-allmodconfig (attached as .config) compiler: hppa-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout e58c72119d0fa35020c144317509fe9494c441bd # save the attached .config to linux build tree make.cross ARCH=parisc All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': (.text.nf_checksum+0x78): undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': (.text.nf_checksum_partial+0x88): undefined reference to `nf_ip6_checksum_partial' net/netfilter/utils.o: In function `nf_saveroute': >> (.text.nf_saveroute+0x58): undefined reference to `nf_ip6_saveroute' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 35/40] utils.c:undefined reference to `nf_ip6_checksum_partial'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 1033afac404a403b3ae982702061e7808b80e597 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 1033afac404a403b3ae982702061e7808b80e597 # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': utils.c:(.text+0x35): undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': >> utils.c:(.text+0x88): undefined reference to `nf_ip6_checksum_partial' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 35/40] net/netfilter/utils.c:37: undefined reference to `nf_ip6_checksum_partial'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next3
head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6
commit: 1033afac404a403b3ae982702061e7808b80e597 [35/40] netfilter: remove
checksum_partial indirection in struct nf_afinfo
config: x86_64-randconfig-s2-12200210 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
git checkout 1033afac404a403b3ae982702061e7808b80e597
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:17: undefined reference to `nf_ip6_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
>> net/netfilter/utils.c:37: undefined reference to `nf_ip6_checksum_partial'
vim +37 net/netfilter/utils.c
5
6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
7 unsigned int dataoff, u_int8_t protocol,
8 unsigned short family)
9 {
10 __sum16 csum = 0;
11
12 switch (family) {
13 case AF_INET:
14 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
15 break;
16 case AF_INET6:
> 17 csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
18 break;
19 }
20
21 return csum;
22 }
23 EXPORT_SYMBOL_GPL(nf_checksum);
24
25 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
26 unsigned int dataoff, unsigned int len,
27 u_int8_t protocol, unsigned short family)
28 {
29 __sum16 csum = 0;
30
31 switch (family) {
32 case AF_INET:
33 csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
34protocol);
35 break;
36 case AF_INET6:
> 37 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:for-net-next3 37/40] net/netfilter/xt_addrtype.c:55: undefined reference to `nf_ip6_route'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next3
head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6
commit: 4a61f6d1f4eddcb006e6d6ed1a90c81737c6dc0a [37/40] netfilter: remove
route indirection in struct nf_afinfo
config: i386-randconfig-a1-12171902 (attached as .config)
compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4
reproduce:
git checkout 4a61f6d1f4eddcb006e6d6ed1a90c81737c6dc0a
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:18: undefined reference to `nf_ip6_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
net/netfilter/utils.c:38: undefined reference to `nf_ip6_checksum_partial'
net/netfilter/utils.o: In function `nf_saveroute':
net/netfilter/utils.c:54: undefined reference to `nf_ip6_saveroute'
net/netfilter/xt_addrtype.o: In function `match_lookup_rt6':
>> net/netfilter/xt_addrtype.c:55: undefined reference to `nf_ip6_route'
>> net/netfilter/xt_addrtype.c:55: undefined reference to `nf_ip6_route'
vim +55 net/netfilter/xt_addrtype.c
34
35 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
36 static u32 match_lookup_rt6(struct net *net, const struct net_device
*dev,
37 const struct in6_addr *addr, u16 mask)
38 {
39 const struct nf_ipv6_ops *v6ops;
40 struct flowi6 flow;
41 struct rt6_info *rt;
42 u32 ret = 0;
43 int route_err;
44
45 memset(, 0, sizeof(flow));
46 flow.daddr = *addr;
47 if (dev)
48 flow.flowi6_oif = dev->ifindex;
49
50 if (dev && (mask & XT_ADDRTYPE_LOCAL)) {
51 v6ops = nf_get_ipv6_ops();
52 if (v6ops && v6ops->chk_addr(net, addr, dev, true))
53 ret = XT_ADDRTYPE_LOCAL;
54 }
> 55 route_err = nf_ip6_route(net, (struct dst_entry **),
56 flowi6_to_flowi(), false);
57 if (route_err)
58 return XT_ADDRTYPE_UNREACHABLE;
59
60 if (rt->rt6i_flags & RTF_REJECT)
61 ret = XT_ADDRTYPE_UNREACHABLE;
62
63 if (dev == NULL && rt->rt6i_flags & RTF_LOCAL)
64 ret |= XT_ADDRTYPE_LOCAL;
65 if (ipv6_anycast_destination((struct dst_entry *)rt, addr))
66 ret |= XT_ADDRTYPE_ANYCAST;
67
68 dst_release(>dst);
69 return ret;
70 }
71
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:for-net-next2 38/40] net/netfilter/utils.c:53: undefined reference to `nf_ip_reroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next2
head: 7c3f8641178fb63c1e970a23e3743e89fc92be81
commit: 56cd0e50caf4a1cb0fc743c53f3f7b3ad7a5f717 [38/40] netfilter: remove
reroute indirection in struct nf_afinfo
config: x86_64-randconfig-i0-201751 (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
git checkout 56cd0e50caf4a1cb0fc743c53f3f7b3ad7a5f717
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:15: undefined reference to `nf_ip_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
net/netfilter/utils.c:34: undefined reference to `nf_ip_checksum_partial'
net/netfilter/utils.o: In function `nf_reroute':
>> net/netfilter/utils.c:53: undefined reference to `nf_ip_reroute'
net/netfilter/utils.o: In function `nf_saveroute':
net/netfilter/utils.c:67: undefined reference to `nf_ip_saveroute'
vim +53 net/netfilter/utils.c
6
7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
8 unsigned int dataoff, u_int8_t protocol,
9 unsigned short family)
10 {
11 __sum16 csum = 0;
12
13 switch (family) {
14 case AF_INET:
> 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
16 break;
17 case AF_INET6:
18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
19 break;
20 }
21
22 return csum;
23 }
24 EXPORT_SYMBOL_GPL(nf_checksum);
25
26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
27 unsigned int dataoff, unsigned int len,
28 u_int8_t protocol, unsigned short family)
29 {
30 __sum16 csum = 0;
31
32 switch (family) {
33 case AF_INET:
34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
35protocol);
36 break;
37 case AF_INET6:
38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
39 protocol);
40 break;
41 }
42
43 return csum;
44 }
45 EXPORT_SYMBOL_GPL(nf_checksum_partial);
46
47 int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry)
48 {
49 int ret = 0;
50
51 switch (entry->state.pf) {
52 case AF_INET:
> 53 ret = nf_ip_reroute(skb, entry);
54 break;
55 case AF_INET6:
56 ret = nf_ip6_reroute(skb, entry);
57 break;
58 }
59
60 return ret;
61 }
62
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:for-net-next3 34/40] utils.c:undefined reference to `nf_ip6_checksum'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 188efacae54f7b9f1421a238da93d5289a3704a0 [34/40] netfilter: remove checksum indirection in struct nf_afinfo config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 188efacae54f7b9f1421a238da93d5289a3704a0 # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': >> utils.c:(.text+0x35): undefined reference to `nf_ip6_checksum' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 34/40] net/netfilter/utils.c:17: undefined reference to `nf_ip6_checksum'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next3
head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6
commit: 188efacae54f7b9f1421a238da93d5289a3704a0 [34/40] netfilter: remove
checksum indirection in struct nf_afinfo
config: x86_64-randconfig-s2-12200210 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
git checkout 188efacae54f7b9f1421a238da93d5289a3704a0
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
>> net/netfilter/utils.c:17: undefined reference to `nf_ip6_checksum'
vim +17 net/netfilter/utils.c
5
6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
7 unsigned int dataoff, u_int8_t protocol,
8 unsigned short family)
9 {
10 __sum16 csum = 0;
11
12 switch (family) {
13 case AF_INET:
14 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
15 break;
16 case AF_INET6:
> 17 csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:for-net-next2 36/40] net/netfilter/utils.c:51: undefined reference to `nf_ip_saveroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next2
head: 7c3f8641178fb63c1e970a23e3743e89fc92be81
commit: d0f3d3b94e3a8765b0034127780d57f304af11fe [36/40] netfilter: remove
saveroute indirection in struct nf_afinfo
config: x86_64-randconfig-i0-201751 (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
git checkout d0f3d3b94e3a8765b0034127780d57f304af11fe
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:15: undefined reference to `nf_ip_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
net/netfilter/utils.c:34: undefined reference to `nf_ip_checksum_partial'
net/netfilter/utils.o: In function `nf_saveroute':
>> net/netfilter/utils.c:51: undefined reference to `nf_ip_saveroute'
vim +51 net/netfilter/utils.c
6
7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
8 unsigned int dataoff, u_int8_t protocol,
9 unsigned short family)
10 {
11 __sum16 csum = 0;
12
13 switch (family) {
14 case AF_INET:
> 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
16 break;
17 case AF_INET6:
18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
19 break;
20 }
21
22 return csum;
23 }
24 EXPORT_SYMBOL_GPL(nf_checksum);
25
26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
27 unsigned int dataoff, unsigned int len,
28 u_int8_t protocol, unsigned short family)
29 {
30 __sum16 csum = 0;
31
32 switch (family) {
33 case AF_INET:
34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
35protocol);
36 break;
37 case AF_INET6:
38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
39 protocol);
40 break;
41 }
42
43 return csum;
44 }
45 EXPORT_SYMBOL_GPL(nf_checksum_partial);
46
47 void nf_saveroute(const struct sk_buff *skb, struct nf_queue_entry
*entry)
48 {
49 switch (entry->state.pf) {
50 case AF_INET:
> 51 nf_ip_saveroute(skb, entry);
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
[nf-next:for-net-next2 35/40] net/netfilter/utils.c:33: undefined reference to `nf_ip_checksum_partial'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
for-net-next2
head: 7c3f8641178fb63c1e970a23e3743e89fc92be81
commit: d0cdeba2fc5ef7f97bdcf5d31266a25802372009 [35/40] netfilter: remove
checksum_partial indirection in struct nf_afinfo
config: x86_64-randconfig-i0-201751 (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
git checkout d0cdeba2fc5ef7f97bdcf5d31266a25802372009
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net/netfilter/utils.o: In function `nf_checksum':
net/netfilter/utils.c:14: undefined reference to `nf_ip_checksum'
net/netfilter/utils.o: In function `nf_checksum_partial':
>> net/netfilter/utils.c:33: undefined reference to `nf_ip_checksum_partial'
vim +33 net/netfilter/utils.c
5
6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
7 unsigned int dataoff, u_int8_t protocol,
8 unsigned short family)
9 {
10 __sum16 csum = 0;
11
12 switch (family) {
13 case AF_INET:
> 14 csum = nf_ip_checksum(skb, hook, dataoff, protocol);
15 break;
16 case AF_INET6:
17 csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
18 break;
19 }
20
21 return csum;
22 }
23 EXPORT_SYMBOL_GPL(nf_checksum);
24
25 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
26 unsigned int dataoff, unsigned int len,
27 u_int8_t protocol, unsigned short family)
28 {
29 __sum16 csum = 0;
30
31 switch (family) {
32 case AF_INET:
> 33 csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
.config.gz
Description: application/gzip
