Commit 1e40d75e authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Extend nf_queue selftest to cover re-queueing, non-gso mode and
   delayed queueing, from Florian Westphal.

2) Clear skb->tstamp in IPVS forwarding path, from Julian Anastasov.

3) Provide netlink extended error reporting for EEXIST case.

4) Missing VLAN offload tag and proto in log target.
====================

Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents fdafed45 0d9826bc

include/net/netfilter/nf_log.h

+1 −0
Original line number Diff line number Diff line
@@ -108,6 +108,7 @@ int nf_log_dump_tcp_header(struct nf_log_buf *m, const struct sk_buff *skb, 
			   unsigned int logflags);

void nf_log_dump_sk_uid_gid(struct net *net, struct nf_log_buf *m,

			    struct sock *sk);

void nf_log_dump_vlan(struct nf_log_buf *m, const struct sk_buff *skb);

void nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf,

			       unsigned int hooknum, const struct sk_buff *skb,

			       const struct net_device *in,

net/ipv4/netfilter/nf_log_arp.c

+17 −2
Original line number Diff line number Diff line
@@ -43,16 +43,31 @@ static void dump_arp_packet(struct nf_log_buf *m, 
			    const struct nf_loginfo *info,

			    const struct sk_buff *skb, unsigned int nhoff)

{

	const struct arphdr *ah;

	struct arphdr _arph;

	const struct arppayload *ap;

	struct arppayload _arpp;

	const struct arphdr *ah;

	unsigned int logflags;

	struct arphdr _arph;



	ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);

	if (ah == NULL) {

		nf_log_buf_add(m, "TRUNCATED");

		return;

	}



	if (info->type == NF_LOG_TYPE_LOG)

		logflags = info->u.log.logflags;

	else

		logflags = NF_LOG_DEFAULT_MASK;



	if (logflags & NF_LOG_MACDECODE) {

		nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",

			       eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);

		nf_log_dump_vlan(m, skb);

		nf_log_buf_add(m, "MACPROTO=%04x ",

			       ntohs(eth_hdr(skb)->h_proto));

	}



	nf_log_buf_add(m, "ARP HTYPE=%d PTYPE=0x%04x OPCODE=%d",

		       ntohs(ah->ar_hrd), ntohs(ah->ar_pro), ntohs(ah->ar_op));

net/ipv4/netfilter/nf_log_ipv4.c

+4 −2
Original line number Diff line number Diff line
@@ -284,8 +284,10 @@ static void dump_ipv4_mac_header(struct nf_log_buf *m, 


	switch (dev->type) {

	case ARPHRD_ETHER:

		nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",

			       eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,

		nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",

			       eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);

		nf_log_dump_vlan(m, skb);

		nf_log_buf_add(m, "MACPROTO=%04x ",

			       ntohs(eth_hdr(skb)->h_proto));

		return;

	default:

net/ipv6/netfilter/nf_log_ipv6.c

+5 −3
Original line number Diff line number Diff line
@@ -297,8 +297,10 @@ static void dump_ipv6_mac_header(struct nf_log_buf *m, 


	switch (dev->type) {

	case ARPHRD_ETHER:

		nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",

		       eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,

		nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",

			       eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);

		nf_log_dump_vlan(m, skb);

		nf_log_buf_add(m, "MACPROTO=%04x ",

			       ntohs(eth_hdr(skb)->h_proto));

		return;

	default:

net/netfilter/ipvs/ip_vs_xmit.c

+6 −0
Original line number Diff line number Diff line
@@ -609,6 +609,8 @@ static inline int ip_vs_tunnel_xmit_prepare(struct sk_buff *skb, 
	if (ret == NF_ACCEPT) {

		nf_reset_ct(skb);

		skb_forward_csum(skb);

		if (skb->dev)

			skb->tstamp = 0;

	}

	return ret;

}
@@ -649,6 +651,8 @@ static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb, 


	if (!local) {

		skb_forward_csum(skb);

		if (skb->dev)

			skb->tstamp = 0;

		NF_HOOK(pf, NF_INET_LOCAL_OUT, cp->ipvs->net, NULL, skb,

			NULL, skb_dst(skb)->dev, dst_output);

	} else
@@ -669,6 +673,8 @@ static inline int ip_vs_send_or_cont(int pf, struct sk_buff *skb, 
	if (!local) {

		ip_vs_drop_early_demux_sk(skb);

		skb_forward_csum(skb);

		if (skb->dev)

			skb->tstamp = 0;

		NF_HOOK(pf, NF_INET_LOCAL_OUT, cp->ipvs->net, NULL, skb,

			NULL, skb_dst(skb)->dev, dst_output);

	} else

CRA Git | Maintained and supported by SUSTech CRA and CCSE