Re: [PATCH] netfilter: nf_conntrack_sip: add sip_external_media logic
Hi Alin, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf/master] [also build test ERROR on v4.20-rc4 next-20181129] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Alin-Nastac/netfilter-nf_conntrack_sip-add-sip_external_media-logic/20181130-032136 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: x86_64-randconfig-a0-11300811 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/nf_conntrack_sip.o: In function `ip6_route_output': >> include/net/ip6_route.h:88: undefined reference to `ip6_route_output_flags' vim +88 include/net/ip6_route.h 33bd5ac54 David Ahern 2018-07-03 74 5c3a0fd7d Joe Perches 2013-09-21 75 void ip6_route_input(struct sk_buff *skb); d409b8476 Mahesh Bandewar 2016-09-16 76 struct dst_entry *ip6_route_input_lookup(struct net *net, d409b8476 Mahesh Bandewar 2016-09-16 77 struct net_device *dev, b75cc8f90 David Ahern 2018-03-02 78 struct flowi6 *fl6, b75cc8f90 David Ahern 2018-03-02 79 const struct sk_buff *skb, int flags); ^1da177e4 Linus Torvalds 2005-04-16 80 6f21c96a7 Paolo Abeni 2016-01-29 81 struct dst_entry *ip6_route_output_flags(struct net *net, const struct sock *sk, 6f21c96a7 Paolo Abeni 2016-01-29 82 struct flowi6 *fl6, int flags); 6f21c96a7 Paolo Abeni 2016-01-29 83 6f21c96a7 Paolo Abeni 2016-01-29 84 static inline struct dst_entry *ip6_route_output(struct net *net, 6f21c96a7 Paolo Abeni 2016-01-29 85 const struct sock *sk, 6f21c96a7 Paolo Abeni 2016-01-29 86 struct flowi6 *fl6) 6f21c96a7 Paolo Abeni 2016-01-29 87 { 6f21c96a7 Paolo Abeni 2016-01-29 @88return ip6_route_output_flags(net, sk, fl6, 0); 6f21c96a7 Paolo Abeni 2016-01-29 89 } 6f21c96a7 Paolo Abeni 2016-01-29 90 :: The code at line 88 was first introduced by commit :: 6f21c96a78b835259546d8f3fb4edff0f651d478 ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail() :: TO: Paolo Abeni :: CC: David S. Miller --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH] netfilter: nf_conntrack_sip: add sip_external_media logic
Hi Alin, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf/master] [also build test ERROR on v4.20-rc4 next-20181129] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Alin-Nastac/netfilter-nf_conntrack_sip-add-sip_external_media-logic/20181130-032136 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: powerpc-defconfig (attached as .config) compiler: powerpc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=7.2.0 make.cross ARCH=powerpc All errors (new ones prefixed by >>): >> ERROR: ".ip6_route_output_flags" [net/netfilter/nf_conntrack_sip.ko] >> undefined! --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf 2/2] netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-nf_-tcp-udp-sctp-icmp-dccp-icmpv6-generic-_pernet/20181102-101813 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: i386-randconfig-n3-11020807 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): In file included from net/netfilter/nfnetlink_cttimeout.c:31:0: include/net/netfilter/nf_conntrack_timeout.h: In function 'nf_sctp_pernet': include/net/netfilter/nf_conntrack_timeout.h:119:30: error: 'struct nf_ip_net' has no member named 'sctp'; did you mean 'tcp'? return >ct.nf_ct_proto.sctp; ^~~~ tcp net/netfilter/nfnetlink_cttimeout.c: In function 'cttimeout_default_fill_info': >> net/netfilter/nfnetlink_cttimeout.c:429:33: error: dereferencing pointer to >> incomplete type 'struct nf_sctp_net' timeouts = nf_sctp_pernet(net)->timeouts; ^~ vim +429 net/netfilter/nfnetlink_cttimeout.c 381 382 static int 383 cttimeout_default_fill_info(struct net *net, struct sk_buff *skb, u32 portid, 384 u32 seq, u32 type, int event, u16 l3num, 385 const struct nf_conntrack_l4proto *l4proto) 386 { 387 unsigned int *timeouts; 388 struct nlmsghdr *nlh; 389 struct nfgenmsg *nfmsg; 390 unsigned int flags = portid ? NLM_F_MULTI : 0; 391 struct nlattr *nest_parms; 392 int ret; 393 394 event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event); 395 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags); 396 if (nlh == NULL) 397 goto nlmsg_failure; 398 399 nfmsg = nlmsg_data(nlh); 400 nfmsg->nfgen_family = AF_UNSPEC; 401 nfmsg->version = NFNETLINK_V0; 402 nfmsg->res_id = 0; 403 404 if (nla_put_be16(skb, CTA_TIMEOUT_L3PROTO, htons(l3num)) || 405 nla_put_u8(skb, CTA_TIMEOUT_L4PROTO, l4proto->l4proto)) 406 goto nla_put_failure; 407 408 nest_parms = nla_nest_start(skb, CTA_TIMEOUT_DATA | NLA_F_NESTED); 409 if (!nest_parms) 410 goto nla_put_failure; 411 412 switch (l4proto->l4proto) { 413 case IPPROTO_ICMP: 414 timeouts = _icmp_pernet(net)->timeout; 415 break; 416 case IPPROTO_TCP: 417 timeouts = nf_tcp_pernet(net)->timeouts; 418 break; 419 case IPPROTO_UDP: 420 timeouts = nf_udp_pernet(net)->timeouts; 421 break; 422 case IPPROTO_DCCP: 423 timeouts = nf_dccp_pernet(net)->dccp_timeout; 424 break; 425 case IPPROTO_ICMPV6: 426 timeouts = _icmpv6_pernet(net)->timeout; 427 break; 428 case IPPROTO_SCTP: > 429 timeouts = nf_sctp_pernet(net)->timeouts; 430 break; 431 case 255: 432 timeouts = _generic_pernet(net)->timeout; 433 break; 434 default: 435 WARN_ON_ONCE(1); 436 goto nla_put_failure; 437 } 438 439 ret = l4proto->ctnl_timeout.obj_to_nlattr(skb, timeouts); 440 if (ret < 0) 441 goto nla_put_failure; 442 443 nla_nest_end(skb, nest_parms); 444 445 nlmsg_end(skb, nlh); 446 return skb->len; 447 448 nlmsg_failure: 449 nla_put_failure: 450 nlmsg_cancel(skb, nlh); 451 return -1; 452 } 453 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf 1/2] netfilter: add nf_{tcp,udp,sctp,icmp,dccp,icmpv6,generic}_pernet()
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-nf_-tcp-udp-sctp-icmp-dccp-icmpv6-generic-_pernet/20181102-101813 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: i386-randconfig-x077-201843 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): In file included from net//netfilter/nf_conntrack_core.c:50:0: include/net/netfilter/nf_conntrack_timeout.h: In function 'nf_dccp_pernet': >> include/net/netfilter/nf_conntrack_timeout.h:114:30: error: 'struct >> nf_ip_net' has no member named 'dccp'; did you mean 'tcp'? return >ct.nf_ct_proto.dccp; ^~~~ tcp include/net/netfilter/nf_conntrack_timeout.h: In function 'nf_sctp_pernet': >> include/net/netfilter/nf_conntrack_timeout.h:119:30: error: 'struct >> nf_ip_net' has no member named 'sctp'; did you mean 'tcp'? return >ct.nf_ct_proto.sctp; ^~~~ tcp vim +114 include/net/netfilter/nf_conntrack_timeout.h 111 112 static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net) 113 { > 114 return >ct.nf_ct_proto.dccp; 115 } 116 117 static inline struct nf_sctp_net *nf_sctp_pernet(struct net *net) 118 { > 119 return >ct.nf_ct_proto.sctp; 120 } 121 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:master 1/7] net/ipv4/netfilter/ipt_ECN.c:58:28: error: 'IPT_ECN_OP_SET_ECE' undeclared; did you mean 'IPT_ECN_OP_MATCH_ECE'?
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 60dd57bba519ab75277df610d5d245ed3af3c57c commit: 25038aaf0cbf7639a18f80aeddb325811aff23c3 [1/7] UAPI: netfilter: Fix symbol collision issues [ver #2] config: m68k-mvme16x_defconfig (attached as .config) compiler: m68k-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 25038aaf0cbf7639a18f80aeddb325811aff23c3 # save the attached .config to linux build tree GCC_VERSION=7.2.0 make.cross ARCH=m68k All errors (new ones prefixed by >>): net/ipv4/netfilter/ipt_ECN.c: In function 'set_ect_tcp': >> net/ipv4/netfilter/ipt_ECN.c:58:28: error: 'IPT_ECN_OP_SET_ECE' undeclared >> (first use in this function); did you mean 'IPT_ECN_OP_MATCH_ECE'? if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) || ^~ IPT_ECN_OP_MATCH_ECE net/ipv4/netfilter/ipt_ECN.c:58:28: note: each undeclared identifier is reported only once for each function it appears in >> net/ipv4/netfilter/ipt_ECN.c:60:28: error: 'IPT_ECN_OP_SET_CWR' undeclared >> (first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'? (!(einfo->operation & IPT_ECN_OP_SET_CWR) || ^~ IPT_ECN_OP_SET_ECE net/ipv4/netfilter/ipt_ECN.c: In function 'ecn_tg': >> net/ipv4/netfilter/ipt_ECN.c:84:25: error: 'IPT_ECN_OP_SET_IP' undeclared >> (first use in this function); did you mean 'IPT_ECN_OP_MATCH_IP'? if (einfo->operation & IPT_ECN_OP_SET_IP) ^ IPT_ECN_OP_MATCH_IP >> net/ipv4/netfilter/ipt_ECN.c:88:26: error: 'IPT_ECN_OP_SET_ECE' undeclared >> (first use in this function); did you mean 'IPT_ECN_OP_SET_IP'? if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) && ^~ IPT_ECN_OP_SET_IP net/ipv4/netfilter/ipt_ECN.c:88:47: error: 'IPT_ECN_OP_SET_CWR' undeclared (first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'? if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) && ^~ IPT_ECN_OP_SET_ECE net/ipv4/netfilter/ipt_ECN.c: In function 'ecn_tg_check': >> net/ipv4/netfilter/ipt_ECN.c:101:25: error: 'IPT_ECN_OP_MASK' undeclared >> (first use in this function); did you mean 'IPT_ECN_IP_MASK'? if (einfo->operation & IPT_ECN_OP_MASK) ^~~ IPT_ECN_IP_MASK net/ipv4/netfilter/ipt_ECN.c:107:27: error: 'IPT_ECN_OP_SET_ECE' undeclared (first use in this function); did you mean 'IPT_ECN_OP_MATCH_ECE'? if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && ^~ IPT_ECN_OP_MATCH_ECE net/ipv4/netfilter/ipt_ECN.c:107:46: error: 'IPT_ECN_OP_SET_CWR' undeclared (first use in this function); did you mean 'IPT_ECN_OP_SET_ECE'? if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) && ^~ IPT_ECN_OP_SET_ECE vim +58 net/ipv4/netfilter/ipt_ECN.c ^1da177e4 Linus Torvalds 2005-04-16 45 e1931b784 Jan Engelhardt 2007-07-07 46 /* Return false if there was an error. */ e1931b784 Jan Engelhardt 2007-07-07 47 static inline bool 3db05fea5 Herbert Xu 2007-10-15 48 set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo) ^1da177e4 Linus Torvalds 2005-04-16 49 { ^1da177e4 Linus Torvalds 2005-04-16 50struct tcphdr _tcph, *tcph; 6a19d6147 Al Viro2006-09-28 51__be16 oldval; ^1da177e4 Linus Torvalds 2005-04-16 52 af901ca18 André Goddard Rosa 2009-11-14 53/* Not enough header? */ 3db05fea5 Herbert Xu 2007-10-15 54tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); ^1da177e4 Linus Torvalds 2005-04-16 55if (!tcph) e1931b784 Jan Engelhardt 2007-07-07 56return false; ^1da177e4 Linus Torvalds 2005-04-16 57 fd841326d Patrick McHardy2005-08-20 @58if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) || fd841326d Patrick McHardy2005-08-20 59 tcph->ece == einfo->proto.tcp.ece) && 7c4e36bc1 Jan Engelhardt 2007-07-07 @60(!(einfo->operation & IPT_ECN_OP_SET_CWR) || 7c4e36bc1 Jan Engelhardt 2007-07-07 61 tcph->cwr == einfo->proto.tcp.cwr)) e1931b784 Jan Engelhardt 2007-07-07 62return true; ^1da177e4 Linus Torvalds 2005-04-16 63 3db05fea5 Herbert Xu
Re: [PATCH nf-next 7/8] netfilter: conntrack: remove l3->l4 mapping information
Hi Florian, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-pass-nf_hook_state-to-packet-and-error-handlers/20180914-024412 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-s1-201836 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): >> net//netfilter/nf_conntrack_proto.c:864:3: error: >> 'nf_conntrack_l4proto_udplite' undeclared here (not in a function) _conntrack_l4proto_udplite, ^~~~ vim +/nf_conntrack_l4proto_udplite +864 net//netfilter/nf_conntrack_proto.c 853 854 static const struct nf_conntrack_l4proto * const builtin_l4proto[] = { 855 _conntrack_l4proto_tcp, 856 _conntrack_l4proto_udp, 857 _conntrack_l4proto_icmp, 858 #ifdef CONFIG_NF_CT_PROTO_DCCP 859 _conntrack_l4proto_dccp, 860 #endif 861 #ifdef CONFIG_NF_CT_PROTO_SCTP 862 _conntrack_l4proto_sctp, 863 #endif > 864 _conntrack_l4proto_udplite, 865 #if IS_ENABLED(CONFIG_IPV6) 866 _conntrack_l4proto_icmpv6, 867 #endif /* CONFIG_IPV6 */ 868 }; 869 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next 7/8] netfilter: conntrack: remove l3->l4 mapping information
Hi Florian, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-pass-nf_hook_state-to-packet-and-error-handlers/20180914-024412 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-x012-201836 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): >> net//netfilter/nf_conntrack_proto.c:864:3: error: >> 'nf_conntrack_l4proto_udplite' undeclared here (not in a function); did you >> mean 'nf_conntrack_l4proto_udp'? _conntrack_l4proto_udplite, ^~~~ nf_conntrack_l4proto_udp vim +864 net//netfilter/nf_conntrack_proto.c 853 854 static const struct nf_conntrack_l4proto * const builtin_l4proto[] = { 855 _conntrack_l4proto_tcp, 856 _conntrack_l4proto_udp, 857 _conntrack_l4proto_icmp, 858 #ifdef CONFIG_NF_CT_PROTO_DCCP 859 _conntrack_l4proto_dccp, 860 #endif 861 #ifdef CONFIG_NF_CT_PROTO_SCTP 862 _conntrack_l4proto_sctp, 863 #endif > 864 _conntrack_l4proto_udplite, 865 #if IS_ENABLED(CONFIG_IPV6) 866 _conntrack_l4proto_icmpv6, 867 #endif /* CONFIG_IPV6 */ 868 }; 869 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:master 15/20] net/netfilter/nft_tunnel.c:117:25: sparse: incorrect type in assignment (different base types)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 020f6cc5f75511c5974cfd454f224365bc0c2df4 commit: af308b94a2a4a5a27bec9028354c4df444a7c8ba [15/20] netfilter: nf_tables: add tunnel support reproduce: # apt-get install sparse git checkout af308b94a2a4a5a27bec9028354c4df444a7c8ba make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nft_tunnel.c:117:25: sparse: incorrect type in assignment >> (different base types) @@expected unsigned int [unsigned] [usertype] >> flags @@got ed int [unsigned] [usertype] flags @@ net/netfilter/nft_tunnel.c:117:25:expected unsigned int [unsigned] [usertype] flags net/netfilter/nft_tunnel.c:117:25:got restricted __be16 [usertype] net/netfilter/nft_tunnel.c:166:25: sparse: incorrect type in assignment (different base types) @@expected unsigned int [unsigned] [usertype] flags @@got ed int [unsigned] [usertype] flags @@ net/netfilter/nft_tunnel.c:166:25:expected unsigned int [unsigned] [usertype] flags net/netfilter/nft_tunnel.c:166:25:got restricted __be16 [usertype] >> net/netfilter/nft_tunnel.c:242:33: sparse: incorrect type in assignment >> (different base types) @@expected restricted __be16 [addressable] >> [assigned] [usertype] tp_src @@got e] tp_src @@ net/netfilter/nft_tunnel.c:242:33:expected restricted __be16 [addressable] [assigned] [usertype] tp_src net/netfilter/nft_tunnel.c:242:33:got int >> net/netfilter/nft_tunnel.c:246:33: sparse: incorrect type in assignment >> (different base types) @@expected restricted __be16 [addressable] >> [assigned] [usertype] tp_dst @@got e] tp_dst @@ net/netfilter/nft_tunnel.c:246:33:expected restricted __be16 [addressable] [assigned] [usertype] tp_dst net/netfilter/nft_tunnel.c:246:33:got int >> net/netfilter/nft_tunnel.c:284:43: sparse: incorrect type in argument 4 >> (different base types) @@expected restricted __be16 [usertype] flags @@ >> got unsignrestricted __be16 [usertype] flags @@ net/netfilter/nft_tunnel.c:284:43:expected restricted __be16 [usertype] flags net/netfilter/nft_tunnel.c:284:43:got unsigned int [unsigned] [usertype] flags >> net/netfilter/nft_tunnel.c:342:27: sparse: restricted __be16 degrades to >> integer net/netfilter/nft_tunnel.c:346:34: sparse: restricted __be16 degrades to integer >> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16 >> net/netfilter/nft_tunnel.c:370:54: sparse: incorrect type in argument 1 >> (different base types) @@expected unsigned short [unsigned] [usertype] >> val @@got short [unsigned] [usertype] val @@ net/netfilter/nft_tunnel.c:370:54:expected unsigned short [unsigned] [usertype] val net/netfilter/nft_tunnel.c:370:54:got restricted __be16 [usertype] tp_src >> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16 >> net/netfilter/nft_tunnel.c:370:54: sparse: cast from restricted __be16 net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16 net/netfilter/nft_tunnel.c:371:54: sparse: incorrect type in argument 1 (different base types) @@expected unsigned short [unsigned] [usertype] val @@got short [unsigned] [usertype] val @@ net/netfilter/nft_tunnel.c:371:54:expected unsigned short [unsigned] [usertype] val net/netfilter/nft_tunnel.c:371:54:got restricted __be16 [usertype] tp_dst net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16 net/netfilter/nft_tunnel.c:371:54: sparse: cast from restricted __be16 vim +117 net/netfilter/nft_tunnel.c 99 100 static int nft_tunnel_obj_vxlan_init(const struct nlattr *attr, 101 struct nft_tunnel_opts *opts) 102 { 103 struct nlattr *tb[NFTA_TUNNEL_KEY_VXLAN_MAX + 1]; 104 int err; 105 106 err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_VXLAN_MAX, attr, 107 nft_tunnel_opts_vxlan_policy, NULL); 108 if (err < 0) 109 return err; 110 111 if (!tb[NFTA_TUNNEL_KEY_VXLAN_GBP]) 112 return -EINVAL; 113 114 opts->u.vxlan.gbp = ntohl(nla_get_be32(tb[NFTA_TUNNEL_KEY_VXLAN_GBP])); 115 116 opts->len = sizeof(struct vxlan_metadata); > 117 opts->flags = TUNNEL_VXLAN_OPT; 118 119 return 0; 120 } 121 122 static const struct nla_policy nft_tunnel_opts_erspan_policy[NFTA_TUNNEL_KEY_ERSPAN_MAX + 1] = { 123 [NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX] = { .type = NLA_U32 }, 124 [NFTA_TUNNEL_KEY_ERSPAN_V2_DIR] = { .type = NLA_U8 }, 125 [NFTA_TUNNEL_KEY_ERSPAN_V2_HWID]= { .type = NLA_U8 }, 126 }; 127 128 static int
Re: [PATCH nf-next v10] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180802-001147 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-randconfig-ne0-08012247 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy': >> net/netfilter/nft_ct.c:899:3: error: implicit declaration of function >> 'nf_ct_untimeout' [-Werror=implicit-function-declaration] nf_ct_untimeout(ctx->net, priv->timeout); ^~~ cc1: some warnings being treated as errors vim +/nf_ct_untimeout +899 net/netfilter/nft_ct.c 888 889 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx, 890 struct nft_object *obj) 891 { 892 struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 893 894 nf_ct_tmpl_free(priv->tmpl); 895 896 if (refcount_dec_if_one(>timeout->refcnt)) { 897 nf_ct_l4proto_put(priv->timeout->l4proto); 898 list_del_rcu(>timeout->head); > 899 nf_ct_untimeout(ctx->net, priv->timeout); 900 } 901 } 902 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next v10] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180802-001147 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: xtensa-allyesconfig (attached as .config) compiler: xtensa-linux-gcc (GCC) 8.1.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=8.1.0 make.cross ARCH=xtensa All errors (new ones prefixed by >>): net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy': >> net//netfilter/nft_ct.c:899:3: error: implicit declaration of function >> 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'? >> [-Werror=implicit-function-declaration] nf_ct_untimeout(ctx->net, priv->timeout); ^~~ nf_ct_netns_put cc1: some warnings being treated as errors vim +899 net//netfilter/nft_ct.c 888 889 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx, 890 struct nft_object *obj) 891 { 892 struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 893 894 nf_ct_tmpl_free(priv->tmpl); 895 896 if (refcount_dec_if_one(>timeout->refcnt)) { 897 nf_ct_l4proto_put(priv->timeout->l4proto); 898 list_del_rcu(>timeout->head); > 899 nf_ct_untimeout(ctx->net, priv->timeout); 900 } 901 } 902 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:master 5/7] ./usr/include/linux/netfilter/nf_osf.h:73: userspace cannot reference function or variable defined in the kernel
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 4ed8eb6570a49931c705512060acd50058d61616 commit: f9324952088f1cd62ea4addf9ff532f1e6452a22 [5/7] netfilter: nfnetlink_osf: extract nfnetlink_subsystem code from xt_osf.c config: i386-randconfig-a1-07310851 (attached as .config) compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4 reproduce: git checkout f9324952088f1cd62ea4addf9ff532f1e6452a22 # save the attached .config to linux build tree make ARCH=i386 All warnings (new ones prefixed by >>): >> ./usr/include/linux/netfilter/nf_osf.h:73: userspace cannot reference >> function or variable defined in the kernel --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next v9] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180724-145908 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: openrisc-allmodconfig (attached as .config) compiler: or1k-linux-gcc (GCC) 6.0.0 20160327 (experimental) reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=openrisc All errors (new ones prefixed by >>): net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy': >> net//netfilter/nft_ct.c:897:3: error: implicit declaration of function >> 'nf_ct_untimeout' [-Werror=implicit-function-declaration] nf_ct_untimeout(ctx->net, priv->timeout); ^~~ cc1: some warnings being treated as errors vim +/nf_ct_untimeout +897 net//netfilter/nft_ct.c 886 887 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx, 888 struct nft_object *obj) 889 { 890 struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 891 892 nf_ct_tmpl_free(priv->tmpl); 893 894 if (refcount_dec_if_one(>timeout->refcnt)) { 895 nf_ct_l4proto_put(priv->timeout->l4proto); 896 list_del_rcu(>timeout->head); > 897 nf_ct_untimeout(ctx->net, priv->timeout); 898 } 899 } 900 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next v9] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180724-145908 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-x077-201829 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy': >> net//netfilter/nft_ct.c:897:3: error: implicit declaration of function >> 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'? >> [-Werror=implicit-function-declaration] nf_ct_untimeout(ctx->net, priv->timeout); ^~~ nf_ct_netns_put cc1: some warnings being treated as errors vim +897 net//netfilter/nft_ct.c 886 887 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx, 888 struct nft_object *obj) 889 { 890 struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 891 892 nf_ct_tmpl_free(priv->tmpl); 893 894 if (refcount_dec_if_one(>timeout->refcnt)) { 895 nf_ct_l4proto_put(priv->timeout->l4proto); 896 list_del_rcu(>timeout->head); > 897 nf_ct_untimeout(ctx->net, priv->timeout); 898 } 899 } 900 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next] netfilter: cttimeout: move ctnl_untimeout to nf_conntrack
Hi Harsha, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-cttimeout-move-ctnl_untimeout-to-nf_conntrack/20180714-095352 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nf_conntrack_timeout.c:38:62: sparse: incompatible types in >> comparison expression (different base types) vim +38 net/netfilter/nf_conntrack_timeout.c 33 34 static int untimeout(struct nf_conn *ct, void *timeout) 35 { 36 struct nf_conn_timeout *timeout_ext = nf_ct_timeout_find(ct); 37 > 38 if (timeout_ext && (!timeout || timeout_ext->timeout == timeout)) 39 RCU_INIT_POINTER(timeout_ext->timeout, NULL); 40 41 /* We are not intended to delete this conntrack. */ 42 return 0; 43 } 44 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next v7] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180714-095128 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): >> net/netfilter/nft_ct.c:1106:11: error: 'nft_ct_timeout_obj_eval' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_ops'? .eval = nft_ct_timeout_obj_eval, ^~~ nft_ct_timeout_obj_ops >> net/netfilter/nft_ct.c:1107:11: error: 'nft_ct_timeout_obj_init' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_eval'? .init = nft_ct_timeout_obj_init, ^~~ nft_ct_timeout_obj_eval >> net/netfilter/nft_ct.c:1108:13: error: 'nft_ct_timeout_obj_destroy' >> undeclared here (not in a function); did you mean 'nft_ct_timeout_obj_init'? .destroy = nft_ct_timeout_obj_destroy, ^~ nft_ct_timeout_obj_init >> net/netfilter/nft_ct.c:1109:11: error: 'nft_ct_timeout_obj_dump' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_init'? .dump = nft_ct_timeout_obj_dump, ^~~ nft_ct_timeout_obj_init vim +1106 net/netfilter/nft_ct.c 1101 1102 static struct nft_object_type nft_ct_timeout_obj_type; 1103 static const struct nft_object_ops nft_ct_timeout_obj_ops = { 1104 .type = _ct_timeout_obj_type, 1105 .size = sizeof(struct nft_ct_timeout_obj), > 1106 .eval = nft_ct_timeout_obj_eval, > 1107 .init = nft_ct_timeout_obj_init, > 1108 .destroy= nft_ct_timeout_obj_destroy, > 1109 .dump = nft_ct_timeout_obj_dump, 1110 }; --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next] netfilter: cttimeout: move ctnl_untimeout to nf_conntrack
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-cttimeout-move-ctnl_untimeout-to-nf_conntrack/20180714-095352 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-x015-201827 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net//netfilter/nfnetlink_cttimeout.c: In function 'ctnl_timeout_try_del': >> net//netfilter/nfnetlink_cttimeout.c:312:3: error: implicit declaration of >> function 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'? >> [-Werror=implicit-function-declaration] nf_ct_untimeout(net, timeout); ^~~ nf_ct_netns_put cc1: some warnings being treated as errors vim +312 net//netfilter/nfnetlink_cttimeout.c 299 300 /* try to delete object, fail if it is still in use. */ 301 static int ctnl_timeout_try_del(struct net *net, struct ctnl_timeout *timeout) 302 { 303 int ret = 0; 304 305 /* We want to avoid races with ctnl_timeout_put. So only when the 306 * current refcnt is 1, we decrease it to 0. 307 */ 308 if (refcount_dec_if_one(>refcnt)) { 309 /* We are protected by nfnl mutex. */ 310 list_del_rcu(>head); 311 nf_ct_l4proto_put(timeout->l4proto); > 312 nf_ct_untimeout(net, timeout); 313 kfree_rcu(timeout, rcu_head); 314 } else { 315 ret = -EBUSY; 316 } 317 return ret; 318 } 319 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next v7] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180714-095128 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-x015-201827 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_destroy': >> net/netfilter/nft_ct.c:901:3: error: implicit declaration of function >> 'nf_ct_untimeout'; did you mean 'nf_ct_netns_put'? >> [-Werror=implicit-function-declaration] nf_ct_untimeout(ctx->net, priv->timeout); ^~~ nf_ct_netns_put cc1: some warnings being treated as errors vim +901 net/netfilter/nft_ct.c 890 891 static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx, 892 struct nft_object *obj) 893 { 894 struct nft_ct_timeout_obj *priv = nft_obj_data(obj); 895 896 nf_ct_tmpl_free(priv->tmpl); 897 898 if (refcount_dec_if_one(>timeout->refcnt)) { 899 nf_ct_l4proto_put(priv->timeout->l4proto); 900 list_del_rcu(>timeout->head); > 901 nf_ct_untimeout(ctx->net, priv->timeout); 902 } 903 } 904 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next 3/3] netfilter: nf_osf: add nf_osf_find()
Hi Pablo, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nf_osf-add-nf_osf_match_one/20180714-051307 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nf_osf.c:267:24: sparse: Using plain integer as NULL pointer vim +267 net/netfilter/nf_osf.c 251 252 const char *nf_osf_find(const struct sk_buff *skb, 253 const struct list_head *nf_osf_fingers) 254 { 255 const struct iphdr *ip = ip_hdr(skb); 256 const struct nf_osf_user_finger *f; 257 unsigned char opts[MAX_IPOPTLEN]; 258 const struct nf_osf_finger *kf; 259 struct nf_osf_hdr_ctx ctx; 260 const struct tcphdr *tcp; 261 const char *genre = NULL; 262 263 memset(, 0, sizeof(ctx)); 264 265 tcp = nf_osf_hdr_ctx_init(, skb, ip, opts); 266 if (!tcp) > 267 return false; 268 269 list_for_each_entry_rcu(kf, _osf_fingers[ctx.df], finger_entry) { 270 f = >finger; 271 if (!nf_osf_match_one(skb, f, -1, )) 272 continue; 273 274 genre = f->genre; 275 break; 276 } 277 278 return genre; 279 } 280 EXPORT_SYMBOL_GPL(nf_osf_find); 281 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 1/2 WIP nf-next] netfilter: implement Passive OS fingerprint module in nft_osf
Hi Fernando, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/netfilter-implement-Passive-OS-fingerprint-module-in-nft_osf/20180712-203655 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: ia64-allmodconfig (attached as .config) compiler: ia64-linux-gcc (GCC) 8.1.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=8.1.0 make.cross ARCH=ia64 Note: the linux-review/Fernando-Fernandez-Mancera/netfilter-implement-Passive-OS-fingerprint-module-in-nft_osf/20180712-203655 HEAD da6169296e9d1fd467a0717ebcdd42305488927d builds fine. It only hurts bisectibility. All errors (new ones prefixed by >>): In file included from include/linux/netfilter/nf_osf.h:1, from net/netfilter/nft_osf.c:2: >> include/uapi/linux/netfilter/nf_osf.h:66:24: error: 'MAX_IPOPTLEN' >> undeclared here (not in a function); did you mean 'MAY_OPEN'? struct nf_osf_opt opt[MAX_IPOPTLEN]; ^~~~ MAY_OPEN >> include/uapi/linux/netfilter/nf_osf.h:71:17: error: field 'ip' has >> incomplete type struct iphdr ip; ^~ >> include/uapi/linux/netfilter/nf_osf.h:72:18: error: field 'tcp' has >> incomplete type struct tcphdr tcp; ^~~ >> net/netfilter/nft_osf.c:20:47: error: 'NFTA_OSF_MAX' undeclared here (not in >> a function); did you mean 'NFTA_OBJ_MAX'? static const struct nla_policy nft_osf_policy[NFTA_OSF_MAX + 1] = { ^~~~ NFTA_OBJ_MAX >> net/netfilter/nft_osf.c:21:3: error: 'NFTA_OSF_GENRE' undeclared here (not >> in a function); did you mean 'NF_OSF_GENRE'? [NFTA_OSF_GENRE] = { .type = NLA_STRING, .len = OSF_GENRE_SIZE }, ^~ NF_OSF_GENRE >> net/netfilter/nft_osf.c:21:3: error: array index in initializer not of >> integer type net/netfilter/nft_osf.c:21:3: note: (near initialization for 'nft_osf_policy') >> net/netfilter/nft_osf.c:21:23: error: field name not in record or union >> initializer [NFTA_OSF_GENRE] = { .type = NLA_STRING, .len = OSF_GENRE_SIZE }, ^ net/netfilter/nft_osf.c:21:23: note: (near initialization for 'nft_osf_policy') net/netfilter/nft_osf.c:21:43: error: field name not in record or union initializer [NFTA_OSF_GENRE] = { .type = NLA_STRING, .len = OSF_GENRE_SIZE }, ^ net/netfilter/nft_osf.c:21:43: note: (near initialization for 'nft_osf_policy') >> net/netfilter/nft_osf.c:22:3: error: 'NFTA_OSF_FLAGS' undeclared here (not >> in a function); did you mean 'NFTA_FIB_FLAGS'? [NFTA_OSF_FLAGS] = { .type = NLA_U32 }, ^~ NFTA_FIB_FLAGS net/netfilter/nft_osf.c:22:3: error: array index in initializer not of integer type net/netfilter/nft_osf.c:22:3: note: (near initialization for 'nft_osf_policy') net/netfilter/nft_osf.c:22:23: error: field name not in record or union initializer [NFTA_OSF_FLAGS] = { .type = NLA_U32 }, ^ net/netfilter/nft_osf.c:22:23: note: (near initialization for 'nft_osf_policy') >> net/netfilter/nft_osf.c:23:3: error: 'NFTA_OSF_LOGLEVEL' undeclared here >> (not in a function); did you mean 'NFTA_LOG_LEVEL'? [NFTA_OSF_LOGLEVEL] = { .type = NLA_U32 }, ^ NFTA_LOG_LEVEL net/netfilter/nft_osf.c:23:3: error: array index in initializer not of integer type net/netfilter/nft_osf.c:23:3: note: (near initialization for 'nft_osf_policy') net/netfilter/nft_osf.c:23:26: error: field name not in record or union initializer [NFTA_OSF_LOGLEVEL] = { .type = NLA_U32 }, ^ net/netfilter/nft_osf.c:23:26: note: (near initialization for 'nft_osf_policy') >> net/netfilter/nft_osf.c:24:3: error: 'NFTA_OSF_TTL' undeclared here (not in >> a function); did you mean 'NF_OSF_TTL'? [NFTA_OSF_TTL] = { .type = NLA_U32 }, ^~~~ NF_OSF_TTL net/netfilter/nft_osf.c:24:3: error: array index in initializer not of integer type net/netfilter/nft_osf.c:24:3: note: (near initialization for 'nft_osf_policy') net/netfilter/nft_osf.c:24:22: error: field name not in record or union initializer [NFTA_OSF_TTL] = { .type = NLA_U32 }, ^ net/netfilter/nft_osf.c:24:22: note: (near initialization for 'nft_osf_policy') net/netfilter/nft_osf.c:20:32: warning: 'nft_osf_policy' defined but not used [-Wunused-variable] static const struct nla_policy nft_osf_policy[NFTA_OSF_MAX + 1] = {
Re: [PATCH nf-next v6] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180706-074958 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-fedora-25 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): >> net/netfilter/nft_ct.c:1114:11: error: 'nft_ct_timeout_obj_eval' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_ops'? .eval = nft_ct_timeout_obj_eval, ^~~ nft_ct_timeout_obj_ops >> net/netfilter/nft_ct.c:1115:11: error: 'nft_ct_timeout_obj_init' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_eval'? .init = nft_ct_timeout_obj_init, ^~~ nft_ct_timeout_obj_eval >> net/netfilter/nft_ct.c:1116:13: error: 'nft_ct_timeout_obj_destroy' >> undeclared here (not in a function); did you mean 'nft_ct_timeout_obj_init'? .destroy = nft_ct_timeout_obj_destroy, ^~ nft_ct_timeout_obj_init >> net/netfilter/nft_ct.c:1117:11: error: 'nft_ct_timeout_obj_dump' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_init'? .dump = nft_ct_timeout_obj_dump, ^~~ nft_ct_timeout_obj_init vim +1114 net/netfilter/nft_ct.c 1109 1110 static struct nft_object_type nft_ct_timeout_obj_type; static const struct nft_object_ops nft_ct_timeout_obj_ops = { 1112 .type = _ct_timeout_obj_type, 1113 .size = sizeof(struct nft_ct_timeout_obj), > 1114 .eval = nft_ct_timeout_obj_eval, > 1115 .init = nft_ct_timeout_obj_init, > 1116 .destroy= nft_ct_timeout_obj_destroy, > 1117 .dump = nft_ct_timeout_obj_dump, 1118 }; 1119 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next v5] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180706-001529 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-x013-201826 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): >> net/netfilter/nft_ct.c:1115:11: error: 'nft_ct_timeout_obj_eval' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_ops'? .eval = nft_ct_timeout_obj_eval, ^~~ nft_ct_timeout_obj_ops >> net/netfilter/nft_ct.c:1116:11: error: 'nft_ct_timeout_obj_init' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_eval'? .init = nft_ct_timeout_obj_init, ^~~ nft_ct_timeout_obj_eval >> net/netfilter/nft_ct.c:1117:13: error: 'nft_ct_timeout_obj_destroy' >> undeclared here (not in a function); did you mean 'nft_ct_timeout_obj_init'? .destroy = nft_ct_timeout_obj_destroy, ^~ nft_ct_timeout_obj_init >> net/netfilter/nft_ct.c:1118:11: error: 'nft_ct_timeout_obj_dump' undeclared >> here (not in a function); did you mean 'nft_ct_timeout_obj_init'? .dump = nft_ct_timeout_obj_dump, ^~~ nft_ct_timeout_obj_init vim +1115 net/netfilter/nft_ct.c 1110 static struct nft_object_type nft_ct_timeout_obj_type; 1112 static const struct nft_object_ops nft_ct_timeout_obj_ops = { 1113 .type = _ct_timeout_obj_type, 1114 .size = sizeof(struct nft_ct_timeout_obj), > 1115 .eval = nft_ct_timeout_obj_eval, > 1116 .init = nft_ct_timeout_obj_init, > 1117 .destroy= nft_ct_timeout_obj_destroy, > 1118 .dump = nft_ct_timeout_obj_dump, 1119 }; 1120 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next 6/8] netfilter: conntrack: avoid l4proto pkt_to_tuple calls
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-remove-ctnetlink-callbacks-from-l3-protocol-trackers/20180629-053035 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nf_conntrack_core.c:281:34: sparse: cast to restricted __be16 >> net/netfilter/nf_conntrack_core.c:281:34: sparse: cast from restricted __be32 >> net/netfilter/nf_conntrack_core.c:282:42: sparse: restricted __be32 degrades >> to integer net/netfilter/nf_conntrack_core.c:282:34: sparse: cast to restricted __be16 net/netfilter/nf_conntrack_core.c:1998:9: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_conntrack_core.c:2328:9: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_conntrack_core.c:117:13: sparse: context imbalance in 'nf_conntrack_double_unlock' - unexpected unlock net/netfilter/nf_conntrack_core.c:127:13: sparse: context imbalance in 'nf_conntrack_double_lock' - wrong count at exit net/netfilter/nf_conntrack_core.c:157:9: sparse: context imbalance in 'nf_conntrack_all_lock' - wrong count at exit net/netfilter/nf_conntrack_core.c:168:13: sparse: context imbalance in 'nf_conntrack_all_unlock' - unexpected unlock net/netfilter/nf_conntrack_core.c:1825:28: sparse: context imbalance in 'get_next_corpse' - unexpected unlock vim +281 net/netfilter/nf_conntrack_core.c 224 225 static bool 226 nf_ct_get_tuple(const struct sk_buff *skb, 227 unsigned int nhoff, 228 unsigned int dataoff, 229 u_int16_t l3num, 230 u_int8_t protonum, 231 struct net *net, 232 struct nf_conntrack_tuple *tuple, 233 const struct nf_conntrack_l4proto *l4proto) 234 { 235 unsigned int size; 236 const __be32 *ap; 237 __be32 _addrs[8]; 238 239 memset(tuple, 0, sizeof(*tuple)); 240 241 tuple->src.l3num = l3num; 242 switch (l3num) { 243 case NFPROTO_IPV4: 244 nhoff += offsetof(struct iphdr, saddr); 245 size = 2 * sizeof(__be32); 246 break; 247 case NFPROTO_IPV6: 248 nhoff += offsetof(struct ipv6hdr, saddr); 249 size = sizeof(_addrs); 250 break; 251 default: 252 return true; 253 } 254 255 ap = skb_header_pointer(skb, nhoff, size, _addrs); 256 if (!ap) 257 return false; 258 259 switch (l3num) { 260 case NFPROTO_IPV4: 261 tuple->src.u3.ip = ap[0]; 262 tuple->dst.u3.ip = ap[1]; 263 break; 264 case NFPROTO_IPV6: 265 memcpy(tuple->src.u3.ip6, ap, sizeof(tuple->src.u3.ip6)); 266 memcpy(tuple->dst.u3.ip6, ap + 4, sizeof(tuple->dst.u3.ip6)); 267 break; 268 } 269 270 tuple->dst.protonum = protonum; 271 tuple->dst.dir = IP_CT_DIR_ORIGINAL; 272 273 if (unlikely(l4proto->pkt_to_tuple)) 274 return l4proto->pkt_to_tuple(skb, dataoff, net, tuple); 275 276 /* Actually only need first 4 bytes to get ports. */ 277 ap = skb_header_pointer(skb, dataoff, sizeof(*ap), &_addrs); 278 if (ap == NULL) 279 return false; 280 > 281 tuple->src.u.udp.port = (__be16)*ap; > 282 tuple->dst.u.udp.port = (__be16)(*ap >> 16); 283 return true; 284 } 285 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 8/8] netfilter: conntrack: remove l3proto abstraction
Hi Florian, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-conntrack-remove-ctnetlink-callbacks-from-l3-protocol-trackers/20180629-053035 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-x070-201825 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All error/warnings (new ones prefixed by >>): net/netfilter/nf_conntrack_proto.c: In function 'nf_ct_netns_do_put': >> net/netfilter/nf_conntrack_proto.c:836:33: error: 'ipv6_conntrack_ops' >> undeclared (first use in this function); did you mean 'ipv4_conntrack_ops'? nf_unregister_net_hooks(net, ipv6_conntrack_ops, ^~ ipv4_conntrack_ops net/netfilter/nf_conntrack_proto.c:836:33: note: each undeclared identifier is reported only once for each function it appears in In file included from include/linux/kernel.h:15:0, from include/linux/skbuff.h:17, from include/linux/netfilter.h:6, from net/netfilter/nf_conntrack_proto.c:4: >> include/linux/build_bug.h:29:45: error: bit-field '' width not an >> integer constant #define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); })) ^ include/linux/compiler-gcc.h:65:28: note: in expansion of macro 'BUILD_BUG_ON_ZERO' #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) ^ include/linux/kernel.h:72:59: note: in expansion of macro '__must_be_array' #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) ^~~ >> net/netfilter/nf_conntrack_proto.c:837:7: note: in expansion of macro >> 'ARRAY_SIZE' ARRAY_SIZE(ipv6_conntrack_ops)); ^~ -- net//netfilter/nf_conntrack_proto.c: In function 'nf_ct_netns_do_put': net//netfilter/nf_conntrack_proto.c:836:33: error: 'ipv6_conntrack_ops' undeclared (first use in this function); did you mean 'ipv4_conntrack_ops'? nf_unregister_net_hooks(net, ipv6_conntrack_ops, ^~ ipv4_conntrack_ops net//netfilter/nf_conntrack_proto.c:836:33: note: each undeclared identifier is reported only once for each function it appears in In file included from include/linux/kernel.h:15:0, from include/linux/skbuff.h:17, from include/linux/netfilter.h:6, from net//netfilter/nf_conntrack_proto.c:4: >> include/linux/build_bug.h:29:45: error: bit-field '' width not an >> integer constant #define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:(-!!(e)); })) ^ include/linux/compiler-gcc.h:65:28: note: in expansion of macro 'BUILD_BUG_ON_ZERO' #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) ^ include/linux/kernel.h:72:59: note: in expansion of macro '__must_be_array' #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) ^~~ net//netfilter/nf_conntrack_proto.c:837:7: note: in expansion of macro 'ARRAY_SIZE' ARRAY_SIZE(ipv6_conntrack_ops)); ^~ vim +836 net/netfilter/nf_conntrack_proto.c 822 823 static void nf_ct_netns_do_put(struct net *net, u8 nfproto) 824 { 825 struct nf_conntrack_net *cnet = net_generic(net, nf_conntrack_net_id); 826 827 mutex_lock(_ct_proto_mutex); 828 switch (nfproto) { 829 case NFPROTO_IPV4: 830 if (cnet->users4 && (--cnet->users4 == 0)) 831 nf_unregister_net_hooks(net, ipv4_conntrack_ops, 832 ARRAY_SIZE(ipv4_conntrack_ops)); 833 break; 834 case NFPROTO_IPV6: 835 if (cnet->users6 && (--cnet->users6 == 0)) > 836 nf_unregister_net_hooks(net, ipv6_conntrack_ops, > 837 > ARRAY_SIZE(ipv6_conntrack_ops)); 838 break; 839 } 840 841 mutex_unlock(_ct_proto_mutex); 842 } 843 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH] netfilter: nf_flow_table: add conntrack accounting
Hi John, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] [also build test WARNING on v4.18-rc2 next-20180625] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/John-Crispin/netfilter-nf_flow_table-add-conntrack-accounting/20180626-124429 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-allyesconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): In file included from include/linux/linkage.h:7:0, from include/linux/kernel.h:7, from net/netfilter/nf_flow_table_core.c:1: net/netfilter/nf_flow_table_core.c:170:19: error: 'nf_flow_table_acct' undeclared here (not in a function); did you mean 'nf_flow_table_init'? EXPORT_SYMBOL_GPL(nf_flow_table_acct); ^ include/linux/export.h:59:16: note: in definition of macro '___EXPORT_SYMBOL' extern typeof(sym) sym; \ ^~~ >> net/netfilter/nf_flow_table_core.c:170:1: note: in expansion of macro >> 'EXPORT_SYMBOL_GPL' EXPORT_SYMBOL_GPL(nf_flow_table_acct); ^ vim +/EXPORT_SYMBOL_GPL +170 net/netfilter/nf_flow_table_core.c > 1 #include 2 #include 3 #include 4 #include 5 #include 6 #include 7 #include 8 #include 9 #include 10 #include 11 #include 12 #include 13 #include 14 #include 15 16 struct flow_offload_entry { 17 struct flow_offload flow; 18 struct nf_conn *ct; 19 struct rcu_head rcu_head; 20 }; 21 22 static DEFINE_MUTEX(flowtable_lock); 23 static LIST_HEAD(flowtables); 24 25 static void 26 flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct, 27struct nf_flow_route *route, 28enum flow_offload_tuple_dir dir) 29 { 30 struct flow_offload_tuple *ft = >tuplehash[dir].tuple; 31 struct nf_conntrack_tuple *ctt = >tuplehash[dir].tuple; 32 struct dst_entry *dst = route->tuple[dir].dst; 33 34 ft->dir = dir; 35 36 switch (ctt->src.l3num) { 37 case NFPROTO_IPV4: 38 ft->src_v4 = ctt->src.u3.in; 39 ft->dst_v4 = ctt->dst.u3.in; 40 ft->mtu = ip_dst_mtu_maybe_forward(dst, true); 41 break; 42 case NFPROTO_IPV6: 43 ft->src_v6 = ctt->src.u3.in6; 44 ft->dst_v6 = ctt->dst.u3.in6; 45 ft->mtu = ip6_dst_mtu_forward(dst); 46 break; 47 } 48 49 ft->l3proto = ctt->src.l3num; 50 ft->l4proto = ctt->dst.protonum; 51 ft->src_port = ctt->src.u.tcp.port; 52 ft->dst_port = ctt->dst.u.tcp.port; 53 54 ft->iifidx = route->tuple[dir].ifindex; 55 ft->oifidx = route->tuple[!dir].ifindex; 56 ft->dst_cache = dst; 57 } 58 59 struct flow_offload * 60 flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route) 61 { 62 struct flow_offload_entry *entry; 63 struct flow_offload *flow; 64 65 if (unlikely(nf_ct_is_dying(ct) || 66 !atomic_inc_not_zero(>ct_general.use))) 67 return NULL; 68 69 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 70 if (!entry) 71 goto err_ct_refcnt; 72 73 flow = >flow; 74 75 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst)) 76 goto err_dst_cache_original; 77 78 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst)) 79 goto err_dst_cache_reply; 80 81 entry->ct = ct; 82 83 flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_ORIGINAL); 84 flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY); 85 86 if (ct->status & IPS_SRC_NAT) 87 flow->flags |= FLOW_OFFLOAD_SNAT; 88 if (ct->status & IPS_DST_NAT) 89 flow->flags |= FLOW_OFFLOAD_DNAT; 90 91 return flow; 92 93 err_dst_cache_reply: 94 dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst); 95 err_dst_cache_original: 96 kfree(entry); 97 err_ct_refcnt: 98 nf_ct_put(ct); 99 100 return NULL; 101 } 102
Re: [PATCH] netfilter: nf_flow_table: add conntrack accounting
Hi John, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.18-rc2 next-20180625] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/John-Crispin/netfilter-nf_flow_table-add-conntrack-accounting/20180626-124429 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: xtensa-allyesconfig (attached as .config) compiler: xtensa-linux-gcc (GCC) 8.1.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=8.1.0 make.cross ARCH=xtensa All errors (new ones prefixed by >>): In file included from include/linux/linkage.h:7, from include/linux/kernel.h:7, from net/netfilter/nf_flow_table_core.c:1: >> net/netfilter/nf_flow_table_core.c:170:19: error: 'nf_flow_table_acct' >> undeclared here (not in a function); did you mean 'nf_flow_table_init'? EXPORT_SYMBOL_GPL(nf_flow_table_acct); ^~ include/linux/export.h:59:16: note: in definition of macro '___EXPORT_SYMBOL' extern typeof(sym) sym; \ ^~~ net/netfilter/nf_flow_table_core.c:170:1: note: in expansion of macro 'EXPORT_SYMBOL_GPL' EXPORT_SYMBOL_GPL(nf_flow_table_acct); ^ vim +170 net/netfilter/nf_flow_table_core.c > 1 #include 2 #include 3 #include 4 #include 5 #include 6 #include 7 #include 8 #include 9 #include 10 #include 11 #include 12 #include 13 #include 14 #include 15 16 struct flow_offload_entry { 17 struct flow_offload flow; 18 struct nf_conn *ct; 19 struct rcu_head rcu_head; 20 }; 21 22 static DEFINE_MUTEX(flowtable_lock); 23 static LIST_HEAD(flowtables); 24 25 static void 26 flow_offload_fill_dir(struct flow_offload *flow, struct nf_conn *ct, 27struct nf_flow_route *route, 28enum flow_offload_tuple_dir dir) 29 { 30 struct flow_offload_tuple *ft = >tuplehash[dir].tuple; 31 struct nf_conntrack_tuple *ctt = >tuplehash[dir].tuple; 32 struct dst_entry *dst = route->tuple[dir].dst; 33 34 ft->dir = dir; 35 36 switch (ctt->src.l3num) { 37 case NFPROTO_IPV4: 38 ft->src_v4 = ctt->src.u3.in; 39 ft->dst_v4 = ctt->dst.u3.in; 40 ft->mtu = ip_dst_mtu_maybe_forward(dst, true); 41 break; 42 case NFPROTO_IPV6: 43 ft->src_v6 = ctt->src.u3.in6; 44 ft->dst_v6 = ctt->dst.u3.in6; 45 ft->mtu = ip6_dst_mtu_forward(dst); 46 break; 47 } 48 49 ft->l3proto = ctt->src.l3num; 50 ft->l4proto = ctt->dst.protonum; 51 ft->src_port = ctt->src.u.tcp.port; 52 ft->dst_port = ctt->dst.u.tcp.port; 53 54 ft->iifidx = route->tuple[dir].ifindex; 55 ft->oifidx = route->tuple[!dir].ifindex; 56 ft->dst_cache = dst; 57 } 58 59 struct flow_offload * 60 flow_offload_alloc(struct nf_conn *ct, struct nf_flow_route *route) 61 { 62 struct flow_offload_entry *entry; 63 struct flow_offload *flow; 64 65 if (unlikely(nf_ct_is_dying(ct) || 66 !atomic_inc_not_zero(>ct_general.use))) 67 return NULL; 68 69 entry = kzalloc(sizeof(*entry), GFP_ATOMIC); 70 if (!entry) 71 goto err_ct_refcnt; 72 73 flow = >flow; 74 75 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst)) 76 goto err_dst_cache_original; 77 78 if (!dst_hold_safe(route->tuple[FLOW_OFFLOAD_DIR_REPLY].dst)) 79 goto err_dst_cache_reply; 80 81 entry->ct = ct; 82 83 flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_ORIGINAL); 84 flow_offload_fill_dir(flow, ct, route, FLOW_OFFLOAD_DIR_REPLY); 85 86 if (ct->status & IPS_SRC_NAT) 87 flow->flags |= FLOW_OFFLOAD_SNAT; 88 if (ct->status & IPS_DST_NAT) 89 flow->flags |= FLOW_OFFLOAD_DNAT; 90 91 return flow; 92 93 err_dst_cache_reply: 94 dst_release(route->tuple[FLOW_OFFLOAD_DIR_ORIGINAL].dst); 95 err_dst_cache_original: 96
Re: [PATCH nf-next] netfilter: Add native tproxy support for nf_tables
Hi MĂ¡tĂ©, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-Add-native-tproxy-support-for-nf_tables/20180620-222749 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: ia64-allmodconfig (attached as .config) compiler: ia64-linux-gcc (GCC) 8.1.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=8.1.0 make.cross ARCH=ia64 All errors (new ones prefixed by >>): net/netfilter/nft_tproxy.c: In function 'nft_tproxy_eval_v4': >> net/netfilter/nft_tproxy.c:65:3: error: implicit declaration of function >> 'nf_tproxy_assign_sock'; did you mean 'nf_tproxy_get_sock_v6'? >> [-Werror=implicit-function-declaration] nf_tproxy_assign_sock(skb, sk); ^ nf_tproxy_get_sock_v6 cc1: some warnings being treated as errors vim +65 net/netfilter/nft_tproxy.c 16 17 static void nft_tproxy_eval_v4(const struct nft_expr *expr, 18 struct nft_regs *regs, 19 const struct nft_pktinfo *pkt) 20 { 21 const struct nft_tproxy *priv = nft_expr_priv(expr); 22 struct sk_buff *skb = pkt->skb; 23 struct sock *sk = skb->sk; 24 const struct iphdr *iph = ip_hdr(skb); 25 struct udphdr _hdr, *hp; 26 __be32 taddr = 0; 27 __be16 tport = 0; 28 29 hp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_hdr), &_hdr); 30 if (!hp) 31 regs->verdict.code = NFT_BREAK; 32 33 /* check if there's an ongoing connection on the packet 34 * addresses, this happens if the redirect already happened 35 * and the current packet belongs to an already established 36 * connection */ 37 sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol, 38 iph->saddr, iph->daddr, 39 hp->source, hp->dest, 40 skb->dev, NF_TPROXY_LOOKUP_ESTABLISHED); 41 42 if (priv->sreg_addr) 43 taddr = regs->data[priv->sreg_addr]; 44 taddr = nf_tproxy_laddr4(skb, taddr, iph->daddr); 45 46 if (priv->sreg_port) { 47 tport = regs->data[priv->sreg_port]; 48 } 49 if (!tport) 50 tport = hp->dest; 51 52 /* UDP has no TCP_TIME_WAIT state, so we never enter here */ 53 if (sk && sk->sk_state == TCP_TIME_WAIT) 54 /* reopening a TIME_WAIT connection needs special handling */ 55 sk = nf_tproxy_handle_time_wait4(nft_net(pkt), skb, taddr, tport, sk); 56 else if (!sk) 57 /* no, there's no established connection, check if 58 * there's a listener on the redirected addr/port */ 59 sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol, 60 iph->saddr, taddr, 61 hp->source, tport, 62 skb->dev, NF_TPROXY_LOOKUP_LISTENER); 63 64 if (sk && nf_tproxy_sk_is_transparent(sk)) { > 65 nf_tproxy_assign_sock(skb, sk); 66 } 67 } 68 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next v4] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180612-061838 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-randconfig-s0-06120905 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): In file included from include/linux/kernel.h:10:0, from net//netfilter/nft_ct.c:12: net//netfilter/nft_ct.c: In function 'ctnl_timeout_parse_policy': net//netfilter/nft_ct.c:783:14: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? if (!l4proto->ctnl_timeout.nlattr_to_obj) ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> net//netfilter/nft_ct.c:783:2: note: in expansion of macro 'if' if (!l4proto->ctnl_timeout.nlattr_to_obj) ^~ net//netfilter/nft_ct.c:783:14: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? if (!l4proto->ctnl_timeout.nlattr_to_obj) ^ include/linux/compiler.h:58:42: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> net//netfilter/nft_ct.c:783:2: note: in expansion of macro 'if' if (!l4proto->ctnl_timeout.nlattr_to_obj) ^~ net//netfilter/nft_ct.c:783:14: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? if (!l4proto->ctnl_timeout.nlattr_to_obj) ^ include/linux/compiler.h:69:16: note: in definition of macro '__trace_if' __r = !!(cond); \ ^~~~ >> net//netfilter/nft_ct.c:783:2: note: in expansion of macro 'if' if (!l4proto->ctnl_timeout.nlattr_to_obj) ^~ net//netfilter/nft_ct.c:786:22: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? tb = kcalloc(l4proto->ctnl_timeout.nlattr_max + 1, sizeof(*tb), ^~ net//netfilter/nft_ct.c:792:36: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max, ^~ net//netfilter/nft_ct.c:793:24: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? attr, l4proto->ctnl_timeout.nla_policy, ^~ net//netfilter/nft_ct.c:798:15: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeouts); ^~ net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_init': net//netfilter/nft_ct.c:850:26: error: 'struct net' has no member named 'nfct_timeout_list' INIT_LIST_HEAD(>net->nfct_timeout_list); ^~ In file included from net//netfilter/nft_ct.c:12:0: net//netfilter/nft_ct.c:851:40: error: 'struct net' has no member named 'nfct_timeout_list' list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^ include/linux/kernel.h:961:26: note: in definition of macro 'container_of' void *__mptr = (void *)(ptr); \ ^~~ include/linux/list.h:377:2: note: in expansion of macro 'list_entry' list_entry((ptr)->next, type, member) ^~ include/linux/list.h:464:13: note: in expansion of macro 'list_first_entry' for (pos = list_first_entry(head, typeof(*pos), member); \ ^~~~ net//netfilter/nft_ct.c:851:2: note: in expansion of macro 'list_for_each_entry' list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^~~ In file included from include/linux/kernel.h:10:0, from net//netfilter/nft_ct.c:12: net//netfilter/nft_ct.c:851:40: error: 'struct net' has no member named 'nfct_timeout_list' list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^ include/linux/compiler.h:316:19: note: in definition of macro '__compiletime_assert' bool __cond = !(condition);\ ^ include/linux/compiler.h:339:2: note: in expansion of macro '_compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__) ^~~
Re: [PATCH nf-next v4] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180612-061838 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: m68k-sun3_defconfig (attached as .config) compiler: m68k-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree GCC_VERSION=7.2.0 make.cross ARCH=m68k All errors (new ones prefixed by >>): net/netfilter/nft_ct.c: In function 'ctnl_timeout_parse_policy': net/netfilter/nft_ct.c:783:16: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? if (!l4proto->ctnl_timeout.nlattr_to_obj) ^~~~ get_timeouts net/netfilter/nft_ct.c:786:24: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? tb = kcalloc(l4proto->ctnl_timeout.nlattr_max + 1, sizeof(*tb), ^~~~ get_timeouts net/netfilter/nft_ct.c:792:38: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max, ^~~~ get_timeouts net/netfilter/nft_ct.c:793:26: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? attr, l4proto->ctnl_timeout.nla_policy, ^~~~ get_timeouts net/netfilter/nft_ct.c:798:17: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeouts); ^~~~ get_timeouts net/netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_init': >> net/netfilter/nft_ct.c:850:28: error: 'struct net' has no member named >> 'nfct_timeout_list'; did you mean 'nfnl_acct_list'? INIT_LIST_HEAD(>net->nfct_timeout_list); ^ nfnl_acct_list In file included from net/netfilter/nft_ct.c:12:0: net/netfilter/nft_ct.c:851:42: error: 'struct net' has no member named 'nfct_timeout_list'; did you mean 'nfnl_acct_list'? list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^ include/linux/kernel.h:961:26: note: in definition of macro 'container_of' void *__mptr = (void *)(ptr); \ ^~~ include/linux/list.h:377:2: note: in expansion of macro 'list_entry' list_entry((ptr)->next, type, member) ^~ include/linux/list.h:464:13: note: in expansion of macro 'list_first_entry' for (pos = list_first_entry(head, typeof(*pos), member); \ ^~~~ net/netfilter/nft_ct.c:851:2: note: in expansion of macro 'list_for_each_entry' list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^~~ In file included from include/linux/kernel.h:10:0, from net/netfilter/nft_ct.c:12: net/netfilter/nft_ct.c:851:42: error: 'struct net' has no member named 'nfct_timeout_list'; did you mean 'nfnl_acct_list'? list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^ include/linux/compiler.h:316:19: note: in definition of macro '__compiletime_assert' bool __cond = !(condition);\ ^ include/linux/compiler.h:339:2: note: in expansion of macro '_compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__) ^~~ include/linux/build_bug.h:45:37: note: in expansion of macro 'compiletime_assert' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^~ include/linux/kernel.h:962:2: note: in expansion of macro 'BUILD_BUG_ON_MSG' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^~~~ include/linux/kernel.h:962:20: note: in expansion of macro '__same_type' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^~~ include/linux/list.h:366:2: note: in expansion of macro 'container_of' container_of(ptr, type, member) ^~~~ include/linux/list.h:377:2: note: in expansion of macro 'list_entry' list_entry((ptr)->next, type, member) ^~
Re: [PATCH v3 nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180601-094951 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-allyesconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): In file included from net//netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to incomplete type 'struct sock' switch (sk->sk_state) { ^~ include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared (first use in this function); did you mean 'BPF_TCP_TIME_WAIT'? case TCP_TIME_WAIT: ^ BPF_TCP_TIME_WAIT include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is reported only once for each function it appears in >> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of >> function 'inet_twsk'; did you mean 'idle_task'? >> [-Werror=implicit-function-declaration] return inet_twsk(sk)->tw_transparent; ^ idle_task include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of '->' (have 'int') return inet_twsk(sk)->tw_transparent; ^~ include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared (first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'? case TCP_NEW_SYN_RECV: ^~~~ BPF_TCP_NEW_SYN_RECV >> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of >> function 'inet_rsk'; did you mean 'net_eq'? >> [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ net_eq include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of function 'inet_reqsk'; did you mean 'net_eq'? [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ net_eq include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of '->' (have 'int') return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ >> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of >> function 'inet_sk'; did you mean 'net_eq'? >> [-Werror=implicit-function-declaration] return inet_sk(sk)->transparent; ^~~ net_eq include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of '->' (have 'int') return inet_sk(sk)->transparent; ^~ In file included from include/net/inet_sock.h:27:0, from net//netfilter/nft_socket.c:8: include/net/request_sock.h: At top level: include/net/request_sock.h:72:100: error: conflicting types for 'inet_reqsk' static inline struct request_sock *inet_reqsk(const struct sock *sk) ^ In file included from net//netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration of 'inet_reqsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ In file included from net//netfilter/nft_socket.c:8:0: include/net/inet_sock.h:107:105: error: conflicting types for 'inet_rsk' static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) ^ In file included from net//netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration of 'inet_rsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ In file included from net//netfilter/nft_socket.c:8:0: include/net/inet_sock.h:273:97: error: conflicting types for 'inet_sk' static inline struct inet_sock *inet_sk(const struct sock *sk) ^ In file included from net//netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration of 'inet_sk' was here return inet_sk(sk)->transparent; ^~~ include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ cc1: some warnings being treated as errors vim +14
Re: [PATCH v3 nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180601-094951 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: openrisc-allyesconfig (attached as .config) compiler: or1k-linux-gcc (GCC) 6.0.0 20160327 (experimental) reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=openrisc All errors (new ones prefixed by >>): In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to incomplete type 'struct sock' switch (sk->sk_state) { ^~ >> include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared >> (first use in this function) case TCP_TIME_WAIT: ^ include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is reported only once for each function it appears in >> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of >> function 'inet_twsk' [-Werror=implicit-function-declaration] return inet_twsk(sk)->tw_transparent; ^ include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of '->' (have 'int') return inet_twsk(sk)->tw_transparent; ^~ >> include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared >> (first use in this function) case TCP_NEW_SYN_RECV: ^~~~ >> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of >> function 'inet_rsk' [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ >> include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of >> function 'inet_reqsk' [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of '->' (have 'int') return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ >> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of >> function 'inet_sk' [-Werror=implicit-function-declaration] return inet_sk(sk)->transparent; ^~~ include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of '->' (have 'int') return inet_sk(sk)->transparent; ^~ In file included from include/net/inet_sock.h:27:0, from net/netfilter/nft_socket.c:8: include/net/request_sock.h: At top level: include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk' static inline struct request_sock *inet_reqsk(const struct sock *sk) ^~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration of 'inet_reqsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ In file included from net/netfilter/nft_socket.c:8:0: include/net/inet_sock.h:107:41: error: conflicting types for 'inet_rsk' static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) ^~~~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration of 'inet_rsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ In file included from net/netfilter/nft_socket.c:8:0: include/net/inet_sock.h:273:33: error: conflicting types for 'inet_sk' static inline struct inet_sock *inet_sk(const struct sock *sk) ^~~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration of 'inet_sk' was here return inet_sk(sk)->transparent; ^~~ include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ cc1: some warnings being treated as errors vim +/TCP_TIME_WAIT +13 include/net/netfilter/nf_socket.h 8db4c5be Pablo Neira Ayuso 2016-10-27 9 8db4c5be Pablo Neira Ayuso 2016-10-27 10 static inline bool nf_sk_is_transparent(struct sock *sk) 8db4c5be Pablo Neira Ayuso 2016-10-27 11 { 8db4c5be Pablo Neira Ayuso 2016-10-27 @12 switch (sk->sk_state) { 8db4c5be Pablo Neira Ayuso 2016-10-27 @13
Re: [PATCH nf-next,v2] netfilter: nft_fwd_netdev: allow to forward packets via neighbour layer
Hi Pablo, I love your patch! Perhaps something to improve: [auto build test WARNING on nf/master] [also build test WARNING on v4.17-rc7 next-20180531] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-nft_fwd_netdev-allow-to-forward-packets-via-neighbour-layer/20180601-093630 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 Note: it may well be a FALSE warning. FWIW you are at least aware of it now. http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings All warnings (new ones prefixed by >>): net/netfilter/nft_fwd_netdev.c: In function 'nft_fwd_neigh_eval': >> net/netfilter/nft_fwd_netdev.c:130:2: warning: 'neigh_table' may be used >> uninitialized in this function [-Wmaybe-uninitialized] neigh_xmit(neigh_table, dev, addr, skb); ^~~ vim +/neigh_table +130 net/netfilter/nft_fwd_netdev.c 76 77 static void nft_fwd_neigh_eval(const struct nft_expr *expr, 78struct nft_regs *regs, 79const struct nft_pktinfo *pkt) 80 { 81 struct nft_fwd_neigh *priv = nft_expr_priv(expr); 82 void *addr = >data[priv->sreg_addr]; 83 int oif = regs->data[priv->sreg_dev]; 84 unsigned int verdict = NF_STOLEN; 85 struct sk_buff *skb = pkt->skb; 86 struct net_device *dev; 87 int neigh_table; 88 89 dev = dev_get_by_index_rcu(nft_net(pkt), oif); 90 if (dev == NULL) 91 return; 92 93 skb->dev = dev; 94 95 switch (priv->nfproto) { 96 case NFPROTO_IPV4: { 97 struct iphdr *iph; 98 99 if (skb->protocol != htons(ETH_P_IP)) { 100 verdict = NFT_BREAK; 101 goto out; 102 } 103 if (skb_try_make_writable(skb, sizeof(*iph))) { 104 verdict = NF_DROP; 105 goto out; 106 } 107 iph = ip_hdr(skb); 108 ip_decrease_ttl(iph); 109 neigh_table = NEIGH_ARP_TABLE; 110 break; 111 } 112 case NFPROTO_IPV6: { 113 struct ipv6hdr *ip6h; 114 115 if (skb->protocol != htons(ETH_P_IPV6)) { 116 verdict = NFT_BREAK; 117 goto out; 118 } 119 if (skb_try_make_writable(skb, sizeof(*ip6h))) { 120 verdict = NF_DROP; 121 goto out; 122 } 123 ip6h = ipv6_hdr(skb); 124 ip6h->hop_limit--; 125 neigh_table = NEIGH_ND_TABLE; 126 break; 127 } 128 } 129 > 130 neigh_xmit(neigh_table, dev, addr, skb); 131 out: 132 regs->verdict.code = verdict; 133 } 134 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v2 nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180601-080238 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': >> include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to >> incomplete type 'struct sock' switch (sk->sk_state) { ^~ >> include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared >> (first use in this function); did you mean 'BPF_TCP_TIME_WAIT'? case TCP_TIME_WAIT: ^ BPF_TCP_TIME_WAIT include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is reported only once for each function it appears in >> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of >> function 'inet_twsk'; did you mean 'in_task'? >> [-Werror=implicit-function-declaration] return inet_twsk(sk)->tw_transparent; ^ in_task >> include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of >> '->' (have 'int') return inet_twsk(sk)->tw_transparent; ^~ >> include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared >> (first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'? case TCP_NEW_SYN_RECV: ^~~~ BPF_TCP_NEW_SYN_RECV >> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of >> function 'inet_rsk'; did you mean 'in_task'? >> [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ in_task >> include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of >> function 'inet_reqsk'; did you mean 'net_eq'? >> [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ net_eq include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of '->' (have 'int') return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ >> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of >> function 'inet_sk'; did you mean 'in_task'? >> [-Werror=implicit-function-declaration] return inet_sk(sk)->transparent; ^~~ in_task include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of '->' (have 'int') return inet_sk(sk)->transparent; ^~ In file included from include/net/inet_sock.h:27:0, from net/netfilter/nft_socket.c:8: include/net/request_sock.h: At top level: >> include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk' static inline struct request_sock *inet_reqsk(const struct sock *sk) ^~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration of 'inet_reqsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ In file included from net/netfilter/nft_socket.c:8:0: >> include/net/inet_sock.h:107:41: error: conflicting types for 'inet_rsk' static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) ^~~~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration of 'inet_rsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ In file included from net/netfilter/nft_socket.c:8:0: >> include/net/inet_sock.h:273:33: error: conflicting types for 'inet_sk' static inline struct inet_sock *inet_sk(const struct sock *sk) ^~~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration of 'inet_sk' was here return inet_sk(sk)->transparent; ^~~ include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ cc1: some warnings being treated as errors vim +12 include/net/netfilter/nf_socket.h 8db4c5be Pablo Neira Ayuso 2016-10-27 9 8db4c5be Pablo Neira Ayuso 2016-10-27 10 static inline bool nf_sk_is_transparent(struct sock *sk) 8db4c5be Pablo
Re: [PATCH nf-next 2/8] netfilter: nf_tables: nf_tables_gettable: use call_rcu
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-nf_tables-make-get-and-dump-operations-lockless/20180529-071211 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/netfilter/nf_tables_api.c:1193:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1193:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1193:31:got void * net/netfilter/nf_tables_api.c:1196:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1196:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1196:31:got void * net/netfilter/nf_tables_api.c:1200:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1200:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1200:31:got void * net/netfilter/nf_tables_api.c:1223:28: sparse: cast between address spaces (->) net/netfilter/nf_tables_api.c:1223:28: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_tables_api.c:1472:23: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats *stats @@got struct nft_stats struct nft_stats *stats @@ net/netfilter/nf_tables_api.c:1480:29: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:1484:38: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats [noderef] *stats @@got [noderef] *stats @@ net/netfilter/nf_tables_api.c:1498:37: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:2772:16: sparse: incorrect type in return expression (different base types) @@expected unsigned long long @@got restricted unsigned long long @@ net/netfilter/nf_tables_api.c:2822:47: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ net/netfilter/nf_tables_api.c:3481:47: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ net/netfilter/nf_tables_api.c:3495:55: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ >> include/linux/rcupdate.h:686:9: sparse: context imbalance in >> 'nft_netlink_dump_start_rcu' - unexpected unlock vim +/nft_netlink_dump_start_rcu +686 include/linux/rcupdate.h ^1da177e4 Linus Torvalds 2005-04-16 636 ^1da177e4 Linus Torvalds 2005-04-16 637 /* ^1da177e4 Linus Torvalds 2005-04-16 638 * So where is rcu_write_lock()? It does not exist, as there is no ^1da177e4 Linus Torvalds 2005-04-16 639 * way for writers to lock out RCU readers. This is a feature, not ^1da177e4 Linus Torvalds 2005-04-16 640 * a bug -- this property is what provides RCU's performance benefits. ^1da177e4 Linus Torvalds 2005-04-16 641 * Of course, writers must coordinate with each other. The normal ^1da177e4 Linus Torvalds 2005-04-16 642 * spinlock primitives work well for this, but any other technique may be ^1da177e4 Linus Torvalds 2005-04-16 643 * used as well. RCU does not care how the writers keep out of each ^1da177e4 Linus Torvalds 2005-04-16 644 * others' way, as long as they do so. ^1da177e4 Linus Torvalds 2005-04-16 645 */ 3d76c0829 Paul E. McKenney 2009-09-28 646 3d76c0829 Paul E. McKenney 2009-09-28 647 /** ca5ecddfa Paul E. McKenney 2010-04-28 648 * rcu_read_unlock() - marks the end of an RCU read-side critical section. 3d76c0829 Paul E. McKenney 2009-09-28 649 * f27bc4873 Paul E. McKenney 2014-05-04 650 * In most situations, rcu_read_unlock() is immune from deadlock. f27bc4873 Paul E. McKenney 2014-05-04 651 * However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock() f27bc4873 Paul E. McKenney 2014-05-04 652 * is responsible for deboosting, which it does via rt_mutex_unlock(). f27bc4873 Paul E. McKenney 2014-05-04 653 * Unfortunately, this function acquires the scheduler's runqueue and f27bc4873 Paul E.
[RFC PATCH] netfilter: nft: nft_socket_type can be static
Fixes: 809f719f9b3f ("netfilter: nft: add support for native socket matching") Signed-off-by: kbuild test robot --- nft_socket.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c index 5eb1069..3429a2e 100644 --- a/net/netfilter/nft_socket.c +++ b/net/netfilter/nft_socket.c @@ -108,7 +108,7 @@ static int nft_socket_dump(struct sk_buff *skb, return 0; } -struct nft_expr_type nft_socket_type; +static struct nft_expr_type nft_socket_type; static const struct nft_expr_ops nft_socket_ops = { .type = _socket_type, .size = NFT_EXPR_SIZE(sizeof(struct nft_socket)), -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180529-064304 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) include/net/netfilter/nf_socket.h:12:19: sparse: no member 'sk_state' in struct sock include/net/netfilter/nf_socket.h:13:14: sparse: undefined identifier 'TCP_TIME_WAIT' include/net/netfilter/nf_socket.h:14:24: sparse: undefined identifier 'inet_twsk' include/net/netfilter/nf_socket.h:15:14: sparse: undefined identifier 'TCP_NEW_SYN_RECV' include/net/netfilter/nf_socket.h:16:24: sparse: undefined identifier 'inet_rsk' include/net/netfilter/nf_socket.h:18:24: sparse: undefined identifier 'inet_sk' >> include/net/netfilter/nf_socket.h:13:14: sparse: incompatible types for >> 'case' statement include/net/netfilter/nf_socket.h:15:14: sparse: incompatible types for 'case' statement >> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32 >> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32 >> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32 >> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32 >> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32 >> net/netfilter/nft_socket.c:85:21: sparse: cast to restricted __be32 >> net/netfilter/nft_socket.c:104:47: sparse: incorrect type in argument 3 >> (different base types) @@expected unsigned int [unsigned] [usertype] >> value @@got ed int [unsigned] [usertype] value @@ net/netfilter/nft_socket.c:104:47:expected unsigned int [unsigned] [usertype] value net/netfilter/nft_socket.c:104:47:got restricted __be32 [usertype] >> net/netfilter/nft_socket.c:111:22: sparse: symbol 'nft_socket_type' was not >> declared. Should it be static? include/net/netfilter/nf_socket.h:13:14: sparse: Expected constant expression in case statement include/net/netfilter/nf_socket.h:15:14: sparse: Expected constant expression in case statement In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to incomplete type 'struct sock' switch (sk->sk_state) { ^~ include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared (first use in this function); did you mean 'BPF_TCP_TIME_WAIT'? case TCP_TIME_WAIT: ^ BPF_TCP_TIME_WAIT include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is reported only once for each function it appears in include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of function 'inet_twsk'; did you mean 'in_task'? [-Werror=implicit-function-declaration] return inet_twsk(sk)->tw_transparent; ^ in_task include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of '->' (have 'int') return inet_twsk(sk)->tw_transparent; ^~ include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared (first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'? case TCP_NEW_SYN_RECV: ^~~~ BPF_TCP_NEW_SYN_RECV include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of function 'inet_rsk'; did you mean 'in_task'? [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ in_task include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of function 'inet_reqsk'; did you mean 'net_eq'? [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ net_eq include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of '->' (have 'int') return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of function 'inet_sk'; did you mean 'in_task'? [-Werror=implicit-function-declaration] return inet_sk(sk)->transparent; ^~~ in_task include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of '->' (have 'int') return inet_sk(sk)->transparent; ^~ In file included from include/net/inet_sock.h:27:0, from net/netfilter/nft_socket.c:8: include/net/request_sock.h: At top level: include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk' static inline struct
Re: [PATCH nf-next] netfilter: nft: add support for native socket matching
Hi MĂ¡tĂ©, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/M-t-Eckl/netfilter-nft-add-support-for-native-socket-matching/20180529-064304 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All error/warnings (new ones prefixed by >>): In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': >> include/net/netfilter/nf_socket.h:12:12: error: dereferencing pointer to >> incomplete type 'struct sock' switch (sk->sk_state) { ^~ >> include/net/netfilter/nf_socket.h:13:7: error: 'TCP_TIME_WAIT' undeclared >> (first use in this function); did you mean 'BPF_TCP_TIME_WAIT'? case TCP_TIME_WAIT: ^ BPF_TCP_TIME_WAIT include/net/netfilter/nf_socket.h:13:7: note: each undeclared identifier is reported only once for each function it appears in >> include/net/netfilter/nf_socket.h:14:10: error: implicit declaration of >> function 'inet_twsk'; did you mean 'in_task'? >> [-Werror=implicit-function-declaration] return inet_twsk(sk)->tw_transparent; ^ in_task >> include/net/netfilter/nf_socket.h:14:23: error: invalid type argument of >> '->' (have 'int') return inet_twsk(sk)->tw_transparent; ^~ >> include/net/netfilter/nf_socket.h:15:7: error: 'TCP_NEW_SYN_RECV' undeclared >> (first use in this function); did you mean 'BPF_TCP_NEW_SYN_RECV'? case TCP_NEW_SYN_RECV: ^~~~ BPF_TCP_NEW_SYN_RECV >> include/net/netfilter/nf_socket.h:16:10: error: implicit declaration of >> function 'inet_rsk'; did you mean 'in_task'? >> [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ in_task >> include/net/netfilter/nf_socket.h:16:19: error: implicit declaration of >> function 'inet_reqsk'; did you mean 'net_eq'? >> [-Werror=implicit-function-declaration] return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ net_eq include/net/netfilter/nf_socket.h:16:34: error: invalid type argument of '->' (have 'int') return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ >> include/net/netfilter/nf_socket.h:18:10: error: implicit declaration of >> function 'inet_sk'; did you mean 'in_task'? >> [-Werror=implicit-function-declaration] return inet_sk(sk)->transparent; ^~~ in_task include/net/netfilter/nf_socket.h:18:21: error: invalid type argument of '->' (have 'int') return inet_sk(sk)->transparent; ^~ In file included from include/net/inet_sock.h:27:0, from net/netfilter/nft_socket.c:8: include/net/request_sock.h: At top level: >> include/net/request_sock.h:72:36: error: conflicting types for 'inet_reqsk' static inline struct request_sock *inet_reqsk(const struct sock *sk) ^~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:19: note: previous implicit declaration of 'inet_reqsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~ In file included from net/netfilter/nft_socket.c:8:0: >> include/net/inet_sock.h:107:41: error: conflicting types for 'inet_rsk' static inline struct inet_request_sock *inet_rsk(const struct request_sock *sk) ^~~~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:16:10: note: previous implicit declaration of 'inet_rsk' was here return inet_rsk(inet_reqsk(sk))->no_srccheck; ^~~~ In file included from net/netfilter/nft_socket.c:8:0: >> include/net/inet_sock.h:273:33: error: conflicting types for 'inet_sk' static inline struct inet_sock *inet_sk(const struct sock *sk) ^~~ In file included from net/netfilter/nft_socket.c:7:0: include/net/netfilter/nf_socket.h:18:10: note: previous implicit declaration of 'inet_sk' was here return inet_sk(sk)->transparent; ^~~ include/net/netfilter/nf_socket.h: In function 'nf_sk_is_transparent': >> include/net/netfilter/nf_socket.h:20:1: warning: control reaches end of >> non-void function [-Wreturn-type] } ^ cc1: some warnings being treated as errors vim +12 include/net/netfilter/nf_socket.h 8db4c5be Pablo Neira Ayuso 2016-10-27 9 8db4c5be Pablo Neira Ayuso 2016-10-27 10 static inline bool nf_sk_is_transparent(struct sock *sk)
Re: [PATCH net-next 2/2] ipvs: add ipv6 support to ftp
Hi Julian, I love your patch! Perhaps something to improve: [auto build test WARNING on net-next/master] url: https://github.com/0day-ci/linux/commits/Julian-Anastasov/Add-IPv6-support-to-IPVS-FTP-NAT/20180525-153345 reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/ipvs/ip_vs_ftp.c:399:24: sparse: Using plain integer as NULL >> pointer net/netfilter/ipvs/ip_vs_ftp.c:533:24: sparse: Using plain integer as NULL pointer vim +399 net/netfilter/ipvs/ip_vs_ftp.c 239 240 /* Look at outgoing ftp packets to catch the response to a PASV/EPSV command 241 * from the server (inside-to-outside). 242 * When we see one, we build a connection entry with the client address, 243 * client port 0 (unknown at the moment), the server address and the 244 * server port. Mark the current connection entry as a control channel 245 * of the new entry. All this work is just to make the data connection 246 * can be scheduled to the right server later. 247 * 248 * The outgoing packet should be something like 249 * "227 Entering Passive Mode (xxx,xxx,xxx,xxx,ppp,ppp)". 250 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. 251 * The extended format for EPSV response provides usually only port: 252 * "229 Entering Extended Passive Mode (|||ppp|)" 253 */ 254 static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, 255 struct sk_buff *skb, int *diff, 256 struct ip_vs_iphdr *ipvsh) 257 { 258 char *data, *data_limit; 259 char *start, *end; 260 union nf_inet_addr from; 261 __be16 port; 262 struct ip_vs_conn *n_cp; 263 char buf[24]; /* xxx.xxx.xxx.xxx,ppp,ppp\000 */ 264 unsigned int buf_len; 265 int ret = 0; 266 enum ip_conntrack_info ctinfo; 267 struct nf_conn *ct; 268 269 *diff = 0; 270 271 /* Only useful for established sessions */ 272 if (cp->state != IP_VS_TCP_S_ESTABLISHED) 273 return 1; 274 275 /* Linear packets are much easier to deal with. */ 276 if (!skb_make_writable(skb, skb->len)) 277 return 0; 278 279 if (cp->app_data == (void *) IP_VS_FTP_PASV) { 280 data = ip_vs_ftp_data_ptr(skb, ipvsh); 281 data_limit = skb_tail_pointer(skb); 282 283 if (!data || data >= data_limit) 284 return 1; 285 286 if (ip_vs_ftp_get_addrport(data, data_limit, 287 SERVER_STRING_PASV, 288 sizeof(SERVER_STRING_PASV)-1, 289 '(', false, IP_VS_FTP_PASV, 290 , , cp->af, 291 , ) != 1) 292 return 1; 293 294 IP_VS_DBG(7, "PASV response (%pI4:%u) -> %pI4:%u detected\n", 295, ntohs(port), >caddr.ip, 0); 296 } else if (cp->app_data == (void *) IP_VS_FTP_EPSV) { 297 data = ip_vs_ftp_data_ptr(skb, ipvsh); 298 data_limit = skb_tail_pointer(skb); 299 300 if (!data || data >= data_limit) 301 return 1; 302 303 /* Usually, data address is not specified but 304 * we support different address, so pre-set it. 305 */ 306 from = cp->daddr; 307 if (ip_vs_ftp_get_addrport(data, data_limit, 308 SERVER_STRING_EPSV, 309 sizeof(SERVER_STRING_EPSV)-1, 310 '(', true, IP_VS_FTP_EPSV, 311 , , cp->af, 312 , ) != 1) 313 return 1; 314 315 IP_VS_DBG_BUF(7, "EPSV response (%s:%u) -> %s:%u detected\n", 316IP_VS_DBG_ADDR(cp->af, ), ntohs(port), 317IP_VS_DBG_ADDR(cp->af, >caddr), 0); 318 } else { 319 return 1; 320 } 321 322 /* Now update or create a connection entry for it */ 323 { 324 struct ip_vs_conn_param p; 325 326 ip_vs_conn_fill_param(cp->ipvs, cp->af, 327
[PATCH] netfilter: nft_numgen: fix ptr_ret.cocci warnings
From: kbuild test robot <fengguang...@intel.com> net/netfilter/nft_numgen.c:117:1-3: WARNING: PTR_ERR_OR_ZERO can be used Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Generated by: scripts/coccinelle/api/ptr_ret.cocci Fixes: d734a2888922 ("netfilter: nft_numgen: add map lookups for numgen statements") CC: Laura Garcia Liebana <nev...@gmail.com> Signed-off-by: kbuild test robot <fengguang...@intel.com> --- nft_numgen.c |5 + 1 file changed, 1 insertion(+), 4 deletions(-) --- a/net/netfilter/nft_numgen.c +++ b/net/netfilter/nft_numgen.c @@ -114,10 +114,7 @@ static int nft_ng_inc_map_init(const str tb[NFTA_NG_SET_NAME], tb[NFTA_NG_SET_ID], genmask); - if (IS_ERR(priv->map)) - return PTR_ERR(priv->map); - - return 0; + return PTR_ERR_OR_ZERO(priv->map); } static int nft_ng_dump(struct sk_buff *skb, enum nft_registers dreg, -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:master 4/18] net/netfilter/nft_hash.c:180:1-3: WARNING: PTR_ERR_OR_ZERO can be used
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 0c6bca747111dee19aa48c8f73d77fc85fcb8dd0 commit: b9ccc07e3f31ad8073697982bac014fbceef7ecb [4/18] netfilter: nft_hash: add map lookups for hashing operations coccinelle warnings: (new ones prefixed by >>) >> net/netfilter/nft_hash.c:180:1-3: WARNING: PTR_ERR_OR_ZERO can be used net/netfilter/nft_hash.c:223:1-3: WARNING: PTR_ERR_OR_ZERO can be used Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: nft_hash: fix ptr_ret.cocci warnings
From: kbuild test robot <fengguang...@intel.com> net/netfilter/nft_hash.c:180:1-3: WARNING: PTR_ERR_OR_ZERO can be used net/netfilter/nft_hash.c:223:1-3: WARNING: PTR_ERR_OR_ZERO can be used Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR Generated by: scripts/coccinelle/api/ptr_ret.cocci Fixes: b9ccc07e3f31 ("netfilter: nft_hash: add map lookups for hashing operations") CC: Laura Garcia Liebana <nev...@gmail.com> Signed-off-by: kbuild test robot <fengguang...@intel.com> --- nft_hash.c | 10 ++ 1 file changed, 2 insertions(+), 8 deletions(-) --- a/net/netfilter/nft_hash.c +++ b/net/netfilter/nft_hash.c @@ -177,10 +177,7 @@ static int nft_jhash_map_init(const stru priv->map = nft_set_lookup_global(ctx->net, ctx->table, tb[NFTA_HASH_SET_NAME], tb[NFTA_HASH_SET_ID], genmask); - if (IS_ERR(priv->map)) - return PTR_ERR(priv->map); - - return 0; + return PTR_ERR_OR_ZERO(priv->map); } static int nft_symhash_init(const struct nft_ctx *ctx, @@ -220,10 +217,7 @@ static int nft_symhash_map_init(const st priv->map = nft_set_lookup_global(ctx->net, ctx->table, tb[NFTA_HASH_SET_NAME], tb[NFTA_HASH_SET_ID], genmask); - if (IS_ERR(priv->map)) - return PTR_ERR(priv->map); - - return 0; + return PTR_ERR_OR_ZERO(priv->map); } static int nft_jhash_dump(struct sk_buff *skb, -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next,v3 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180517] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180518-093914 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: arm64-defconfig (attached as .config) compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=arm64 All errors (new ones prefixed by >>): net//netfilter/nf_conntrack_core.c: In function 'nf_conntrack_update': >> net//netfilter/nf_conntrack_core.c:1656:36: error: 'struct nf_conn' has no >> member named 'zone' h = nf_conntrack_find_get(net, >zone, ); ^~ vim +1656 net//netfilter/nf_conntrack_core.c 1609 1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb) 1611 { 1612 const struct nf_conntrack_l3proto *l3proto; 1613 const struct nf_conntrack_l4proto *l4proto; 1614 struct nf_conntrack_tuple_hash *h; 1615 struct nf_conntrack_tuple tuple; 1616 enum ip_conntrack_info ctinfo; 1617 struct nf_nat_hook *nat_hook; 1618 unsigned int dataoff, status; 1619 struct nf_conn *ct; 1620 u16 l3num; 1621 u8 l4num; 1622 1623 ct = nf_ct_get(skb, ); 1624 if (!ct || nf_ct_is_confirmed(ct)) 1625 return 0; 1626 1627 l3num = nf_ct_l3num(ct); 1628 l3proto = nf_ct_l3proto_find_get(l3num); 1629 1630 if (l3proto->get_l4proto(skb, skb_network_offset(skb), , 1631 ) <= 0) 1632 return -1; 1633 1634 l4proto = nf_ct_l4proto_find_get(l3num, l4num); 1635 1636 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num, 1637 l4num, net, , l3proto, l4proto)) 1638 return -1; 1639 1640 if (ct->status & IPS_SRC_NAT) { 1641 memcpy(tuple.src.u3.all, 1642 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all, 1643 sizeof(tuple.src.u3.all)); 1644 tuple.src.u.all = 1645 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all; 1646 } 1647 1648 if (ct->status & IPS_DST_NAT) { 1649 memcpy(tuple.dst.u3.all, 1650 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all, 1651 sizeof(tuple.dst.u3.all)); 1652 tuple.dst.u.all = 1653 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all; 1654 } 1655 > 1656 h = nf_conntrack_find_get(net, >zone, ); 1657 if (!h) 1658 return 0; 1659 1660 /* Store status bits of the conntrack that is clashing to re-do NAT 1661 * mangling according to what it has been done already to this packet. 1662 */ 1663 status = ct->status; 1664 1665 nf_ct_put(ct); 1666 ct = nf_ct_tuplehash_to_ctrack(h); 1667 nf_ct_set(skb, ct, ctinfo); 1668 1669 nat_hook = rcu_dereference(nf_nat_hook); 1670 if (!nat_hook) 1671 return 0; 1672 1673 if (status & IPS_SRC_NAT && 1674 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC, 1675 IP_CT_DIR_ORIGINAL) == NF_DROP) 1676 return -1; 1677 1678 if (status & IPS_DST_NAT && 1679 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST, 1680 IP_CT_DIR_ORIGINAL) == NF_DROP) 1681 return -1; 1682 1683 return 0; 1684 } 1685 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next,v3 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180517] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180518-093914 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: mips-fuloong2e_defconfig (attached as .config) compiler: mips64el-linux-gnuabi64-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=mips All errors (new ones prefixed by >>): >> ERROR: "nf_ct_hook" [net/netfilter/nfnetlink_queue.ko] undefined! --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next,v2 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180516] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-randconfig-u0-05170929 (attached as .config) compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/nfnetlink_queue.c: In function 'nfqnl_reinject': >> net/netfilter/nfnetlink_queue.c:237:7: error: implicit declaration of >> function 'nf_ct_get' [-Werror=implicit-function-declaration] ct = nf_ct_get(entry->skb, ); ^ net/netfilter/nfnetlink_queue.c:237:5: warning: assignment makes pointer from integer without a cast [-Wint-conversion] ct = nf_ct_get(entry->skb, ); ^ >> net/netfilter/nfnetlink_queue.c:238:13: error: implicit declaration of >> function 'nf_ct_is_confirmed' [-Werror=implicit-function-declaration] if (ct && !nf_ct_is_confirmed(ct) && ^ cc1: some warnings being treated as errors vim +/nf_ct_get +237 net/netfilter/nfnetlink_queue.c 229 230 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) 231 { 232 enum ip_conntrack_info ctinfo; 233 struct nf_ct_hook *ct_hook; 234 struct nf_conn *ct; 235 int err; 236 > 237 ct = nf_ct_get(entry->skb, ); > 238 if (ct && !nf_ct_is_confirmed(ct) && 239 (verdict == NF_ACCEPT || verdict == NF_STOP)) { 240 rcu_read_lock(); 241 ct_hook = rcu_dereference(nf_ct_hook); 242 if (ct_hook) { 243 err = ct_hook->update(entry->state.net, entry->skb, 244ct, ctinfo); 245 if (err < 0) 246 verdict = NF_DROP; 247 } 248 rcu_read_unlock(); 249 } 250 251 nf_reinject(entry, verdict); 252 } 253 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next,v2 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180516] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-n0-201819 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/linux/netfilter/x_tables.h: In function 'xt_net': >> include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to >> incomplete type 'const struct nf_hook_state' return par->state->net; ^~ In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/linux/netfilter/x_tables.h: At top level: >> include/linux/netfilter/x_tables.h:450:64: error: unknown type name >> 'nf_hookfn' struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *); ^ In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/net/netfilter/nf_conntrack_tuple.h: In function '__nf_ct_tuple_src_equal': >> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit >> declaration of function 'nf_inet_addr_cmp'; did you mean 'inet_addr_type'? >> [-Werror=implicit-function-declaration] return (nf_inet_addr_cmp(>src.u3, >src.u3) && ^~~~ inet_addr_type In file included from include/net/netfilter/nf_nat_core.h:5:0, from net/xfrm/xfrm_policy.c:36: include/net/netfilter/nf_conntrack.h: At top level: >> include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has >> incomplete type struct nf_conntrack ct_general; ^~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get': >> include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' >> has no member named '_nfct' *ctinfo = skb->_nfct & NFCT_INFOMASK; ^~ include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff' has no member named '_nfct' return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK); ^~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put': >> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of >> function 'nf_conntrack_put'; did you mean 'nf_ct_put'? >> [-Werror=implicit-function-declaration] nf_conntrack_put(>ct_general); ^~~~ nf_ct_put include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set': >> include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no >> member named '_nfct' skb->_nfct = (unsigned long)ct | info; ^~ cc1: some warnings being treated as errors vim +148 include/net/netfilter/nf_conntrack.h f8eb24a89a Patrick McHardy2006-11-29 49 ea781f197d Eric Dumazet 2009-03-25 50 struct nf_conn { f330a7fdbe Florian Westphal 2016-08-25 51 /* Usage count in here is 1 for hash table, 1 per skb, b476b72a0f Jesper Dangaard Brouer 2014-03-03 52* plus 1 for any connection(s) we are `master' for b476b72a0f Jesper Dangaard Brouer 2014-03-03 53* a9e419dc7b Florian Westphal 2017-01-23 54* Hint, SKB address this struct and refcnt via skb->_nfct and b476b72a0f Jesper Dangaard Brouer 2014-03-03 55* helpers nf_conntrack_get() and nf_conntrack_put(). b476b72a0f Jesper Dangaard Brouer 2014-03-03 56* Helper nf_ct_put() equals nf_conntrack_put() by dec refcnt, b476b72a0f Jesper Dangaard Brouer 2014-03-03 57* beware nf_ct_get() is different and don't inc refcnt. b476b72a0f Jesper Dangaard Brouer 2014-03-03 58*/ 9fb9cbb108 Yasuyuki Kozakai 2005-11-09 @59 struct nf_conntrack
Re: [PATCH nf-next,v2 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180516] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-randconfig-s1-201819 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/linux/netfilter/x_tables.h: In function 'xt_net': include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to incomplete type 'const struct nf_hook_state' return par->state->net; ^~ In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/linux/netfilter/x_tables.h: At top level: include/linux/netfilter/x_tables.h:450:64: error: unknown type name 'nf_hookfn' struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *); ^ In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:36: include/net/netfilter/nf_conntrack_tuple.h: In function '__nf_ct_tuple_src_equal': >> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit >> declaration of function 'nf_inet_addr_cmp' >> [-Werror=implicit-function-declaration] return (nf_inet_addr_cmp(>src.u3, >src.u3) && ^~~~ In file included from include/net/netfilter/nf_nat_core.h:5:0, from net/xfrm/xfrm_policy.c:36: include/net/netfilter/nf_conntrack.h: At top level: include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has incomplete type struct nf_conntrack ct_general; ^~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get': include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' has no member named '_nfct' *ctinfo = skb->_nfct & NFCT_INFOMASK; ^~ include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff' has no member named '_nfct' return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK); ^~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put': >> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of >> function 'nf_conntrack_put' [-Werror=implicit-function-declaration] nf_conntrack_put(>ct_general); ^~~~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set': include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no member named '_nfct' skb->_nfct = (unsigned long)ct | info; ^~ cc1: some warnings being treated as errors vim +/nf_inet_addr_cmp +127 include/net/netfilter/nf_conntrack_tuple.h 9fb9cbb1 Yasuyuki Kozakai 2005-11-09 123 5f2b4c90 Jan Engelhardt 2008-04-14 124 static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1, 9fb9cbb1 Yasuyuki Kozakai 2005-11-09 125 const struct nf_conntrack_tuple *t2) 9fb9cbb1 Yasuyuki Kozakai 2005-11-09 126 { b8beedd2 Patrick McHardy 2008-03-25 @127 return (nf_inet_addr_cmp(>src.u3, >src.u3) && 9fb9cbb1 Yasuyuki Kozakai 2005-11-09 128 t1->src.u.all == t2->src.u.all && 380517de Patrick McHardy 2008-01-31 129 t1->src.l3num == t2->src.l3num); 9fb9cbb1 Yasuyuki Kozakai 2005-11-09 130 } 9fb9cbb1 Yasuyuki Kozakai 2005-11-09 131 :: The code at line 127 was first introduced by commit :: b8beedd25d3913d45b8330a08ab88fdf90eb54b8 [NETFILTER]: Add nf_inet_addr_cmp() :: TO: Patrick McHardy:: CC: David S. Miller --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel
Re: [PATCH nf-next,v2 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc5] [cannot apply to nf/master next-20180516] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-215248 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-acpi-redef (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All error/warnings (new ones prefixed by >>): net/netfilter/nfnetlink_queue.c: In function 'nfqnl_reinject': >> net/netfilter/nfnetlink_queue.c:237:7: error: implicit declaration of >> function 'nf_ct_get'; did you mean 'sk_dst_get'? >> [-Werror=implicit-function-declaration] ct = nf_ct_get(entry->skb, ); ^ sk_dst_get >> net/netfilter/nfnetlink_queue.c:237:5: warning: assignment makes pointer >> from integer without a cast [-Wint-conversion] ct = nf_ct_get(entry->skb, ); ^ >> net/netfilter/nfnetlink_queue.c:238:13: error: implicit declaration of >> function 'nf_ct_is_confirmed'; did you mean 'sk_dst_confirm'? >> [-Werror=implicit-function-declaration] if (ct && !nf_ct_is_confirmed(ct) && ^~ sk_dst_confirm cc1: some warnings being treated as errors vim +237 net/netfilter/nfnetlink_queue.c 229 230 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) 231 { 232 enum ip_conntrack_info ctinfo; 233 struct nf_ct_hook *ct_hook; 234 struct nf_conn *ct; 235 int err; 236 > 237 ct = nf_ct_get(entry->skb, ); > 238 if (ct && !nf_ct_is_confirmed(ct) && 239 (verdict == NF_ACCEPT || verdict == NF_STOP)) { 240 rcu_read_lock(); 241 ct_hook = rcu_dereference(nf_ct_hook); 242 if (ct_hook) { 243 err = ct_hook->update(entry->state.net, entry->skb, 244ct, ctinfo); 245 if (err < 0) 246 verdict = NF_DROP; 247 } 248 rcu_read_unlock(); 249 } 250 251 nf_reinject(entry, verdict); 252 } 253 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH ghak81 V3 3/3] audit: collect audit task parameters
Hi Richard, Thank you for the patch! Yet something to improve: [auto build test ERROR on next-20180516] [cannot apply to linus/master tip/sched/core v4.17-rc5 v4.17-rc4 v4.17-rc3 v4.17-rc5] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Richard-Guy-Briggs/audit-group-task-params/20180517-090703 config: i386-tinyconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): kernel/fork.c: In function 'copy_process': >> kernel/fork.c:1739:3: error: 'struct task_struct' has no member named 'audit' p->audit = NULL; ^~ vim +1739 kernel/fork.c 1728 1729 p->default_timer_slack_ns = current->timer_slack_ns; 1730 1731 task_io_accounting_init(>ioac); 1732 acct_clear_integrals(p); 1733 1734 posix_cpu_timers_init(p); 1735 1736 p->start_time = ktime_get_ns(); 1737 p->real_start_time = ktime_get_boot_ns(); 1738 p->io_context = NULL; > 1739 p->audit = NULL; 1740 cgroup_fork(p); 1741 #ifdef CONFIG_NUMA 1742 p->mempolicy = mpol_dup(p->mempolicy); 1743 if (IS_ERR(p->mempolicy)) { 1744 retval = PTR_ERR(p->mempolicy); 1745 p->mempolicy = NULL; 1746 goto bad_fork_cleanup_threadgroup_lock; 1747 } 1748 #endif 1749 #ifdef CONFIG_CPUSETS 1750 p->cpuset_mem_spread_rotor = NUMA_NO_NODE; 1751 p->cpuset_slab_spread_rotor = NUMA_NO_NODE; 1752 seqcount_init(>mems_allowed_seq); 1753 #endif 1754 #ifdef CONFIG_TRACE_IRQFLAGS 1755 p->irq_events = 0; 1756 p->hardirqs_enabled = 0; 1757 p->hardirq_enable_ip = 0; 1758 p->hardirq_enable_event = 0; 1759 p->hardirq_disable_ip = _THIS_IP_; 1760 p->hardirq_disable_event = 0; 1761 p->softirqs_enabled = 1; 1762 p->softirq_enable_ip = _THIS_IP_; 1763 p->softirq_enable_event = 0; 1764 p->softirq_disable_ip = 0; 1765 p->softirq_disable_event = 0; 1766 p->hardirq_context = 0; 1767 p->softirq_context = 0; 1768 #endif 1769 1770 p->pagefault_disabled = 0; 1771 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[RFC PATCH] net: sched: __tcf_idr_check() can be static
Fixes: 446adedb5339 ("net: sched: always take reference to action") Signed-off-by: Fengguang Wu--- act_api.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sched/act_api.c b/net/sched/act_api.c index 9459cce..27e80cf 100644 --- a/net/sched/act_api.c +++ b/net/sched/act_api.c @@ -284,8 +284,8 @@ int tcf_generic_walker(struct tc_action_net *tn, struct sk_buff *skb, } EXPORT_SYMBOL(tcf_generic_walker); -bool __tcf_idr_check(struct tc_action_net *tn, u32 index, struct tc_action **a, -int bind) +static bool __tcf_idr_check(struct tc_action_net *tn, u32 index, struct tc_action **a, + int bind) { struct tcf_idrinfo *idrinfo = tn->idrinfo; struct tc_action *p; -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH 05/14] net: sched: always take reference to action
Hi Vlad, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on net/master] [also build test WARNING on v4.17-rc5 next-20180514] [cannot apply to net-next/master] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Vlad-Buslov/Modify-action-API-for-implementing-lockless-actions/20180515-025420 reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/sched/act_api.c:71:15: sparse: incorrect type in initializer (different address spaces) @@expected struct tc_cookie [noderef] *__ret @@ got [noderef] *__ret @@ net/sched/act_api.c:71:15:expected struct tc_cookie [noderef] *__ret net/sched/act_api.c:71:15:got struct tc_cookie *new_cookie net/sched/act_api.c:71:13: sparse: incorrect type in assignment (different address spaces) @@expected struct tc_cookie *old @@got struct tc_cookie [noderef] *[assigned] __ret >> net/sched/act_api.c:287:6: sparse: symbol '__tcf_idr_check' was not >> declared. Should it be static? net/sched/act_api.c:144:48: sparse: dereference of noderef expression Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/xfrm/xfrm_policy.c:592:22: sparse: incorrect type in assignment (different address spaces) @@expected struct hlist_head *odst @@got struct hlist_headstruct hlist_head *odst @@ net/xfrm/xfrm_policy.c:592:22:expected struct hlist_head *odst net/xfrm/xfrm_policy.c:592:22:got struct hlist_head [noderef] *table >> include/net/netfilter/nf_nat_core.h:44:20: sparse: incorrect type in >> argument 1 (different address spaces) @@expected void const volatile *p >> @@got struct nf_nat_hoovoid const volatile *p @@ include/net/netfilter/nf_nat_core.h:44:20:expected void const volatile *p include/net/netfilter/nf_nat_core.h:44:20:got struct nf_nat_hook *[noderef] * >> include/net/netfilter/nf_nat_core.h:44:20: sparse: incorrect type in >> argument 1 (different address spaces) @@expected void const volatile *p >> @@got struct nf_nat_hoovoid const volatile *p @@ include/net/netfilter/nf_nat_core.h:44:20:expected void const volatile *p include/net/netfilter/nf_nat_core.h:44:20:got struct nf_nat_hook *[noderef] * >> include/net/netfilter/nf_nat_core.h:44:20: sparse: incompatible types in >> comparison expression (different address spaces) net/xfrm/xfrm_policy.c:2808:43: sparse: incompatible types in comparison expression (different address spaces) net/xfrm/xfrm_policy.c:2879:29: sparse: incorrect type in assignment (different address spaces) @@expected struct hlist_head [noderef] *table @@got [noderef] *table @@ net/xfrm/xfrm_policy.c:2879:29:expected struct hlist_head [noderef] *table net/xfrm/xfrm_policy.c:2879:29:got struct hlist_head * net/xfrm/xfrm_policy.c:2905:36: sparse: incorrect type in argument 1 (different address spaces) @@expected struct hlist_head *n @@got struct hlist_headstruct hlist_head *n @@ net/xfrm/xfrm_policy.c:2905:36:expected struct hlist_head *n net/xfrm/xfrm_policy.c:2905:36:got struct hlist_head [noderef] *table net/xfrm/xfrm_policy.c:2932:17: sparse: incorrect type in argument 1 (different address spaces) @@expected struct hlist_head const *h @@got struct hlisstruct hlist_head const *h @@ net/xfrm/xfrm_policy.c:2932:17:expected struct hlist_head const *h net/xfrm/xfrm_policy.c:2932:17:got struct hlist_head [noderef] *table net/xfrm/xfrm_policy.c:2933:36: sparse: incorrect type in argument 1 (different address spaces) @@expected struct hlist_head *n @@got struct hlist_headstruct hlist_head *n @@ net/xfrm/xfrm_policy.c:2933:36:expected struct hlist_head *n net/xfrm/xfrm_policy.c:2933:36:got struct hlist_head [noderef] *table net/xfrm/xfrm_policy.c:109:40: sparse: context imbalance in 'xfrm_policy_get_afinfo' - different lock contexts for basic block include/linux/rcupdate.h:686:9: sparse: context imbalance in '__xfrm_dst_lookup' - unexpected unlock net/xfrm/xfrm_policy.c:900:25: sparse: dereference of noderef expression net/xfrm/xfrm_policy.c:958:25: sparse: dereference of noderef expression include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_get_saddr' - unexpected unlock include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_get_tos' - unexpected unlock include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_bundle_create' - unexpected unlock include/linux/rcupdate.h:686:9: sparse: context imbalance in 'xfrm_create_dummy_bundle' - unexpected unlock include/linux/rcupdate.h:686:9: sparse: context imbalance in 'make_blackhole' - unexpected unlock include/linux/rcupdate.h:686:9: sparse: context imbalance in '__xfrm_decode_session' - unexpected unlock vim +44 include/net/netfilter/nf_nat_core.h 36 37 static inline void 38 nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) 39 { 40 #ifdef CONFIG_NF_NAT_NEEDED 41 struct nf_nat_hook *nat_hook; 42 43 rcu_read_lock(); > 44 nat_hook = rcu_dereference(nf_nat_hook); 45 if (nat_hook->decode_session) 46 nat_hook->decode_session(skb, fl); 47 rcu_read_unlock(); 48 #endif 49 } 50 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to
Re: [PATCH nf-next 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nf_conntrack_core.c:1665:20: sparse: incorrect type in >> argument 1 (different address spaces) @@expected void const volatile *p >> @@got struct nf_nat_hoovoid const volatile *p @@ net/netfilter/nf_conntrack_core.c:1665:20:expected void const volatile *p net/netfilter/nf_conntrack_core.c:1665:20:got struct nf_nat_hook *[noderef] * >> net/netfilter/nf_conntrack_core.c:1665:20: sparse: incorrect type in >> argument 1 (different address spaces) @@expected void const volatile *p >> @@got struct nf_nat_hoovoid const volatile *p @@ net/netfilter/nf_conntrack_core.c:1665:20:expected void const volatile *p net/netfilter/nf_conntrack_core.c:1665:20:got struct nf_nat_hook *[noderef] * net/netfilter/nf_conntrack_core.c:1665:20: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_conntrack_core.c:1878:9: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_conntrack_core.c:2208:9: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_conntrack_core.c:117:13: sparse: context imbalance in 'nf_conntrack_double_unlock' - unexpected unlock net/netfilter/nf_conntrack_core.c:127:13: sparse: context imbalance in 'nf_conntrack_double_lock' - wrong count at exit net/netfilter/nf_conntrack_core.c:157:9: sparse: context imbalance in 'nf_conntrack_all_lock' - wrong count at exit net/netfilter/nf_conntrack_core.c:168:13: sparse: context imbalance in 'nf_conntrack_all_unlock' - unexpected unlock net/netfilter/nf_conntrack_core.c:1705:28: sparse: context imbalance in 'get_next_corpse' - unexpected unlock vim +1665 net/netfilter/nf_conntrack_core.c 1609 1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb, 1611 struct nf_conn *ct, 1612 enum ip_conntrack_info ctinfo) 1613 { 1614 const struct nf_conntrack_l3proto *l3proto; 1615 const struct nf_conntrack_l4proto *l4proto; 1616 struct nf_conntrack_tuple_hash *h; 1617 struct nf_conntrack_tuple tuple; 1618 struct nf_nat_hook *nat_hook; 1619 unsigned int dataoff, status; 1620 u16 l3num; 1621 u8 l4num; 1622 1623 l3num = nf_ct_l3num(ct); 1624 l3proto = nf_ct_l3proto_find_get(l3num); 1625 1626 if (l3proto->get_l4proto(skb, skb_network_offset(skb), , 1627 ) <= 0) 1628 return 0; 1629 1630 l4proto = nf_ct_l4proto_find_get(l3num, l4num); 1631 1632 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num, 1633 l4num, net, , l3proto, l4proto)) 1634 return 0; 1635 1636 if (ct->status & IPS_SRC_NAT) { 1637 memcpy(tuple.src.u3.all, 1638 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all, 1639 sizeof(tuple.src.u3.all)); 1640 tuple.src.u.all = 1641 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all; 1642 } 1643 1644 if (ct->status & IPS_DST_NAT) { 1645 memcpy(tuple.dst.u3.all, 1646 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all, 1647 sizeof(tuple.src.u3.all)); 1648 tuple.dst.u.all = 1649 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all; 1650 } 1651 1652 h = nf_conntrack_find_get(net, >zone, ); 1653 if (!h) 1654 return 0; 1655 1656 /* Store status bits of the conntrack that is clashing to re-do NAT 1657 * mangling according to what it has been done already to this packet. 1658 */ 1659 status = ct->status; 1660 1661 nf_ct_put(ct); 1662 ct = nf_ct_tuplehash_to_ctrack(h); 1663 nf_ct_set(skb, ct, ctinfo); 1664 > 1665 nat_hook = rcu_dereference(nf_nat_hook); 1666 if (!nat_hook) 1667 return 0; 1668 1669 if (status & IPS_SRC_NAT && 1670 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC, 1671 IP_CT_DIR_ORIGINAL) == NF_DROP)
Re: [PATCH 01/14] net: sched: use rcu for action cookie update
Hi Vlad, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on net/master] [also build test WARNING on v4.17-rc5 next-20180514] [cannot apply to net-next/master] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Vlad-Buslov/Modify-action-API-for-implementing-lockless-actions/20180515-025420 reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/sched/act_api.c:71:15: sparse: incorrect type in initializer (different >> address spaces) @@expected struct tc_cookie [noderef] *__ret @@ >> got [noderef] *__ret @@ net/sched/act_api.c:71:15:expected struct tc_cookie [noderef] *__ret net/sched/act_api.c:71:15:got struct tc_cookie *new_cookie >> net/sched/act_api.c:71:13: sparse: incorrect type in assignment (different >> address spaces) @@expected struct tc_cookie *old @@got struct >> tc_cookie [noderef] *[assigned] __ret >> net/sched/act_api.c:132:48: sparse: dereference of noderef expression vim +71 net/sched/act_api.c 65 66 static void tcf_set_action_cookie(struct tc_cookie __rcu **old_cookie, 67struct tc_cookie *new_cookie) 68 { 69 struct tc_cookie *old; 70 > 71 old = xchg(old_cookie, new_cookie); 72 if (old) 73 call_rcu(>rcu, tcf_free_cookie_rcu); 74 } 75 76 /* XXX: For standalone actions, we don't need a RCU grace period either, because 77 * actions are always connected to filters and filters are already destroyed in 78 * RCU callbacks, so after a RCU grace period actions are already disconnected 79 * from filters. Readers later can not find us. 80 */ 81 static void free_tcf(struct tc_action *p) 82 { 83 free_percpu(p->cpu_bstats); 84 free_percpu(p->cpu_qstats); 85 86 tcf_set_action_cookie(>act_cookie, NULL); 87 if (p->goto_chain) 88 tcf_action_goto_chain_fini(p); 89 90 kfree(p); 91 } 92 93 static void tcf_idr_remove(struct tcf_idrinfo *idrinfo, struct tc_action *p) 94 { 95 spin_lock_bh(>lock); 96 idr_remove(>action_idr, p->tcfa_index); 97 spin_unlock_bh(>lock); 98 gen_kill_estimator(>tcfa_rate_est); 99 free_tcf(p); 100 } 101 102 int __tcf_idr_release(struct tc_action *p, bool bind, bool strict) 103 { 104 int ret = 0; 105 106 ASSERT_RTNL(); 107 108 if (p) { 109 if (bind) 110 p->tcfa_bindcnt--; 111 else if (strict && p->tcfa_bindcnt > 0) 112 return -EPERM; 113 114 p->tcfa_refcnt--; 115 if (p->tcfa_bindcnt <= 0 && p->tcfa_refcnt <= 0) { 116 if (p->ops->cleanup) 117 p->ops->cleanup(p); 118 tcf_idr_remove(p->idrinfo, p); 119 ret = ACT_P_DELETED; 120 } 121 } 122 123 return ret; 124 } 125 EXPORT_SYMBOL(__tcf_idr_release); 126 127 static size_t tcf_action_shared_attrs_size(const struct tc_action *act) 128 { 129 u32 cookie_len = 0; 130 131 if (act->act_cookie) > 132 cookie_len = nla_total_size(act->act_cookie->len); 133 134 return nla_total_size(0) /* action number nested */ 135 + nla_total_size(IFNAMSIZ) /* TCA_ACT_KIND */ 136 + cookie_len /* TCA_ACT_COOKIE */ 137 + nla_total_size(0) /* TCA_ACT_STATS nested */ 138 /* TCA_STATS_BASIC */ 139 + nla_total_size_64bit(sizeof(struct gnet_stats_basic)) 140 /* TCA_STATS_QUEUE */ 141 + nla_total_size_64bit(sizeof(struct gnet_stats_queue)) 142 + nla_total_size(0) /* TCA_OPTIONS nested */ 143 + nla_total_size(sizeof(struct tcf_t)); /* TCA_GACT_TM */ 144 } 145 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: arm-at91_dt_defconfig (attached as .config) compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=arm All warnings (new ones prefixed by >>): In file included from include/linux/netfilter_ingress.h:5:0, from net//core/dev.c:144: >> include/linux/netfilter.h:363:14: warning: 'enum ip_conntrack_info' declared >> inside parameter list will not be visible outside of this definition or >> declaration enum ip_conntrack_info ctinfo); ^ vim +363 include/linux/netfilter.h 360 361 struct nf_ct_hook { 362 int (*update)(struct net *net, struct sk_buff *skb, struct nf_conn *ct, > 363enum ip_conntrack_info ctinfo); 364 void (*destroy)(struct nf_conntrack *); 365 }; 366 extern struct nf_ct_hook __rcu *nf_ct_hook; 367 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/netfilter/nf_nat_core.c:599:25: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_nat_core.c:837:9: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_nat_core.c:851:9: sparse: incompatible types in comparison expression (different address spaces) >> net/netfilter/nf_nat_core.c:836:9: sparse: dereference of noderef expression -- >> net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incorrect type in >> argument 1 (different address spaces) @@expected void const volatile *p >> @@got struct nf_nat_hoovoid const volatile *p @@ net/netfilter/nf_conntrack_netlink.c:1437:20:expected void const volatile *p net/netfilter/nf_conntrack_netlink.c:1437:20:got struct nf_nat_hook *[noderef] * >> net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incorrect type in >> argument 1 (different address spaces) @@expected void const volatile *p >> @@got struct nf_nat_hoovoid const volatile *p @@ net/netfilter/nf_conntrack_netlink.c:1437:20:expected void const volatile *p net/netfilter/nf_conntrack_netlink.c:1437:20:got struct nf_nat_hook *[noderef] * net/netfilter/nf_conntrack_netlink.c:1437:20: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_conntrack_netlink.c:1589:34: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_conntrack_netlink.c:3014:29: sparse: incorrect type in argument 1 (different address spaces) @@expected char const * @@ got char [noderchar const * @@ net/netfilter/nf_conntrack_netlink.c:3014:29:expected char const * net/netfilter/nf_conntrack_netlink.c:3014:29:got char [noderef] * net/netfilter/nf_conntrack_netlink.c:868:36: sparse: context imbalance in 'ctnetlink_dump_table' - unexpected unlock include/linux/rcupdate.h:686:9: sparse: context imbalance in 'ctnetlink_parse_nat_setup' - unexpected unlock vim +836 net/netfilter/nf_nat_core.c 810 811 static int __init nf_nat_init(void) 812 { 813 int ret, i; 814 815 /* Leave them the same for the moment. */ 816 nf_nat_htable_size = nf_conntrack_htable_size; 817 if (nf_nat_htable_size < CONNTRACK_LOCKS) 818 nf_nat_htable_size = CONNTRACK_LOCKS; 819 820 nf_nat_bysource = nf_ct_alloc_hashtable(_nat_htable_size, 0); 821 if (!nf_nat_bysource) 822 return -ENOMEM; 823 824 ret = nf_ct_extend_register(_extend); 825 if (ret < 0) { 826 nf_ct_free_hashtable(nf_nat_bysource, nf_nat_htable_size); 827 pr_err("Unable to register extension\n"); 828 return ret; 829 } 830 831 for (i = 0; i < CONNTRACK_LOCKS; i++) 832 spin_lock_init(_nat_locks[i]); 833 834 nf_ct_helper_expectfn_register(_master_nat); 835 > 836 WARN_ON(nf_nat_hook != NULL); 837 RCU_INIT_POINTER(nf_nat_hook, _hook); 838 839 return 0; 840 } 841 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-randconfig-u0-05141234 (attached as .config) compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): In file included from include/net/netfilter/nf_nat_core.h:5:0, from net//xfrm/xfrm_policy.c:35: include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has incomplete type struct nf_conntrack ct_general; ^ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get': include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' has no member named '_nfct' *ctinfo = skb->_nfct & NFCT_INFOMASK; ^ include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff' has no member named '_nfct' return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK); ^ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put': >> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of >> function 'nf_conntrack_put' [-Werror=implicit-function-declaration] nf_conntrack_put(>ct_general); ^ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set': include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no member named '_nfct' skb->_nfct = (unsigned long)ct | info; ^ cc1: some warnings being treated as errors vim +/nf_conntrack_put +157 include/net/netfilter/nf_conntrack.h 303223092 Florian Westphal 2017-01-23 143 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 144 /* Return conntrack_info and tuple hash for given skb. */ 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 145 static inline struct nf_conn * 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 146 nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo) 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 147 { a9e419dc7 Florian Westphal 2017-01-23 @148 *ctinfo = skb->_nfct & NFCT_INFOMASK; a9e419dc7 Florian Westphal 2017-01-23 149 a9e419dc7 Florian Westphal 2017-01-23 150 return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK); 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 151 } 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 152 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 153 /* decrement reference count on a conntrack */ 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 154 static inline void nf_ct_put(struct nf_conn *ct) 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 155 { 44d6e2f27 Varsha Rao 2017-08-30 156 WARN_ON(!ct); 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 @157 nf_conntrack_put(>ct_general); 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 158 } 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 159 :: The code at line 157 was first introduced by commit :: 9fb9cbb1082d6b31fb45aa1a14432449a0df6cf1 [NETFILTER]: Add nf_conntrack subsystem. :: TO: Yasuyuki Kozakai:: CC: David S. Miller --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next 3/3] netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: arm64-defconfig (attached as .config) compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=arm64 All errors (new ones prefixed by >>): net//netfilter/nf_conntrack_core.c: In function 'nf_conntrack_update': >> net//netfilter/nf_conntrack_core.c:1652:36: error: 'struct nf_conn' has no >> member named 'zone' h = nf_conntrack_find_get(net, >zone, ); ^~ vim +1652 net//netfilter/nf_conntrack_core.c 1609 1610 static int nf_conntrack_update(struct net *net, struct sk_buff *skb, 1611 struct nf_conn *ct, 1612 enum ip_conntrack_info ctinfo) 1613 { 1614 const struct nf_conntrack_l3proto *l3proto; 1615 const struct nf_conntrack_l4proto *l4proto; 1616 struct nf_conntrack_tuple_hash *h; 1617 struct nf_conntrack_tuple tuple; 1618 struct nf_nat_hook *nat_hook; 1619 unsigned int dataoff, status; 1620 u16 l3num; 1621 u8 l4num; 1622 1623 l3num = nf_ct_l3num(ct); 1624 l3proto = nf_ct_l3proto_find_get(l3num); 1625 1626 if (l3proto->get_l4proto(skb, skb_network_offset(skb), , 1627 ) <= 0) 1628 return 0; 1629 1630 l4proto = nf_ct_l4proto_find_get(l3num, l4num); 1631 1632 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num, 1633 l4num, net, , l3proto, l4proto)) 1634 return 0; 1635 1636 if (ct->status & IPS_SRC_NAT) { 1637 memcpy(tuple.src.u3.all, 1638 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.all, 1639 sizeof(tuple.src.u3.all)); 1640 tuple.src.u.all = 1641 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all; 1642 } 1643 1644 if (ct->status & IPS_DST_NAT) { 1645 memcpy(tuple.dst.u3.all, 1646 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.all, 1647 sizeof(tuple.src.u3.all)); 1648 tuple.dst.u.all = 1649 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all; 1650 } 1651 > 1652 h = nf_conntrack_find_get(net, >zone, ); 1653 if (!h) 1654 return 0; 1655 1656 /* Store status bits of the conntrack that is clashing to re-do NAT 1657 * mangling according to what it has been done already to this packet. 1658 */ 1659 status = ct->status; 1660 1661 nf_ct_put(ct); 1662 ct = nf_ct_tuplehash_to_ctrack(h); 1663 nf_ct_set(skb, ct, ctinfo); 1664 1665 nat_hook = rcu_dereference(nf_nat_hook); 1666 if (!nat_hook) 1667 return 0; 1668 1669 if (status & IPS_SRC_NAT && 1670 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_SRC, 1671 IP_CT_DIR_ORIGINAL) == NF_DROP) 1672 return -1; 1673 1674 if (status & IPS_DST_NAT && 1675 nat_hook->manip_pkt(skb, ct, NF_NAT_MANIP_DST, 1676 IP_CT_DIR_ORIGINAL) == NF_DROP) 1677 return -1; 1678 1679 return 0; 1680 } 1681 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next 2/3] netfilter: add struct nf_nat_hook and use it
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-add-struct-nf_ct_hook-and-use-it/20180515-034151 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: arm-multi_v5_defconfig (attached as .config) compiler: arm-linux-gnueabi-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=arm All errors (new ones prefixed by >>): In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:35: include/linux/netfilter/x_tables.h: In function 'xt_net': >> include/linux/netfilter/x_tables.h:46:19: error: dereferencing pointer to >> incomplete type 'const struct nf_hook_state' return par->state->net; ^~ In file included from include/net/netfilter/nf_conntrack_tuple.h:14:0, from include/linux/netfilter/nf_conntrack_proto_gre.h:14, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:35: include/linux/netfilter/x_tables.h: At top level: >> include/linux/netfilter/x_tables.h:450:64: error: unknown type name >> 'nf_hookfn' struct nf_hook_ops *xt_hook_ops_alloc(const struct xt_table *, nf_hookfn *); ^ In file included from include/linux/netfilter/nf_conntrack_proto_gre.h:14:0, from include/net/netfilter/nf_conntrack.h:25, from include/net/netfilter/nf_nat_core.h:5, from net/xfrm/xfrm_policy.c:35: include/net/netfilter/nf_conntrack_tuple.h: In function '__nf_ct_tuple_src_equal': >> include/net/netfilter/nf_conntrack_tuple.h:127:10: error: implicit >> declaration of function 'nf_inet_addr_cmp'; did you mean 'inet_addr_type'? >> [-Werror=implicit-function-declaration] return (nf_inet_addr_cmp(>src.u3, >src.u3) && ^~~~ inet_addr_type In file included from include/net/netfilter/nf_nat_core.h:5:0, from net/xfrm/xfrm_policy.c:35: include/net/netfilter/nf_conntrack.h: At top level: >> include/net/netfilter/nf_conntrack.h:59:22: error: field 'ct_general' has >> incomplete type struct nf_conntrack ct_general; ^~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_get': >> include/net/netfilter/nf_conntrack.h:148:15: error: 'const struct sk_buff' >> has no member named '_nfct' *ctinfo = skb->_nfct & NFCT_INFOMASK; ^~ include/net/netfilter/nf_conntrack.h:150:31: error: 'const struct sk_buff' has no member named '_nfct' return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK); ^~ include/net/netfilter/nf_conntrack.h: In function 'nf_ct_put': >> include/net/netfilter/nf_conntrack.h:157:2: error: implicit declaration of >> function 'nf_conntrack_put'; did you mean 'nf_ct_put'? >> [-Werror=implicit-function-declaration] nf_conntrack_put(>ct_general); ^~~~ nf_ct_put include/net/netfilter/nf_conntrack.h: In function 'nf_ct_set': >> include/net/netfilter/nf_conntrack.h:316:5: error: 'struct sk_buff' has no >> member named '_nfct' skb->_nfct = (unsigned long)ct | info; ^~ cc1: some warnings being treated as errors vim +148 include/net/netfilter/nf_conntrack.h f8eb24a89 Patrick McHardy2006-11-29 49 ea781f197 Eric Dumazet 2009-03-25 50 struct nf_conn { f330a7fdb Florian Westphal 2016-08-25 51/* Usage count in here is 1 for hash table, 1 per skb, b476b72a0 Jesper Dangaard Brouer 2014-03-03 52 * plus 1 for any connection(s) we are `master' for b476b72a0 Jesper Dangaard Brouer 2014-03-03 53 * a9e419dc7 Florian Westphal 2017-01-23 54 * Hint, SKB address this struct and refcnt via skb->_nfct and b476b72a0 Jesper Dangaard Brouer 2014-03-03 55 * helpers nf_conntrack_get() and nf_conntrack_put(). b476b72a0 Jesper Dangaard Brouer 2014-03-03 56 * Helper nf_ct_put() equals nf_conntrack_put() by dec refcnt, b476b72a0 Jesper Dangaard Brouer 2014-03-03 57 * beware nf_ct_get() is different and don't inc refcnt. b476b72a0 Jesper Dangaard Brouer 2014-03-03 58 */ 9fb9cbb10 Yasuyuki Kozakai 2005-11-09 @59struct nf_conntrack ct_general; 9fb9cbb10
[nf:master 12/14] net/netfilter/nft_compat.c:359:55: error: expected ')' before ';' token
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master head: ccc4ef2178bf6f7a552319e868fcbb7670a3ba85 commit: 439df632d9e508d66cd203f888b48d313249277c [12/14] netfilter: nft_compat: prepare for indirect info storage config: x86_64-federa-25 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: git checkout 439df632d9e508d66cd203f888b48d313249277c # save the attached .config to linux build tree make ARCH=x86_64 Note: the nf/master HEAD ccc4ef2178bf6f7a552319e868fcbb7670a3ba85 builds fine. It only hurts bisectibility. All errors (new ones prefixed by >>): net/netfilter/nft_compat.c: In function 'nft_match_eval': >> net/netfilter/nft_compat.c:359:55: error: expected ')' before ';' token __nft_match_eval(expr, regs, pkt, nft_expr_priv(expr); ^ >> net/netfilter/nft_compat.c:360:1: error: expected ';' before '}' token } ^ vim +359 net/netfilter/nft_compat.c 354 355 static void nft_match_eval(const struct nft_expr *expr, 356 struct nft_regs *regs, 357 const struct nft_pktinfo *pkt) 358 { > 359 __nft_match_eval(expr, regs, pkt, nft_expr_priv(expr); > 360 } 361 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH] netfilter: nf_queue: Replace conntrack entry
Hi Kristian, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.17-rc3 next-20180503] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Kristian-Evensen/netfilter-nf_queue-Replace-conntrack-entry/20180504-051218 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-randconfig-s5-05041850 (attached as .config) compiler: gcc-7 (Debian 7.3.0-16) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/nfnetlink_queue.o: In function `nfqnl_update_ct': >> net/netfilter/nfnetlink_queue.c:1062: undefined reference to >> `nf_ct_l3proto_find_get' >> net/netfilter/nfnetlink_queue.c:1069: undefined reference to >> `nf_ct_l4proto_find_get' >> net/netfilter/nfnetlink_queue.c:1071: undefined reference to >> `nf_ct_get_tuple' >> net/netfilter/nfnetlink_queue.c:1079: undefined reference to >> `nf_conntrack_find_get' vim +1062 net/netfilter/nfnetlink_queue.c 1046 1047 #if IS_ENABLED(CONFIG_NF_CONNTRACK) 1048 static void nfqnl_update_ct(struct net *net, struct sk_buff *skb) 1049 { 1050 const struct nf_conntrack_l3proto *l3proto; 1051 const struct nf_conntrack_l4proto *l4proto; 1052 struct nf_conntrack_tuple_hash *h; 1053 struct nf_conntrack_tuple tuple; 1054 enum ip_conntrack_info ctinfo; 1055 struct nf_conn *ct = NULL; 1056 unsigned int dataoff; 1057 u16 l3num; 1058 u8 l4num; 1059 1060 ct = nf_ct_get(skb, ); 1061 l3num = nf_ct_l3num(ct); > 1062 l3proto = nf_ct_l3proto_find_get(l3num); 1063 1064 if (l3proto->get_l4proto(skb, skb_network_offset(skb), , 1065 ) <= 0) { 1066 return; 1067 } 1068 > 1069 l4proto = nf_ct_l4proto_find_get(l3num, l4num); 1070 > 1071 if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, > l3num, 1072 l4num, net, , l3proto, l4proto)) { 1073 return; 1074 } 1075 1076 #if IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) 1077 h = nf_conntrack_find_get(net, >zone, ); 1078 #else > 1079 h = nf_conntrack_find_get(net, NULL, ); 1080 #endif 1081 1082 if (h) { 1083 pr_debug("%s: tuple %u %pI4:%hu -> %pI4:%hu\n", __func__, 1084 tuple.dst.protonum, , 1085 ntohs(tuple.src.u.all), , 1086 ntohs(tuple.dst.u.all)); 1087 nf_ct_put(ct); 1088 ct = nf_ct_tuplehash_to_ctrack(h); 1089 nf_ct_set(skb, ct, IP_CT_NEW); 1090 } 1091 } 1092 #endif 1093 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next] netfilter: nf_tables: support timeouts larger than 23 days
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-nf_tables-support-timeouts-larger-than-23-days/20180417-032146 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/netfilter/nf_tables_api.c:1238:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1238:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1238:31:got void * net/netfilter/nf_tables_api.c:1241:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1241:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1241:31:got void * net/netfilter/nf_tables_api.c:1245:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1245:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1245:31:got void * net/netfilter/nf_tables_api.c:1268:28: sparse: cast between address spaces (->) net/netfilter/nf_tables_api.c:1268:28: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_tables_api.c:1526:23: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats *stats @@got struct nft_stats struct nft_stats *stats @@ net/netfilter/nf_tables_api.c:1534:29: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:1538:38: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats [noderef] *stats @@got [noderef] *stats @@ net/netfilter/nf_tables_api.c:1552:37: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ >> net/netfilter/nf_tables_api.c:2789:16: sparse: incorrect type in return >> expression (different base types) @@expected unsigned long long @@ >> got restricted unsigned long long @@ >> net/netfilter/nf_tables_api.c:2839:47: sparse: incorrect type in argument 3 >> (different base types) @@expected restricted __be64 [usertype] value @@ >> got __be64 [usertype] value @@ net/netfilter/nf_tables_api.c:3477:47: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ net/netfilter/nf_tables_api.c:3491:55: sparse: incorrect type in argument 3 (different base types) @@expected restricted __be64 [usertype] value @@ got __be64 [usertype] value @@ vim +2789 net/netfilter/nf_tables_api.c 2784 2785 static u64 nf_jiffies64_to_msecs(u64 input) 2786 { 2787 u64 ms = jiffies64_to_nsecs(input); 2788 > 2789 return cpu_to_be64(div_u64(ms, NSEC_PER_MSEC)); 2790 } 2791 2792 static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx, 2793const struct nft_set *set, u16 event, u16 flags) 2794 { 2795 struct nfgenmsg *nfmsg; 2796 struct nlmsghdr *nlh; 2797 struct nlattr *desc; 2798 u32 portid = ctx->portid; 2799 u32 seq = ctx->seq; 2800 2801 event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event); 2802 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct nfgenmsg), 2803 flags); 2804 if (nlh == NULL) 2805 goto nla_put_failure; 2806 2807 nfmsg = nlmsg_data(nlh); 2808 nfmsg->nfgen_family = ctx->family; 2809 nfmsg->version = NFNETLINK_V0; 2810 nfmsg->res_id = htons(ctx->net->nft.base_seq & 0x); 2811 2812 if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name)) 2813 goto nla_put_failure; 2814 if (nla_put_string(skb, NFTA_SET_NAME, set->name)) 2815 goto nla_put_failure; 2816 if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle), 2817 NFTA_SET_PAD)) 2818 goto nla_put_failure; 2819 if (set->flags != 0) 2820 if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) 2821 goto nla_put_failure; 2822 2823 if (nla_put_be32(skb, NFTA_SET_KEY_TYPE,
Re: [PATCH] netfilter: CONFIG_NF_REJECT_IPV{4,6} becomes bool toggle
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.16 next-20180413] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-CONFIG_NF_REJECT_IPV-4-6-becomes-bool-toggle/20180414-101337 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: powerpc64-allmodconfig (attached as .config) compiler: powerpc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=powerpc64 All error/warnings (new ones prefixed by >>): powerpc64-linux-gnu-ld: warning: orphan section `.gnu.hash' from `linker stubs' being placed in section `.gnu.hash'. net/ipv6/netfilter/nf_reject_ipv6.o: In function `.nf_reject_ip6_tcphdr_get': >> (.text+0x1f0): undefined reference to `.nf_ip6_checksum' net/ipv6/netfilter/nf_reject_ipv6.o: In function `.nf_send_reset6': >> (.text+0x794): undefined reference to `.ip6_route_output_flags' net/ipv6/netfilter/nf_reject_ipv6.o: In function `.nf_send_unreach6': (.text+0xab8): undefined reference to `.nf_ip6_checksum' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH] netfilter: CONFIG_NF_REJECT_IPV{4,6} becomes bool toggle
Hi Pablo, I love your patch! Yet something to improve: [auto build test ERROR on nf-next/master] [also build test ERROR on v4.16 next-20180413] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Pablo-Neira-Ayuso/netfilter-CONFIG_NF_REJECT_IPV-4-6-becomes-bool-toggle/20180414-101337 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: ia64-allmodconfig (attached as .config) compiler: ia64-linux-gcc (GCC) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree make.cross ARCH=ia64 All errors (new ones prefixed by >>): net/ipv6/netfilter/nf_reject_ipv6.o: In function `nf_reject_ip6_tcphdr_get': >> nf_reject_ipv6.c:(.text+0x342): undefined reference to `nf_ip6_checksum' net/ipv6/netfilter/nf_reject_ipv6.o: In function `nf_send_reset6': >> nf_reject_ipv6.c:(.text+0xcc2): undefined reference to >> `ip6_route_output_flags' net/ipv6/netfilter/nf_reject_ipv6.o: In function `nf_send_unreach6': nf_reject_ipv6.c:(.text+0x12b2): undefined reference to `nf_ip6_checksum' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v5] netfilter : add NAT support for shifted portmap ranges
Hi Thierry, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf/master] [also build test ERROR on v4.16 next-20180403] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Thierry-Du-Tre/netfilter-add-NAT-support-for-shifted-portmap-ranges/20180404-074845 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/openvswitch/conntrack.c: In function 'ovs_ct_nat_execute': >> net/openvswitch/conntrack.c:766:29: error: passing argument 2 of >> 'nf_nat_setup_info' from incompatible pointer type >> [-Werror=incompatible-pointer-types] ? nf_nat_setup_info(ct, range, maniptype) ^ In file included from include/net/netfilter/nf_nat_core.h:6:0, from net/openvswitch/conntrack.c:29: include/net/netfilter/nf_nat.h:41:14: note: expected 'const struct nf_nat_range2 *' but argument is of type 'const struct nf_nat_range *' unsigned int nf_nat_setup_info(struct nf_conn *ct, ^ cc1: some warnings being treated as errors vim +/nf_nat_setup_info +766 net/openvswitch/conntrack.c 7f8a436e Joe Stringer2015-08-26 705 05752523 Jarno Rajahalme 2016-03-10 706 #ifdef CONFIG_NF_NAT_NEEDED 05752523 Jarno Rajahalme 2016-03-10 707 /* Modelled after nf_nat_ipv[46]_fn(). 05752523 Jarno Rajahalme 2016-03-10 708 * range is only used for new, uninitialized NAT state. 05752523 Jarno Rajahalme 2016-03-10 709 * Returns either NF_ACCEPT or NF_DROP. 05752523 Jarno Rajahalme 2016-03-10 710 */ 05752523 Jarno Rajahalme 2016-03-10 711 static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct, 05752523 Jarno Rajahalme 2016-03-10 712 enum ip_conntrack_info ctinfo, 05752523 Jarno Rajahalme 2016-03-10 713 const struct nf_nat_range *range, 05752523 Jarno Rajahalme 2016-03-10 714 enum nf_nat_manip_type maniptype) 05752523 Jarno Rajahalme 2016-03-10 715 { 05752523 Jarno Rajahalme 2016-03-10 716int hooknum, nh_off, err = NF_ACCEPT; 05752523 Jarno Rajahalme 2016-03-10 717 05752523 Jarno Rajahalme 2016-03-10 718nh_off = skb_network_offset(skb); 75f01a4c Lance Richardson2017-01-12 719skb_pull_rcsum(skb, nh_off); 05752523 Jarno Rajahalme 2016-03-10 720 05752523 Jarno Rajahalme 2016-03-10 721/* See HOOK2MANIP(). */ 05752523 Jarno Rajahalme 2016-03-10 722if (maniptype == NF_NAT_MANIP_SRC) 05752523 Jarno Rajahalme 2016-03-10 723hooknum = NF_INET_LOCAL_IN; /* Source NAT */ 05752523 Jarno Rajahalme 2016-03-10 724else 05752523 Jarno Rajahalme 2016-03-10 725hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */ 05752523 Jarno Rajahalme 2016-03-10 726 05752523 Jarno Rajahalme 2016-03-10 727switch (ctinfo) { 05752523 Jarno Rajahalme 2016-03-10 728case IP_CT_RELATED: 05752523 Jarno Rajahalme 2016-03-10 729case IP_CT_RELATED_REPLY: 99b7248e Arnd Bergmann 2016-03-18 730if (IS_ENABLED(CONFIG_NF_NAT_IPV4) && 99b7248e Arnd Bergmann 2016-03-18 731skb->protocol == htons(ETH_P_IP) && 05752523 Jarno Rajahalme 2016-03-10 732 ip_hdr(skb)->protocol == IPPROTO_ICMP) { 05752523 Jarno Rajahalme 2016-03-10 733if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo, 05752523 Jarno Rajahalme 2016-03-10 734 hooknum)) 05752523 Jarno Rajahalme 2016-03-10 735err = NF_DROP; 05752523 Jarno Rajahalme 2016-03-10 736goto push; 99b7248e Arnd Bergmann 2016-03-18 737} else if (IS_ENABLED(CONFIG_NF_NAT_IPV6) && 99b7248e Arnd Bergmann 2016-03-18 738 skb->protocol == htons(ETH_P_IPV6)) { 05752523 Jarno Rajahalme 2016-03-10 739__be16 frag_off; 05752523 Jarno Rajahalme 2016-03-10 740u8 nexthdr = ipv6_hdr(skb)->nexthdr; 05752523 Jarno Rajahalme 2016-03-10 741int hdrlen = ipv6_skip_exthdr(skb, 05752523 Jarno Rajahalme 2016-03-10 742 sizeof(struct ipv6hdr), 05752523 Jarno Rajahalme 2016-03-10 743 , _off); 05752523 Jarno Rajahalme 2016-03-10 744 05752523 Jarno Rajahalme 2016-03-10 745if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) { 05752523 Jarno Rajahalme 2016-03-10 746
Re: [PATCH nf-next v3] netfilter: nf_osf: nf_osf_ttl() and nf_osf_match()
Hi Fernando, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] url: https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/netfilter-nf_osf-nf_osf_ttl-and-nf_osf_match/20180404-075948 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-acpi-redef (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): warning: (NETFILTER_XT_MATCH_OSF) selects NF_OSF which has unmet direct dependencies (NET && INET && NETFILTER && NF_TABLES) --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v5] netfilter : add NAT support for shifted portmap ranges
Hi Thierry, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf/master] [also build test WARNING on v4.16 next-20180403] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Thierry-Du-Tre/netfilter-add-NAT-support-for-shifted-portmap-ranges/20180404-074845 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/openvswitch/conntrack.c:766:57: sparse: incorrect type in argument 2 >> (different base types) @@expected struct nf_nat_range2 const *range @@ >> got truct nf_nat_range2 const *range @@ net/openvswitch/conntrack.c:766:57:expected struct nf_nat_range2 const *range net/openvswitch/conntrack.c:766:57:got struct nf_nat_range const *range net/openvswitch/conntrack.c: In function 'ovs_ct_nat_execute': net/openvswitch/conntrack.c:766:29: error: passing argument 2 of 'nf_nat_setup_info' from incompatible pointer type [-Werror=incompatible-pointer-types] ? nf_nat_setup_info(ct, range, maniptype) ^ In file included from include/net/netfilter/nf_nat_core.h:6:0, from net/openvswitch/conntrack.c:29: include/net/netfilter/nf_nat.h:41:14: note: expected 'const struct nf_nat_range2 *' but argument is of type 'const struct nf_nat_range *' unsigned int nf_nat_setup_info(struct nf_conn *ct, ^ cc1: some warnings being treated as errors vim +766 net/openvswitch/conntrack.c 7f8a436e Joe Stringer2015-08-26 705 05752523 Jarno Rajahalme 2016-03-10 706 #ifdef CONFIG_NF_NAT_NEEDED 05752523 Jarno Rajahalme 2016-03-10 707 /* Modelled after nf_nat_ipv[46]_fn(). 05752523 Jarno Rajahalme 2016-03-10 708 * range is only used for new, uninitialized NAT state. 05752523 Jarno Rajahalme 2016-03-10 709 * Returns either NF_ACCEPT or NF_DROP. 05752523 Jarno Rajahalme 2016-03-10 710 */ 05752523 Jarno Rajahalme 2016-03-10 711 static int ovs_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct, 05752523 Jarno Rajahalme 2016-03-10 712 enum ip_conntrack_info ctinfo, 05752523 Jarno Rajahalme 2016-03-10 713 const struct nf_nat_range *range, 05752523 Jarno Rajahalme 2016-03-10 714 enum nf_nat_manip_type maniptype) 05752523 Jarno Rajahalme 2016-03-10 715 { 05752523 Jarno Rajahalme 2016-03-10 716int hooknum, nh_off, err = NF_ACCEPT; 05752523 Jarno Rajahalme 2016-03-10 717 05752523 Jarno Rajahalme 2016-03-10 718nh_off = skb_network_offset(skb); 75f01a4c Lance Richardson2017-01-12 719skb_pull_rcsum(skb, nh_off); 05752523 Jarno Rajahalme 2016-03-10 720 05752523 Jarno Rajahalme 2016-03-10 721/* See HOOK2MANIP(). */ 05752523 Jarno Rajahalme 2016-03-10 722if (maniptype == NF_NAT_MANIP_SRC) 05752523 Jarno Rajahalme 2016-03-10 723hooknum = NF_INET_LOCAL_IN; /* Source NAT */ 05752523 Jarno Rajahalme 2016-03-10 724else 05752523 Jarno Rajahalme 2016-03-10 725hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */ 05752523 Jarno Rajahalme 2016-03-10 726 05752523 Jarno Rajahalme 2016-03-10 727switch (ctinfo) { 05752523 Jarno Rajahalme 2016-03-10 728case IP_CT_RELATED: 05752523 Jarno Rajahalme 2016-03-10 729case IP_CT_RELATED_REPLY: 99b7248e Arnd Bergmann 2016-03-18 730if (IS_ENABLED(CONFIG_NF_NAT_IPV4) && 99b7248e Arnd Bergmann 2016-03-18 731skb->protocol == htons(ETH_P_IP) && 05752523 Jarno Rajahalme 2016-03-10 732 ip_hdr(skb)->protocol == IPPROTO_ICMP) { 05752523 Jarno Rajahalme 2016-03-10 733if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo, 05752523 Jarno Rajahalme 2016-03-10 734 hooknum)) 05752523 Jarno Rajahalme 2016-03-10 735err = NF_DROP; 05752523 Jarno Rajahalme 2016-03-10 736goto push; 99b7248e Arnd Bergmann 2016-03-18 737} else if (IS_ENABLED(CONFIG_NF_NAT_IPV6) && 99b7248e Arnd Bergmann 2016-03-18 738 skb->protocol == htons(ETH_P_IPV6)) { 05752523 Jarno Rajahalme 2016-03-10 739__be16 frag_off; 05752523 Jarno Rajahalme 2016-03-10 740u8 nexthdr = ipv6_hdr(skb)->nexthdr; 05752523 Jarno Rajahalme 2016-03-10 741int hdrlen = ipv6_skip_exthdr(skb, 05752523 Jarno Rajahalme 2016-03-10 742 sizeof(struct ipv6hdr), 05752523
Re: [PATCH WIP nf-next] netfilter: nft_ct: add ct timeout support
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf/master] [also build test ERROR on v4.16-rc7] [cannot apply to nf-next/master next-20180329] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nft_ct-add-ct-timeout-support/20180401-070944 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: x86_64-rhel (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): In file included from include/linux/kernel.h:10:0, from net//netfilter/nft_ct.c:12: net//netfilter/nft_ct.c: In function 'ctnl_timeout_parse_policy': net//netfilter/nft_ct.c:743:22: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? if (likely(l4proto->ctnl_timeout.nlattr_to_obj)) { ^ include/linux/compiler.h:76:40: note: in definition of macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^ net//netfilter/nft_ct.c:744:30: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max + 1]; ^~~~ get_timeouts net//netfilter/nft_ct.c:746:39: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? ret = nla_parse_nested(tb, l4proto->ctnl_timeout.nlattr_max, ^~~~ get_timeouts net//netfilter/nft_ct.c:747:27: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? attr, l4proto->ctnl_timeout.nla_policy, ^~~~ get_timeouts net//netfilter/nft_ct.c:752:18: error: 'const struct nf_conntrack_l4proto' has no member named 'ctnl_timeout'; did you mean 'get_timeouts'? ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeouts); ^~~~ get_timeouts net//netfilter/nft_ct.c:744:18: warning: unused variable 'tb' [-Wunused-variable] struct nlattr *tb[l4proto->ctnl_timeout.nlattr_max + 1]; ^~ net//netfilter/nft_ct.c: In function 'nft_ct_timeout_obj_init': >> net//netfilter/nft_ct.c:782:28: error: 'struct net' has no member named >> 'nfct_timeout_list'; did you mean 'nfnl_acct_list'? INIT_LIST_HEAD(>net->nfct_timeout_list); ^ nfnl_acct_list In file included from net//netfilter/nft_ct.c:12:0: net//netfilter/nft_ct.c:783:42: error: 'struct net' has no member named 'nfct_timeout_list'; did you mean 'nfnl_acct_list'? list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^ include/linux/kernel.h:930:26: note: in definition of macro 'container_of' void *__mptr = (void *)(ptr); \ ^~~ include/linux/list.h:377:2: note: in expansion of macro 'list_entry' list_entry((ptr)->next, type, member) ^~ include/linux/list.h:464:13: note: in expansion of macro 'list_first_entry' for (pos = list_first_entry(head, typeof(*pos), member); \ ^~~~ net//netfilter/nft_ct.c:783:2: note: in expansion of macro 'list_for_each_entry' list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^~~ In file included from include/linux/kernel.h:10:0, from net//netfilter/nft_ct.c:12: net//netfilter/nft_ct.c:783:42: error: 'struct net' has no member named 'nfct_timeout_list'; did you mean 'nfnl_acct_list'? list_for_each_entry(timeout, >net->nfct_timeout_list, head) { ^ include/linux/compiler.h:316:19: note: in definition of macro '__compiletime_assert' bool __cond = !(condition);\ ^ include/linux/compiler.h:339:2: note: in expansion of macro '_compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__) ^~~ include/linux/build_bug.h:45:37: note: in expansion of macro 'compiletime_assert' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^~ include/linux/kernel.h:931:2: note: in expansion of macro 'BUILD_BUG_ON_MSG' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^~~~
Re: [PATCH nf-next v2] netfilter: nf_osf implementation: nf_osf_ttl() and nf_osf_match()
Hi Fernando, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/netfilter-nf_osf-implementation-nf_osf_ttl-and-nf_osf_match/20180331-225302 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: i386-tinyconfig (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): >> ./usr/include/linux/netfilter/xt_osf.h:26: included file >> 'linux/netfilter/nf_osf.h' is not exported --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH nf-next] nf_osf implementation: nf_osf_ttl() and nf_osf_match()
Hi Fernando, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf-next/master] url: https://github.com/0day-ci/linux/commits/Fernando-Fernandez-Mancera/nf_osf-implementation-nf_osf_ttl-and-nf_osf_match/20180328-045714 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master config: x86_64-rhel (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All error/warnings (new ones prefixed by >>): >> ./usr/include/linux/netfilter/nf_osf.h:19: found __[us]{8,16,32,64} type >> without #include -- >> ERROR: "nf_osf_match" [net/netfilter/xt_osf.ko] undefined! --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[RFC PATCH] netfilter: nf_tables: nf_tables_allow_nat_conflict() can be static
Fixes: 301c9cd2848d ("netfilter: nf_tables: permit second nat hook if colliding hook is going away") Signed-off-by: Fengguang Wu--- nf_tables_api.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 6923922..d59cc21 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -89,8 +89,8 @@ static void nft_trans_destroy(struct nft_trans *trans) * Either transaction is aborted (new/colliding hook is removed), or * transaction is committed (old hook is removed). */ -bool nf_tables_allow_nat_conflict(const struct net *net, - const struct nf_hook_ops *ops) +static bool nf_tables_allow_nat_conflict(const struct net *net, +const struct nf_hook_ops *ops) { const struct nft_trans *trans; bool ret = false; -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf] netfilter: nf_tables: permit second nat hook if colliding hook is going away
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on v4.16-rc4] [also build test WARNING on next-20180319] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-nf_tables-permit-second-nat-hook-if-colliding-hook-is-going-away/20180319-161221 reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/netfilter/nf_tables_api.c:92:6: sparse: symbol >> 'nf_tables_allow_nat_conflict' was not declared. Should it be static? net/netfilter/nf_tables_api.c:1242:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1242:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1242:31:got void * net/netfilter/nf_tables_api.c:1245:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1245:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1245:31:got void * net/netfilter/nf_tables_api.c:1249:31: sparse: incorrect type in return expression (different address spaces) @@expected struct nft_stats [noderef] * @@got sn:3>* @@ net/netfilter/nf_tables_api.c:1249:31:expected struct nft_stats [noderef] * net/netfilter/nf_tables_api.c:1249:31:got void * net/netfilter/nf_tables_api.c:1272:28: sparse: cast between address spaces (->) net/netfilter/nf_tables_api.c:1272:28: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_tables_api.c:1526:23: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats *stats @@got struct nft_stats struct nft_stats *stats @@ net/netfilter/nf_tables_api.c:1534:29: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:1538:38: sparse: incorrect type in assignment (different address spaces) @@expected struct nft_stats [noderef] *stats @@got [noderef] *stats @@ net/netfilter/nf_tables_api.c:1552:37: sparse: incorrect type in argument 1 (different address spaces) @@expected void [noderef] *__pdata @@ got [noderef] *__pdata @@ net/netfilter/nf_tables_api.c:4393:19: sparse: symbol 'nf_tables_obj_lookup_byhandle' was not declared. Should it be static? net/netfilter/nf_tables_api.c:4422:41: sparse: Variable length array is used. net/netfilter/nf_tables_api.c:4915:22: sparse: symbol 'nf_tables_flowtable_lookup_byhandle' was not declared. Should it be static? Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:master 7/24] net/netfilter/x_tables.c:797:3: error: implicit declaration of function 'verdict_ok'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 16ac8a76bb641919747e8dd64d29890464df5c58 commit: 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 [7/24] netfilter: x_tables: check standard verdicts in core config: i386-randconfig-b0-03061207 (attached as .config) compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4 reproduce: git checkout 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/x_tables.c: In function 'xt_check_entry_offsets': >> net/netfilter/x_tables.c:797:3: error: implicit declaration of function >> 'verdict_ok' [-Werror=implicit-function-declaration] if (!verdict_ok(st->verdict)) ^ cc1: some warnings being treated as errors vim +/verdict_ok +797 net/netfilter/x_tables.c 724 725 /** 726 * xt_check_entry_offsets - validate arp/ip/ip6t_entry 727 * 728 * @base: pointer to arp/ip/ip6t_entry 729 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems 730 * @target_offset: the arp/ip/ip6_t->target_offset 731 * @next_offset: the arp/ip/ip6_t->next_offset 732 * 733 * validates that target_offset and next_offset are sane and that all 734 * match sizes (if any) align with the target offset. 735 * 736 * This function does not validate the targets or matches themselves, it 737 * only tests that all the offsets and sizes are correct, that all 738 * match structures are aligned, and that the last structure ends where 739 * the target structure begins. 740 * 741 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version. 742 * 743 * The arp/ip/ip6t_entry structure @base must have passed following tests: 744 * - it must point to a valid memory location 745 * - base to base + next_offset must be accessible, i.e. not exceed allocated 746 * length. 747 * 748 * A well-formed entry looks like this: 749 * 750 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata] ip(6)t_entry 751 * e->elems[]-' | | 752 *matchsize | | 753 *matchsize | | 754 * | | 755 * target_offset-' | 756 * next_offset---' 757 * 758 * elems[]: flexible array member at end of ip(6)/arpt_entry struct. 759 * This is where matches (if any) and the target reside. 760 * target_offset: beginning of target. 761 * next_offset: start of the next rule; also: size of this rule. 762 * Since targets have a minimum size, target_offset + minlen <= next_offset. 763 * 764 * Every match stores its size, sum of sizes must not exceed target_offset. 765 * 766 * Return: 0 on success, negative errno on failure. 767 */ 768 int xt_check_entry_offsets(const void *base, 769 const char *elems, 770 unsigned int target_offset, 771 unsigned int next_offset) 772 { 773 long size_of_base_struct = elems - (const char *)base; 774 const struct xt_entry_target *t; 775 const char *e = base; 776 777 /* target start is within the ip/ip6/arpt_entry struct */ 778 if (target_offset < size_of_base_struct) 779 return -EINVAL; 780 781 if (target_offset + sizeof(*t) > next_offset) 782 return -EINVAL; 783 784 t = (void *)(e + target_offset); 785 if (t->u.target_size < sizeof(*t)) 786 return -EINVAL; 787 788 if (target_offset + t->u.target_size > next_offset) 789 return -EINVAL; 790 791 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) { 792 const struct xt_standard_target *st = (const void *)t; 793 794 if (XT_ALIGN(target_offset + sizeof(*st)) != next_offset) 795 return -EINVAL; 796 > 797 if (!verdict_ok(st->verdict)) 798 return -EINVAL; 799 } 800 801 return xt_check_entry_match(elems, base + target_offset, 802 __alignof__(struct xt_entry_match)); 803 } 804 EXPORT_SYMBOL(xt_check_entry_offsets); 805 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:master 8/24] net/netfilter/x_tables.c:819:8: error: implicit declaration of function 'error_tg_ok'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 16ac8a76bb641919747e8dd64d29890464df5c58 commit: 472ebdcd15ebdb8ebe20474ef1ce09abcb241e7d [8/24] netfilter: x_tables: check error target size too config: alpha-defconfig (attached as .config) compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 472ebdcd15ebdb8ebe20474ef1ce09abcb241e7d # save the attached .config to linux build tree make.cross ARCH=alpha All errors (new ones prefixed by >>): net/netfilter/x_tables.c: In function 'xt_check_entry_offsets': net/netfilter/x_tables.c:814:8: error: implicit declaration of function 'verdict_ok'; did you mean 'vprintk'? [-Werror=implicit-function-declaration] if (!verdict_ok(st->verdict)) ^~ vprintk >> net/netfilter/x_tables.c:819:8: error: implicit declaration of function >> 'error_tg_ok' [-Werror=implicit-function-declaration] if (!error_tg_ok(t->u.target_size, sizeof(*et), ^~~ cc1: some warnings being treated as errors vim +/error_tg_ok +819 net/netfilter/x_tables.c 741 742 /** 743 * xt_check_entry_offsets - validate arp/ip/ip6t_entry 744 * 745 * @base: pointer to arp/ip/ip6t_entry 746 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems 747 * @target_offset: the arp/ip/ip6_t->target_offset 748 * @next_offset: the arp/ip/ip6_t->next_offset 749 * 750 * validates that target_offset and next_offset are sane and that all 751 * match sizes (if any) align with the target offset. 752 * 753 * This function does not validate the targets or matches themselves, it 754 * only tests that all the offsets and sizes are correct, that all 755 * match structures are aligned, and that the last structure ends where 756 * the target structure begins. 757 * 758 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version. 759 * 760 * The arp/ip/ip6t_entry structure @base must have passed following tests: 761 * - it must point to a valid memory location 762 * - base to base + next_offset must be accessible, i.e. not exceed allocated 763 * length. 764 * 765 * A well-formed entry looks like this: 766 * 767 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata] ip(6)t_entry 768 * e->elems[]-' | | 769 *matchsize | | 770 *matchsize | | 771 * | | 772 * target_offset-' | 773 * next_offset---' 774 * 775 * elems[]: flexible array member at end of ip(6)/arpt_entry struct. 776 * This is where matches (if any) and the target reside. 777 * target_offset: beginning of target. 778 * next_offset: start of the next rule; also: size of this rule. 779 * Since targets have a minimum size, target_offset + minlen <= next_offset. 780 * 781 * Every match stores its size, sum of sizes must not exceed target_offset. 782 * 783 * Return: 0 on success, negative errno on failure. 784 */ 785 int xt_check_entry_offsets(const void *base, 786 const char *elems, 787 unsigned int target_offset, 788 unsigned int next_offset) 789 { 790 long size_of_base_struct = elems - (const char *)base; 791 const struct xt_entry_target *t; 792 const char *e = base; 793 794 /* target start is within the ip/ip6/arpt_entry struct */ 795 if (target_offset < size_of_base_struct) 796 return -EINVAL; 797 798 if (target_offset + sizeof(*t) > next_offset) 799 return -EINVAL; 800 801 t = (void *)(e + target_offset); 802 if (t->u.target_size < sizeof(*t)) 803 return -EINVAL; 804 805 if (target_offset + t->u.target_size > next_offset) 806 return -EINVAL; 807 808 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) { 809 const struct xt_standard_target *st = (const void *)t; 810 811 if (XT_ALIGN(target_offset + sizeof(*st)) != next_offset) 812 return -EINVAL; 813 > 814 if (!verdict_ok(st->verdict)) 815 return -EINVAL; 816 } else if (strcmp(t->u.user.name, XT_ERROR_TARGET) == 0) {
[nf-next:master 7/24] net/netfilter/x_tables.c:797:8: error: implicit declaration of function 'verdict_ok'; did you mean 'vprintk'?
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 16ac8a76bb641919747e8dd64d29890464df5c58 commit: 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 [7/24] netfilter: x_tables: check standard verdicts in core config: alpha-defconfig (attached as .config) compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 07a9da51b4b6aece8bc71e0b1b601fc4c3eb8b64 # save the attached .config to linux build tree make.cross ARCH=alpha All errors (new ones prefixed by >>): net/netfilter/x_tables.c: In function 'xt_check_entry_offsets': >> net/netfilter/x_tables.c:797:8: error: implicit declaration of function >> 'verdict_ok'; did you mean 'vprintk'? [-Werror=implicit-function-declaration] if (!verdict_ok(st->verdict)) ^~ vprintk cc1: some warnings being treated as errors vim +797 net/netfilter/x_tables.c 724 725 /** 726 * xt_check_entry_offsets - validate arp/ip/ip6t_entry 727 * 728 * @base: pointer to arp/ip/ip6t_entry 729 * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems 730 * @target_offset: the arp/ip/ip6_t->target_offset 731 * @next_offset: the arp/ip/ip6_t->next_offset 732 * 733 * validates that target_offset and next_offset are sane and that all 734 * match sizes (if any) align with the target offset. 735 * 736 * This function does not validate the targets or matches themselves, it 737 * only tests that all the offsets and sizes are correct, that all 738 * match structures are aligned, and that the last structure ends where 739 * the target structure begins. 740 * 741 * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version. 742 * 743 * The arp/ip/ip6t_entry structure @base must have passed following tests: 744 * - it must point to a valid memory location 745 * - base to base + next_offset must be accessible, i.e. not exceed allocated 746 * length. 747 * 748 * A well-formed entry looks like this: 749 * 750 * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata] ip(6)t_entry 751 * e->elems[]-' | | 752 *matchsize | | 753 *matchsize | | 754 * | | 755 * target_offset-' | 756 * next_offset---' 757 * 758 * elems[]: flexible array member at end of ip(6)/arpt_entry struct. 759 * This is where matches (if any) and the target reside. 760 * target_offset: beginning of target. 761 * next_offset: start of the next rule; also: size of this rule. 762 * Since targets have a minimum size, target_offset + minlen <= next_offset. 763 * 764 * Every match stores its size, sum of sizes must not exceed target_offset. 765 * 766 * Return: 0 on success, negative errno on failure. 767 */ 768 int xt_check_entry_offsets(const void *base, 769 const char *elems, 770 unsigned int target_offset, 771 unsigned int next_offset) 772 { 773 long size_of_base_struct = elems - (const char *)base; 774 const struct xt_entry_target *t; 775 const char *e = base; 776 777 /* target start is within the ip/ip6/arpt_entry struct */ 778 if (target_offset < size_of_base_struct) 779 return -EINVAL; 780 781 if (target_offset + sizeof(*t) > next_offset) 782 return -EINVAL; 783 784 t = (void *)(e + target_offset); 785 if (t->u.target_size < sizeof(*t)) 786 return -EINVAL; 787 788 if (target_offset + t->u.target_size > next_offset) 789 return -EINVAL; 790 791 if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0) { 792 const struct xt_standard_target *st = (const void *)t; 793 794 if (XT_ALIGN(target_offset + sizeof(*st)) != next_offset) 795 return -EINVAL; 796 > 797 if (!verdict_ok(st->verdict)) 798 return -EINVAL; 799 } 800 801 return xt_check_entry_match(elems, base + target_offset, 802 __alignof__(struct xt_entry_match)); 803 } 804 EXPORT_SYMBOL(xt_check_entry_offsets); 805 --- 0-DAY kernel test infrastructure
Re: [PATCH nf 1/2] netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount
Hi Florian, I love your patch! Perhaps something to improve: [auto build test WARNING on nf/master] url: https://github.com/0day-ci/linux/commits/Florian-Westphal/netfilter-ipt_CLUSTERIP-two-more-fixes/20180219-090236 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> include/linux/rculist.h:130:25: sparse: context imbalance in >> 'clusterip_tg_check' - unexpected unlock include/linux/rculist.h:130:25: sparse: context imbalance in 'clusterip_tg_destroy' - unexpected unlock vim +/clusterip_tg_check +130 include/linux/rculist.h 82524746 Franck Bui-Huu 2008-05-12 103 82524746 Franck Bui-Huu 2008-05-12 104 /** 82524746 Franck Bui-Huu 2008-05-12 105 * list_del_rcu - deletes entry from list without re-initialization 82524746 Franck Bui-Huu 2008-05-12 106 * @entry: the element to delete from the list. 82524746 Franck Bui-Huu 2008-05-12 107 * 82524746 Franck Bui-Huu 2008-05-12 108 * Note: list_empty() on entry does not return true after this, 82524746 Franck Bui-Huu 2008-05-12 109 * the entry is in an undefined state. It is useful for RCU based 82524746 Franck Bui-Huu 2008-05-12 110 * lockfree traversal. 82524746 Franck Bui-Huu 2008-05-12 111 * 82524746 Franck Bui-Huu 2008-05-12 112 * In particular, it means that we can not poison the forward 82524746 Franck Bui-Huu 2008-05-12 113 * pointers that may still be used for walking the list. 82524746 Franck Bui-Huu 2008-05-12 114 * 82524746 Franck Bui-Huu 2008-05-12 115 * The caller must take whatever precautions are necessary 82524746 Franck Bui-Huu 2008-05-12 116 * (such as holding appropriate locks) to avoid racing 82524746 Franck Bui-Huu 2008-05-12 117 * with another list-mutation primitive, such as list_del_rcu() 82524746 Franck Bui-Huu 2008-05-12 118 * or list_add_rcu(), running on this same list. 82524746 Franck Bui-Huu 2008-05-12 119 * However, it is perfectly legal to run concurrently with 82524746 Franck Bui-Huu 2008-05-12 120 * the _rcu list-traversal primitives, such as 82524746 Franck Bui-Huu 2008-05-12 121 * list_for_each_entry_rcu(). 82524746 Franck Bui-Huu 2008-05-12 122 * 82524746 Franck Bui-Huu 2008-05-12 123 * Note that the caller is not permitted to immediately free 82524746 Franck Bui-Huu 2008-05-12 124 * the newly deleted entry. Instead, either synchronize_rcu() 82524746 Franck Bui-Huu 2008-05-12 125 * or call_rcu() must be used to defer freeing until an RCU 82524746 Franck Bui-Huu 2008-05-12 126 * grace period has elapsed. 82524746 Franck Bui-Huu 2008-05-12 127 */ 82524746 Franck Bui-Huu 2008-05-12 128 static inline void list_del_rcu(struct list_head *entry) 82524746 Franck Bui-Huu 2008-05-12 129 { 559f9bad Dave Jones 2012-03-14 @130 __list_del_entry(entry); 82524746 Franck Bui-Huu 2008-05-12 131 entry->prev = LIST_POISON2; 82524746 Franck Bui-Huu 2008-05-12 132 } 82524746 Franck Bui-Huu 2008-05-12 133 :: The code at line 130 was first introduced by commit :: 559f9badd11ddf399f88b18b4c0f110fd511ae53 rcu: List-debug variants of rcu list routines. :: TO: Dave Jones:: CC: Paul E. McKenney --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf:master 1/9] arch/x86/tools/insn_decoder_test: warning: ffffffff817c07c3: 0f ff e9 ud0 %ecx,%ebp
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master head: b408c5b04f82fe4e20bceb8e4f219453d4f21f02 commit: 0537250fdc6c876ed4cbbe874c739aebef493ee2 [1/9] netfilter: x_tables: make allocation less aggressive config: x86_64-rhel-7.2 (attached as .config) compiler: gcc-7 (Debian 7.3.0-1) 7.3.0 reproduce: git checkout 0537250fdc6c876ed4cbbe874c739aebef493ee2 # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817aed81: 0f ff c3 ud0%ebx,%eax arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817aedb1: 0f ff c3 ud0%ebx,%eax arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817af95b: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b03d7: 0f ff e9 ud0%ecx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b050c: 0f ff e9 ud0%ecx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b0dcf: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b0e20: 0f ff e9 ud0%ecx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2b67: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2b91: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2bc7: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2bf1: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2c2f: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2c61: 0f ff eb ud0%ebx,%ebp arch/x86/tools/insn_decoder_test: warning: objdump says 3 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test: warning: 817b2d4d: 0f ff 48 8d ud0-0x73(%rax),%ecx arch/x86/tools/insn_decoder_test: warning: objdump says 4 bytes, but insn_get_length() says 2 arch/x86/tools/insn_decoder_test: warning: Found an x86 instruction decoder bug, please report this. arch/x86/tools/insn_decoder_test:
[nf:flow-offload-hw-v2 6/6] net/netfilter/nf_flow_table_inet.o:undefined reference to `nf_flow_table_init'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git flow-offload-hw-v2 head: d2a66b6aae8b1294d8cb550520485eeb03fa1619 commit: d2a66b6aae8b1294d8cb550520485eeb03fa1619 [6/6] netfilter: nf_flow_table: add hardware offload support config: sparc64-allyesconfig (attached as .config) compiler: sparc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout d2a66b6aae8b1294d8cb550520485eeb03fa1619 # save the attached .config to linux build tree make.cross ARCH=sparc64 All errors (new ones prefixed by >>): `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o `.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o >> net/netfilter/nf_flow_table_inet.o:(.data+0x20): undefined reference to >> `nf_flow_table_init' >> net/ipv4/netfilter/nf_flow_table_ipv4.o:(.data+0x20): undefined reference to >> `nf_flow_table_init' >> net/ipv6/netfilter/nf_flow_table_ipv6.o:(.data+0x20): undefined reference to >> `nf_flow_table_init' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf:flow-offload-hw-v2 6/6] net/netfilter/nf_flow_table_inet.o:undefined reference to `nf_flow_table_init'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git flow-offload-hw-v2 head: d2a66b6aae8b1294d8cb550520485eeb03fa1619 commit: d2a66b6aae8b1294d8cb550520485eeb03fa1619 [6/6] netfilter: nf_flow_table: add hardware offload support config: alpha-allyesconfig (attached as .config) compiler: alpha-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout d2a66b6aae8b1294d8cb550520485eeb03fa1619 # save the attached .config to linux build tree make.cross ARCH=alpha All errors (new ones prefixed by >>): >> net/netfilter/nf_flow_table_inet.o:(.data.rel+0x20): undefined reference to >> `nf_flow_table_init' >> net/ipv4/netfilter/nf_flow_table_ipv4.o:(.data.rel+0x20): undefined >> reference to `nf_flow_table_init' >> net/ipv6/netfilter/nf_flow_table_ipv6.o:(.data.rel+0x20): undefined >> reference to `nf_flow_table_init' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:master 27/32] net/netfilter/nf_tables_api.c:4331:19: sparse: symbol 'nf_tables_obj_lookup_byhandle' was not declared. Should it be static?
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: e55311665286ab2744295575948c2b08dc001bf3 commit: 3ecbfd65f50e5ff9c538c1bfa3356ef52cc66586 [27/32] netfilter: nf_tables: allocate handle and delete objects via handle reproduce: # apt-get install sparse git checkout 3ecbfd65f50e5ff9c538c1bfa3356ef52cc66586 make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) net/netfilter/nf_tables_api.c:1180:31: sparse: incorrect type in return expression (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1180:31: expected struct nft_stats net/netfilter/nf_tables_api.c:1180:31: got void COPYING CREDITS Documentation Kbuild Kconfig MAINTAINERS Makefile README arch block certs crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools usr virt net/netfilter/nf_tables_api.c:1183:31: sparse: incorrect type in return expression (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1183:31: expected struct nft_stats net/netfilter/nf_tables_api.c:1183:31: got void COPYING CREDITS Documentation Kbuild Kconfig MAINTAINERS Makefile README arch block certs crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools usr virt net/netfilter/nf_tables_api.c:1187:31: sparse: incorrect type in return expression (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1187:31: expected struct nft_stats net/netfilter/nf_tables_api.c:1187:31: got void COPYING CREDITS Documentation Kbuild Kconfig MAINTAINERS Makefile README arch block certs crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools usr virt net/netfilter/nf_tables_api.c:1210:28: sparse: cast between address spaces (->) net/netfilter/nf_tables_api.c:1210:28: sparse: incompatible types in comparison expression (different address spaces) net/netfilter/nf_tables_api.c:1464:23: sparse: incorrect type in assignment (different address spaces) @@ expected struct nft_stats @@ got struct nft_stats struct nft_stats @@ net/netfilter/nf_tables_api.c:1472:29: sparse: incorrect type in argument 1 (different address spaces) @@ expected void @@ got @@ net/netfilter/nf_tables_api.c:1476:38: sparse: incorrect type in assignment (different address spaces) @@ expected struct nft_stats @@ got @@ net/netfilter/nf_tables_api.c:1490:37: sparse: incorrect type in argument 1 (different address spaces) @@ expected void @@ got @@ >> net/netfilter/nf_tables_api.c:4331:19: sparse: symbol >> 'nf_tables_obj_lookup_byhandle' was not declared. Should it be net/netfilter/nf_tables_api.c:4360:41: sparse: Variable length array is used. >> net/netfilter/nf_tables_api.c:4853:22: sparse: symbol >> 'nf_tables_flowtable_lookup_byhandle' was not declared. Should it be Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH nf-next] netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static
Fixes: 3ecbfd65f50e ("netfilter: nf_tables: allocate handle and delete objects via handle") Signed-off-by: Fengguang Wu--- nf_tables_api.c |8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 1addc401..b0129a0 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4328,9 +4328,9 @@ struct nft_object *nf_tables_obj_lookup(const struct nft_table *table, } EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); -struct nft_object *nf_tables_obj_lookup_byhandle(const struct nft_table *table, -const struct nlattr *nla, -u32 objtype, u8 genmask) +static struct nft_object *nf_tables_obj_lookup_byhandle(const struct nft_table *table, + const struct nlattr *nla, + u32 objtype, u8 genmask) { struct nft_object *obj; @@ -4850,7 +4850,7 @@ struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, } EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); -struct nft_flowtable * +static struct nft_flowtable * nf_tables_flowtable_lookup_byhandle(const struct nft_table *table, const struct nlattr *nla, u8 genmask) { -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:master 16/16] net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has no member named '_nfct'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 902d6a4c2a4f411582689e53fb101895ffe99028 commit: 902d6a4c2a4f411582689e53fb101895ffe99028 [16/16] netfilter: nf_defrag: Skip defrag if NOTRACK is set config: x86_64-randconfig-it0-01121151 (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 902d6a4c2a4f411582689e53fb101895ffe99028 # save the attached .config to linux build tree make ARCH=x86_64 All error/warnings (new ones prefixed by >>): In file included from include/uapi/linux/swab.h:6:0, from include/linux/swab.h:5, from include/uapi/linux/byteorder/little_endian.h:13, from include/linux/byteorder/little_endian.h:5, from arch/x86/include/uapi/asm/byteorder.h:5, from include/uapi/linux/ipv6.h:8, from include/linux/ipv6.h:5, from net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:10: net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: In function 'ipv6_defrag': >> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has >> no member named '_nfct' if (skb->_nfct == IP_CT_UNTRACKED) ^ include/linux/compiler.h:58:30: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:2: note: in expansion of macro >> 'if' if (skb->_nfct == IP_CT_UNTRACKED) ^~ >> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has >> no member named '_nfct' if (skb->_nfct == IP_CT_UNTRACKED) ^ include/linux/compiler.h:58:42: note: in definition of macro '__trace_if' if (__builtin_constant_p(!!(cond)) ? !!(cond) : \ ^~~~ >> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:2: note: in expansion of macro >> 'if' if (skb->_nfct == IP_CT_UNTRACKED) ^~ >> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:9: error: 'struct sk_buff' has >> no member named '_nfct' if (skb->_nfct == IP_CT_UNTRACKED) ^ include/linux/compiler.h:69:16: note: in definition of macro '__trace_if' __r = !!(cond); \ ^~~~ >> net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68:2: note: in expansion of macro >> 'if' if (skb->_nfct == IP_CT_UNTRACKED) ^~ net/ipv6/netfilter/nf_defrag_ipv6_hooks.c: At top level: include/linux/compiler.h:64:4: warning: '__f' is static but declared in inline function 'strcpy' which is not static __f = { \ ^ include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if' #define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) ) ^~ include/linux/string.h:425:2: note: in expansion of macro 'if' if (p_size == (size_t)-1 && q_size == (size_t)-1) ^~ include/linux/compiler.h:64:4: warning: '__f' is static but declared in inline function 'kmemdup' which is not static __f = { \ ^ include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if' #define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) ) ^~ include/linux/string.h:415:2: note: in expansion of macro 'if' if (p_size < size) ^~ include/linux/compiler.h:64:4: warning: '__f' is static but declared in inline function 'kmemdup' which is not static __f = { \ ^ include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if' #define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) ) ^~ include/linux/string.h:413:2: note: in expansion of macro 'if' if (__builtin_constant_p(size) && p_size < size) ^~ include/linux/compiler.h:64:4: warning: '__f' is static but declared in inline function 'memchr_inv' which is not static __f = { \ ^ include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if' #define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) ) ^~ include/linux/string.h:404:2: note: in expansion of macro 'if' if (p_size < size) ^~ include/linux/compiler.h:64:4: warning: '__f' is static but declared in inline function 'memchr_inv' which is not static __f = { \ ^ include/linux/compiler.h:56:23: note: in expansion of macro '__trace_if' #define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) ) ^~ include/linux/string.h:402:2: note: in expansion of macro 'if' if (__builtin_constant_p(size) && p_size < size) ^~ include/linux/compiler.h:64:4: warning: '__f' is static but declared in inline function 'memchr' which is not static __f = { \ ^
[nf-next:master 16/16] WARNING: vmlinux.o(.data+0x1911f0): Section mismatch in reference from the variable packet_raw to the function .init.text:iptable_raw_table_init()
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master head: 902d6a4c2a4f411582689e53fb101895ffe99028 commit: 902d6a4c2a4f411582689e53fb101895ffe99028 [16/16] netfilter: nf_defrag: Skip defrag if NOTRACK is set config: x86_64-nfsroot (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 902d6a4c2a4f411582689e53fb101895ffe99028 # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): >> WARNING: vmlinux.o(.data+0x1911f0): Section mismatch in reference from the >> variable packet_raw to the function .init.text:iptable_raw_table_init() The variable packet_raw references the function __init iptable_raw_table_init() If the reference is valid then annotate the variable with or __refdata (see linux/init.h) or name the variable: --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf/master] [also build test ERROR on v4.15-rc7 next-20180110] [cannot apply to nf-next/master] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nf_tables-delete-table-via-table-handle/20180111-153748 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: x86_64-rhel (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net//netfilter/nf_tables_api.c: In function '__nft_table_lookup_byhandle': >> net//netfilter/nf_tables_api.c:375:22: error: 'struct nft_table' has no >> member named 'handle' if (handle == table->handle && ^~ net//netfilter/nf_tables_api.c: In function 'nf_tables_deltable': >> net//netfilter/nf_tables_api.c:890:66: error: 'NFTA_TABLE_HANDLE' undeclared >> (first use in this function); did you mean 'NFTA_RULE_HANDLE'? if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL)) ^ NFTA_RULE_HANDLE net//netfilter/nf_tables_api.c:890:66: note: each undeclared identifier is reported only once for each function it appears in vim +375 net//netfilter/nf_tables_api.c 368 369 static struct nft_table *__nft_table_lookup_byhandle(const struct nft_af_info *afi, 370 u64 handle, u8 genmask) 371 { 372 struct nft_table *table; 373 374 list_for_each_entry(table, >tables, list) { > 375 if (handle == table->handle && 376 nft_active_genmask(table, genmask)) 377 return table; 378 } 379 return NULL; 380 } 381 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
Hi Harsha, Thank you for the patch! Yet something to improve: [auto build test ERROR on nf/master] [also build test ERROR on v4.15-rc7 next-20180110] [cannot apply to nf-next/master] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nf_tables-delete-table-via-table-handle/20180111-153748 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master config: x86_64-randconfig-u0-0920 (attached as .config) compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net//netfilter/nf_tables_api.c: In function '__nft_table_lookup_byhandle': net//netfilter/nf_tables_api.c:375:22: error: 'struct nft_table' has no member named 'handle' if (handle == table->handle && ^ net//netfilter/nf_tables_api.c: In function 'nf_tables_deltable': >> net//netfilter/nf_tables_api.c:890:66: error: 'NFTA_TABLE_HANDLE' undeclared >> (first use in this function) if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL)) ^ net//netfilter/nf_tables_api.c:890:66: note: each undeclared identifier is reported only once for each function it appears in vim +/NFTA_TABLE_HANDLE +890 net//netfilter/nf_tables_api.c 876 877 static int nf_tables_deltable(struct net *net, struct sock *nlsk, 878struct sk_buff *skb, const struct nlmsghdr *nlh, 879const struct nlattr * const nla[], 880struct netlink_ext_ack *extack) 881 { 882 const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 883 u8 genmask = nft_genmask_next(net); 884 struct nft_af_info *afi; 885 struct nft_table *table; 886 int family = nfmsg->nfgen_family; 887 struct nft_ctx ctx; 888 889 nft_ctx_init(, net, skb, nlh, NULL, NULL, NULL, nla); > 890 if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && > nla[NFTA_TABLE_HANDLE] == NULL)) 891 return nft_flush(, family); 892 893 afi = nf_tables_afinfo_lookup(net, family, false); 894 if (IS_ERR(afi)) 895 return PTR_ERR(afi); 896 if (nla[NFTA_TABLE_HANDLE]) 897 table = nf_tables_table_lookup_byhandle(afi, nla[NFTA_TABLE_HANDLE], genmask); 898 else 899 table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask); 900 901 if (IS_ERR(table)) 902 return PTR_ERR(table); 903 904 if (nlh->nlmsg_flags & NLM_F_NONREC && 905 table->use > 0) 906 return -EBUSY; 907 908 ctx.afi = afi; 909 ctx.table = table; 910 911 return nft_flush_table(); 912 } 913 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[RFC PATCH nf-next] netfilter: nf_tables: nft_flow_offload_type can be static
Fixes: db2ff0f2f440 ("netfilter: nf_tables: flow offload expression") Signed-off-by: Fengguang Wu--- nft_flow_offload.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b7c7082..e7f16fe 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -176,7 +176,7 @@ static int nft_flow_offload_dump(struct sk_buff *skb, const struct nft_expr *exp return -1; } -struct nft_expr_type nft_flow_offload_type; +static struct nft_expr_type nft_flow_offload_type; static const struct nft_expr_ops nft_flow_offload_ops = { .type = _flow_offload_type, .size = NFT_EXPR_SIZE(sizeof(struct nft_flow_offload)), -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH V5 5/5] netfilter: nf_nat_snmp_basic: use asn1 decoder library
Hi Taehee, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] [also build test WARNING on v4.15-rc7 next-20180105] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Taehee-Yoo/netfilter-nf_nat_snmp_basic-remove-useless-comment/20180108-110506 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) >> net/ipv4/netfilter/nf_nat_snmp_basic_main.c:222:9: sparse: incompatible >> types in comparison expression (different address spaces) net/ipv4/netfilter/nf_nat_snmp_basic_main.c:229:9: sparse: incompatible types in comparison expression (different address spaces) vim +222 net/ipv4/netfilter/nf_nat_snmp_basic_main.c 218 219 static int __init nf_nat_snmp_basic_init(void) 220 { 221 BUG_ON(nf_nat_snmp_hook != NULL); > 222 RCU_INIT_POINTER(nf_nat_snmp_hook, help); 223 224 return nf_conntrack_helper_register(_trap_helper); 225 } 226 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:for-net-next4 37/40] net/netfilter/utils.c:60: undefined reference to `nf_ip_route'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next4 head: 9b68071a2526dae4aeae359916ce31698a64599f commit: 6c23627f164a73658e5d7d5032025e459bd0a485 [37/40] netfilter: move route indirection to struct nf_ipv6_ops config: i386-randconfig-a1-201752 (attached as .config) compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4 reproduce: git checkout 6c23627f164a73658e5d7d5032025e459bd0a485 # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:15: undefined reference to `nf_ip_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': net/netfilter/utils.c:37: undefined reference to `nf_ip_checksum_partial' net/netfilter/utils.o: In function `nf_route': >> net/netfilter/utils.c:60: undefined reference to `nf_ip_route' vim +60 net/netfilter/utils.c 5 6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 7 unsigned int dataoff, u_int8_t protocol, 8 unsigned short family) 9 { 10 const struct nf_ipv6_ops *v6ops; 11 __sum16 csum = 0; 12 13 switch (family) { 14 case AF_INET: > 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 16 break; 17 case AF_INET6: 18 v6ops = rcu_dereference(nf_ipv6_ops); 19 if (v6ops) 20 csum = v6ops->checksum(skb, hook, dataoff, protocol); 21 break; 22 } 23 24 return csum; 25 } 26 EXPORT_SYMBOL_GPL(nf_checksum); 27 28 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, 29 unsigned int dataoff, unsigned int len, 30 u_int8_t protocol, unsigned short family) 31 { 32 const struct nf_ipv6_ops *v6ops; 33 __sum16 csum = 0; 34 35 switch (family) { 36 case AF_INET: 37 csum = nf_ip_checksum_partial(skb, hook, dataoff, len, 38protocol); 39 break; 40 case AF_INET6: 41 v6ops = rcu_dereference(nf_ipv6_ops); 42 if (v6ops) 43 csum = v6ops->checksum_partial(skb, hook, dataoff, len, 44 protocol); 45 break; 46 } 47 48 return csum; 49 } 50 EXPORT_SYMBOL_GPL(nf_checksum_partial); 51 52 int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl, 53 bool strict, unsigned short family) 54 { 55 const struct nf_ipv6_ops *v6ops; 56 int ret = 0; 57 58 switch (family) { 59 case AF_INET: > 60 ret = nf_ip_route(net, dst, fl, strict); --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
Re: [PATCH V4 5/5] netfilter: nf_nat_snmp_basic: use asn1 decoder library
Hi Taehee, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] [also build test WARNING on v4.15-rc5 next-20171222] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Taehee-Yoo/netfilter-nf_nat_snmp_basic-use-ASN-1-decoder/20171226-091030 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master reproduce: # apt-get install sparse make ARCH=x86_64 allmodconfig make C=1 CF=-D__CHECK_ENDIAN__ sparse warnings: (new ones prefixed by >>) Please review and possibly fold the followup patch. --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[RFC PATCH] netfilter: nf_nat_snmp_basic: snmp_version() can be static
Fixes: 499b2f89cea8 ("netfilter: nf_nat_snmp_basic: use asn1 decoder library") Signed-off-by: Fengguang Wu--- nf_nat_snmp_basic_main.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic_main.c b/net/ipv4/netfilter/nf_nat_snmp_basic_main.c index b6e2770..b16d3ad 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic_main.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic_main.c @@ -101,8 +101,8 @@ static void fast_csum(struct snmp_ctx *ctx, unsigned char offset) ~csum_unfold(*ctx->check))); } -int snmp_version(void *context, size_t hdrlen, unsigned char tag, -const void *data, size_t datalen) +static int snmp_version(void *context, size_t hdrlen, unsigned char tag, + const void *data, size_t datalen) { if (*(unsigned char *)data > 1) return -ENOTSUPP; -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[nf-next:for-net-next3 38/40] net/netfilter/utils.c:56: undefined reference to `nf_ip6_reroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 63cfa51ca37a4b4fb6b3d994c9c775920457252e [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: x86_64-randconfig-s2-12200210 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: git checkout 63cfa51ca37a4b4fb6b3d994c9c775920457252e # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:18: undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': net/netfilter/utils.c:38: undefined reference to `nf_ip6_checksum_partial' net/netfilter/utils.o: In function `nf_reroute': >> net/netfilter/utils.c:56: undefined reference to `nf_ip6_reroute' net/netfilter/utils.o: In function `nf_saveroute': net/netfilter/utils.c:70: undefined reference to `nf_ip6_saveroute' vim +56 net/netfilter/utils.c 6 7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 8 unsigned int dataoff, u_int8_t protocol, 9 unsigned short family) 10 { 11 __sum16 csum = 0; 12 13 switch (family) { 14 case AF_INET: 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 16 break; 17 case AF_INET6: > 18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol); 19 break; 20 } 21 22 return csum; 23 } 24 EXPORT_SYMBOL_GPL(nf_checksum); 25 26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, 27 unsigned int dataoff, unsigned int len, 28 u_int8_t protocol, unsigned short family) 29 { 30 __sum16 csum = 0; 31 32 switch (family) { 33 case AF_INET: 34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len, 35protocol); 36 break; 37 case AF_INET6: 38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len, 39 protocol); 40 break; 41 } 42 43 return csum; 44 } 45 EXPORT_SYMBOL_GPL(nf_checksum_partial); 46 47 int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry) 48 { 49 int ret = 0; 50 51 switch (entry->state.pf) { 52 case AF_INET: 53 ret = nf_ip_reroute(skb, entry); 54 break; 55 case AF_INET6: > 56 ret = nf_ip6_reroute(skb, entry); 57 break; 58 } 59 60 return ret; 61 } 62 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 38/40] (.text.nf_reroute+0x58): undefined reference to `nf_ip6_reroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 63cfa51ca37a4b4fb6b3d994c9c775920457252e [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: parisc-allmodconfig (attached as .config) compiler: hppa-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout 63cfa51ca37a4b4fb6b3d994c9c775920457252e # save the attached .config to linux build tree make.cross ARCH=parisc All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': (.text.nf_checksum+0x78): undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': (.text.nf_checksum_partial+0x88): undefined reference to `nf_ip6_checksum_partial' net/netfilter/utils.o: In function `nf_reroute': >> (.text.nf_reroute+0x58): undefined reference to `nf_ip6_reroute' net/netfilter/utils.o: In function `nf_saveroute': (.text.nf_saveroute+0x58): undefined reference to `nf_ip6_saveroute' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 36/40] net/netfilter/utils.c:54: undefined reference to `nf_ip6_saveroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: e58c72119d0fa35020c144317509fe9494c441bd [36/40] netfilter: remove saveroute indirection in struct nf_afinfo config: x86_64-randconfig-s2-12200210 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: git checkout e58c72119d0fa35020c144317509fe9494c441bd # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:18: undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': net/netfilter/utils.c:38: undefined reference to `nf_ip6_checksum_partial' net/netfilter/utils.o: In function `nf_saveroute': >> net/netfilter/utils.c:54: undefined reference to `nf_ip6_saveroute' vim +54 net/netfilter/utils.c 6 7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 8 unsigned int dataoff, u_int8_t protocol, 9 unsigned short family) 10 { 11 __sum16 csum = 0; 12 13 switch (family) { 14 case AF_INET: 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 16 break; 17 case AF_INET6: > 18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol); 19 break; 20 } 21 22 return csum; 23 } 24 EXPORT_SYMBOL_GPL(nf_checksum); 25 26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, 27 unsigned int dataoff, unsigned int len, 28 u_int8_t protocol, unsigned short family) 29 { 30 __sum16 csum = 0; 31 32 switch (family) { 33 case AF_INET: 34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len, 35protocol); 36 break; 37 case AF_INET6: 38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len, 39 protocol); 40 break; 41 } 42 43 return csum; 44 } 45 EXPORT_SYMBOL_GPL(nf_checksum_partial); 46 47 void nf_saveroute(const struct sk_buff *skb, struct nf_queue_entry *entry) 48 { 49 switch (entry->state.pf) { 50 case AF_INET: 51 nf_ip_saveroute(skb, entry); 52 break; 53 case AF_INET6: > 54 nf_ip6_saveroute(skb, entry); --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 36/40] (.text.nf_saveroute+0x58): undefined reference to `nf_ip6_saveroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: e58c72119d0fa35020c144317509fe9494c441bd [36/40] netfilter: remove saveroute indirection in struct nf_afinfo config: parisc-allmodconfig (attached as .config) compiler: hppa-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross git checkout e58c72119d0fa35020c144317509fe9494c441bd # save the attached .config to linux build tree make.cross ARCH=parisc All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': (.text.nf_checksum+0x78): undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': (.text.nf_checksum_partial+0x88): undefined reference to `nf_ip6_checksum_partial' net/netfilter/utils.o: In function `nf_saveroute': >> (.text.nf_saveroute+0x58): undefined reference to `nf_ip6_saveroute' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 35/40] utils.c:undefined reference to `nf_ip6_checksum_partial'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 1033afac404a403b3ae982702061e7808b80e597 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 1033afac404a403b3ae982702061e7808b80e597 # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': utils.c:(.text+0x35): undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': >> utils.c:(.text+0x88): undefined reference to `nf_ip6_checksum_partial' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 35/40] net/netfilter/utils.c:37: undefined reference to `nf_ip6_checksum_partial'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 1033afac404a403b3ae982702061e7808b80e597 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config: x86_64-randconfig-s2-12200210 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: git checkout 1033afac404a403b3ae982702061e7808b80e597 # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:17: undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': >> net/netfilter/utils.c:37: undefined reference to `nf_ip6_checksum_partial' vim +37 net/netfilter/utils.c 5 6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 7 unsigned int dataoff, u_int8_t protocol, 8 unsigned short family) 9 { 10 __sum16 csum = 0; 11 12 switch (family) { 13 case AF_INET: 14 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 15 break; 16 case AF_INET6: > 17 csum = nf_ip6_checksum(skb, hook, dataoff, protocol); 18 break; 19 } 20 21 return csum; 22 } 23 EXPORT_SYMBOL_GPL(nf_checksum); 24 25 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, 26 unsigned int dataoff, unsigned int len, 27 u_int8_t protocol, unsigned short family) 28 { 29 __sum16 csum = 0; 30 31 switch (family) { 32 case AF_INET: 33 csum = nf_ip_checksum_partial(skb, hook, dataoff, len, 34protocol); 35 break; 36 case AF_INET6: > 37 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len, --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 37/40] net/netfilter/xt_addrtype.c:55: undefined reference to `nf_ip6_route'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 4a61f6d1f4eddcb006e6d6ed1a90c81737c6dc0a [37/40] netfilter: remove route indirection in struct nf_afinfo config: i386-randconfig-a1-12171902 (attached as .config) compiler: gcc-4.9 (Debian 4.9.4-2) 4.9.4 reproduce: git checkout 4a61f6d1f4eddcb006e6d6ed1a90c81737c6dc0a # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:18: undefined reference to `nf_ip6_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': net/netfilter/utils.c:38: undefined reference to `nf_ip6_checksum_partial' net/netfilter/utils.o: In function `nf_saveroute': net/netfilter/utils.c:54: undefined reference to `nf_ip6_saveroute' net/netfilter/xt_addrtype.o: In function `match_lookup_rt6': >> net/netfilter/xt_addrtype.c:55: undefined reference to `nf_ip6_route' >> net/netfilter/xt_addrtype.c:55: undefined reference to `nf_ip6_route' vim +55 net/netfilter/xt_addrtype.c 34 35 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) 36 static u32 match_lookup_rt6(struct net *net, const struct net_device *dev, 37 const struct in6_addr *addr, u16 mask) 38 { 39 const struct nf_ipv6_ops *v6ops; 40 struct flowi6 flow; 41 struct rt6_info *rt; 42 u32 ret = 0; 43 int route_err; 44 45 memset(, 0, sizeof(flow)); 46 flow.daddr = *addr; 47 if (dev) 48 flow.flowi6_oif = dev->ifindex; 49 50 if (dev && (mask & XT_ADDRTYPE_LOCAL)) { 51 v6ops = nf_get_ipv6_ops(); 52 if (v6ops && v6ops->chk_addr(net, addr, dev, true)) 53 ret = XT_ADDRTYPE_LOCAL; 54 } > 55 route_err = nf_ip6_route(net, (struct dst_entry **), 56 flowi6_to_flowi(), false); 57 if (route_err) 58 return XT_ADDRTYPE_UNREACHABLE; 59 60 if (rt->rt6i_flags & RTF_REJECT) 61 ret = XT_ADDRTYPE_UNREACHABLE; 62 63 if (dev == NULL && rt->rt6i_flags & RTF_LOCAL) 64 ret |= XT_ADDRTYPE_LOCAL; 65 if (ipv6_anycast_destination((struct dst_entry *)rt, addr)) 66 ret |= XT_ADDRTYPE_ANYCAST; 67 68 dst_release(>dst); 69 return ret; 70 } 71 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next2 38/40] net/netfilter/utils.c:53: undefined reference to `nf_ip_reroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: 56cd0e50caf4a1cb0fc743c53f3f7b3ad7a5f717 [38/40] netfilter: remove reroute indirection in struct nf_afinfo config: x86_64-randconfig-i0-201751 (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 56cd0e50caf4a1cb0fc743c53f3f7b3ad7a5f717 # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:15: undefined reference to `nf_ip_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': net/netfilter/utils.c:34: undefined reference to `nf_ip_checksum_partial' net/netfilter/utils.o: In function `nf_reroute': >> net/netfilter/utils.c:53: undefined reference to `nf_ip_reroute' net/netfilter/utils.o: In function `nf_saveroute': net/netfilter/utils.c:67: undefined reference to `nf_ip_saveroute' vim +53 net/netfilter/utils.c 6 7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 8 unsigned int dataoff, u_int8_t protocol, 9 unsigned short family) 10 { 11 __sum16 csum = 0; 12 13 switch (family) { 14 case AF_INET: > 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 16 break; 17 case AF_INET6: 18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol); 19 break; 20 } 21 22 return csum; 23 } 24 EXPORT_SYMBOL_GPL(nf_checksum); 25 26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, 27 unsigned int dataoff, unsigned int len, 28 u_int8_t protocol, unsigned short family) 29 { 30 __sum16 csum = 0; 31 32 switch (family) { 33 case AF_INET: 34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len, 35protocol); 36 break; 37 case AF_INET6: 38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len, 39 protocol); 40 break; 41 } 42 43 return csum; 44 } 45 EXPORT_SYMBOL_GPL(nf_checksum_partial); 46 47 int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry) 48 { 49 int ret = 0; 50 51 switch (entry->state.pf) { 52 case AF_INET: > 53 ret = nf_ip_reroute(skb, entry); 54 break; 55 case AF_INET6: 56 ret = nf_ip6_reroute(skb, entry); 57 break; 58 } 59 60 return ret; 61 } 62 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 34/40] utils.c:undefined reference to `nf_ip6_checksum'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 188efacae54f7b9f1421a238da93d5289a3704a0 [34/40] netfilter: remove checksum indirection in struct nf_afinfo config: i386-allmodconfig (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout 188efacae54f7b9f1421a238da93d5289a3704a0 # save the attached .config to linux build tree make ARCH=i386 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': >> utils.c:(.text+0x35): undefined reference to `nf_ip6_checksum' --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next3 34/40] net/netfilter/utils.c:17: undefined reference to `nf_ip6_checksum'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next3 head: dfbb1c16489ca1b93e3f8aebc74d9229f1d87cc6 commit: 188efacae54f7b9f1421a238da93d5289a3704a0 [34/40] netfilter: remove checksum indirection in struct nf_afinfo config: x86_64-randconfig-s2-12200210 (attached as .config) compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026 reproduce: git checkout 188efacae54f7b9f1421a238da93d5289a3704a0 # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': >> net/netfilter/utils.c:17: undefined reference to `nf_ip6_checksum' vim +17 net/netfilter/utils.c 5 6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 7 unsigned int dataoff, u_int8_t protocol, 8 unsigned short family) 9 { 10 __sum16 csum = 0; 11 12 switch (family) { 13 case AF_INET: 14 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 15 break; 16 case AF_INET6: > 17 csum = nf_ip6_checksum(skb, hook, dataoff, protocol); --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next2 36/40] net/netfilter/utils.c:51: undefined reference to `nf_ip_saveroute'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: d0f3d3b94e3a8765b0034127780d57f304af11fe [36/40] netfilter: remove saveroute indirection in struct nf_afinfo config: x86_64-randconfig-i0-201751 (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout d0f3d3b94e3a8765b0034127780d57f304af11fe # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:15: undefined reference to `nf_ip_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': net/netfilter/utils.c:34: undefined reference to `nf_ip_checksum_partial' net/netfilter/utils.o: In function `nf_saveroute': >> net/netfilter/utils.c:51: undefined reference to `nf_ip_saveroute' vim +51 net/netfilter/utils.c 6 7 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 8 unsigned int dataoff, u_int8_t protocol, 9 unsigned short family) 10 { 11 __sum16 csum = 0; 12 13 switch (family) { 14 case AF_INET: > 15 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 16 break; 17 case AF_INET6: 18 csum = nf_ip6_checksum(skb, hook, dataoff, protocol); 19 break; 20 } 21 22 return csum; 23 } 24 EXPORT_SYMBOL_GPL(nf_checksum); 25 26 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, 27 unsigned int dataoff, unsigned int len, 28 u_int8_t protocol, unsigned short family) 29 { 30 __sum16 csum = 0; 31 32 switch (family) { 33 case AF_INET: 34 csum = nf_ip_checksum_partial(skb, hook, dataoff, len, 35protocol); 36 break; 37 case AF_INET6: 38 csum = nf_ip6_checksum_partial(skb, hook, dataoff, len, 39 protocol); 40 break; 41 } 42 43 return csum; 44 } 45 EXPORT_SYMBOL_GPL(nf_checksum_partial); 46 47 void nf_saveroute(const struct sk_buff *skb, struct nf_queue_entry *entry) 48 { 49 switch (entry->state.pf) { 50 case AF_INET: > 51 nf_ip_saveroute(skb, entry); --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip
[nf-next:for-net-next2 35/40] net/netfilter/utils.c:33: undefined reference to `nf_ip_checksum_partial'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git for-net-next2 head: 7c3f8641178fb63c1e970a23e3743e89fc92be81 commit: d0cdeba2fc5ef7f97bdcf5d31266a25802372009 [35/40] netfilter: remove checksum_partial indirection in struct nf_afinfo config: x86_64-randconfig-i0-201751 (attached as .config) compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025 reproduce: git checkout d0cdeba2fc5ef7f97bdcf5d31266a25802372009 # save the attached .config to linux build tree make ARCH=x86_64 All errors (new ones prefixed by >>): net/netfilter/utils.o: In function `nf_checksum': net/netfilter/utils.c:14: undefined reference to `nf_ip_checksum' net/netfilter/utils.o: In function `nf_checksum_partial': >> net/netfilter/utils.c:33: undefined reference to `nf_ip_checksum_partial' vim +33 net/netfilter/utils.c 5 6 __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, 7 unsigned int dataoff, u_int8_t protocol, 8 unsigned short family) 9 { 10 __sum16 csum = 0; 11 12 switch (family) { 13 case AF_INET: > 14 csum = nf_ip_checksum(skb, hook, dataoff, protocol); 15 break; 16 case AF_INET6: 17 csum = nf_ip6_checksum(skb, hook, dataoff, protocol); 18 break; 19 } 20 21 return csum; 22 } 23 EXPORT_SYMBOL_GPL(nf_checksum); 24 25 __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, 26 unsigned int dataoff, unsigned int len, 27 u_int8_t protocol, unsigned short family) 28 { 29 __sum16 csum = 0; 30 31 switch (family) { 32 case AF_INET: > 33 csum = nf_ip_checksum_partial(skb, hook, dataoff, len, --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: application/gzip