| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
There was macro rename in kernel with commit 203b42f73174 ("workqueue:
make deferrable delayed_work initializer names consistent") that renames
INIT_DELAYED_WORK_DEFERRABLE() to INIT_DEFERRABLE_WORK().
Fixes: 33f08da28324 ("netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This type of workqueue according to comment in <linux/workqueue.h> is
same as regular @system_wq when power efficiency scheduler options
disabled.
For old kernels where @system_power_efficient_wq is not available use
regular @system_wq to support ipset on kernels below 3.11.
Fixes: 33f08da28324 ("netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports")
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
| |
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure TCF_EM_IPSET defined and corresponds to current upstream value
if not defined in target kernel. You need iproute2 version that supports
em_ipset to communicate correctly. Include ip_set_compat.h after
pkt_cls.h to prevent TCF_EM_IPSET redefine error.
Detect skb->iif => skb->skb_iif rename after commit 8964be4a9a5c ("net:
rename skb->iif to skb->skb_iif").
Add dev_get_by_index_rcu() define pointing to __dev_get_by_index() to
build on RHEL6 kernels with explicit note that this may not work on all
architectures.
Always build em_ipset regardless of CONFIG_NET_EMATCH_IPSET option.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Since RHEL6 provides it as preprocessor define and does not provide
vlan_tx_tag_present(). Add defines in case of vlan_tx_tag_present()
isn't available to back tc_skb_protocol() to old behaviour before
commit d8b9605d2697 ("net: sched: fix skb->protocol use in case
of accelerated vlan path").
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support for EtherType other than ETH_P_8021Q for VLAN header introduced
with commit 86a9bad3ab6b ("net: vlan: add protocol argument to packet
tagging functions") in upstream kernel since v3.10.
To support build on older kernels check for ->vlan_proto presence in
@struct sk_buff and return htons(ETH_P_8021Q) when it is missing.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
It was introduced with commit f6f3c437d09e ("sched: add cond_resched_rcu()
helper") since v3.11 upstream kernel.
To support building on older kernels add implementation to ip_set_compat.h.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
|
|
|
|
| |
synchronize_rcu_bh() checking
|
|
|
|
|
|
|
|
| |
Both functions are using exactly the same code, except the command value
passed to call_ad function.
Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Two new commands (IPSET_CMD_GET_BYNAME, IPSET_CMD_GET_BYINDEX) are
introduced. The new commands makes possible to eliminate the getsockopt
operation (in iptables set/SET match/target) and thus use only netlink
communication between userspace and kernel for ipset. With the new
protocol version, userspace can exactly know which functionality is
supported by the running kernel.
Both the kernel and userspace is fully backward compatible.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Handle changes in struct xt_action_param and the new xt_family(),
xt_net() interfaces (reported by Jan Engelhardt).
|
|
|
|
|
|
|
| |
We must call nla_put_net64() because ipset uses net order in the netlink
communication.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
| |
devices
Backported from kernel tree.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
|
| |
As xt_action_param lives on the stack this does not bloat any
persistent data structures.
This is a first step in making netfilter code that needs to know
which network namespace it is executing in simpler.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tc code implicitly considers skb->protocol even in case of accelerated
vlan paths and expects vlan protocol type here. However, on rx path,
if the vlan header was already stripped, skb->protocol contains value
of next header. Similar situation is on tx path.
So for skbs that use skb->vlan_tci for tagging, use skb->vlan_proto instead.
Reported-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Backports the patch "libnl: nla_put_net64():align on a 64-bit area" [1]
by Nicolas Dichtel <nicolas.dichtel@6wind.com>
* Since the nla_put_net64() API has been changed, therefore, the
ip_set_compat.h.in should provides the macro IPSET_NLA_PUT_NET64 that
point to the nla_put_net64() with appropriate number of arguments.
The build script should distinguish the API changes by detect for
the existence of nla_put_64bit() function in include/net/netlink.h.
This function was added in the same patches set and called by
the nla_put_be64() that called by nla_put_net64() respectively.
[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=e9bbe898cbe89b17ad3993c136aa13d0431cd537
Signed-off-by: Neutron Soutmun <neo.neutron@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
| |
The issue was reported by Mart Frauenlob.
|
|
|
|
| |
Fixes netfilter bugzilla id #1008
|
|
|
|
| |
Backport patch from Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
| |
|
|
|
|
|
| |
Nikolay Borisov reported that in 3.12.47 RCU_INIT_POINTER is redefined
in ip_set_compat.h.in due to not protecting it individually.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IP addresses are often stored in netlink attributes. Add generic functions
to do that.
For nla_put_in_addr, it would be nicer to pass struct in_addr but this is
not used universally throughout the kernel, in way too many places __be32 is
used to store IPv4 address.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Compatibility part added.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
right now we store this in the nf_bridge_info struct, accessible
via skb->nf_bridge. This patch prepares removal of this pointer from skb:
Instead of using skb->nf_bridge->x, we use helpers to obtain the in/out
device (or ifindexes).
Followup patches to netfilter will then allow nf_bridge_info to be
obtained by a call into the br_netfilter core, rather than keeping a
pointer to it in sk_buff.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
| |
Sergey Popovich pointed out that {set,clear}_bit() operations
must be protected against instruction reordering.
|
|
|
|
|
| |
Try hard to keep the support of the 2.6.32 kernel tree and
simplify the code with self-referential macros.
|
| |
|
|
|
|
| |
list_last_entry is missing on CentOS7, reported by Ricardo Klein.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
It is available since v3.15-rc5.
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| |
|
|
|
|
|
|
|
|
| |
Use rbtree_postorder_for_each_entry_safe() to destroy the rbtree instead
of opencoding an alternate postorder iteration that modifies the tree
Signed-off-by: Cody P Schafer <cody@linux.vnet.ibm.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
|
|
|
| |
Reported by Jan Engelhardt
|
| |
|
|
Instead the kernel source code is checked to verify the different
compatibility issues for the supported kernel releases.
This way hopefully backported features will be handled properly.
|