Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c1e9e01d authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 



Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

The following patchset container Netfilter/IPVS update for net-next:

1) Add UDP tunnel support for ICMP errors in IPVS.

Julian Anastasov says:

This patchset is a followup to the commit that adds UDP/GUE tunnel:
"ipvs: allow tunneling with gue encapsulation".

What we do is to put tunnel real servers in hash table (patch 1),
add function to lookup tunnels (patch 2) and use it to strip the
embedded tunnel headers from ICMP errors (patch 3).

2) Extend xt_owner to match for supplementary groups, from
   Lukasz Pawelczyk.

3) Remove unused oif field in flow_offload_tuple object, from
   Taehee Yoo.

4) Release basechain counters from workqueue to skip synchronize_rcu()
   call. From Florian Westphal.

5) Replace skb_make_writable() by skb_ensure_writable(). Patchset
   from Florian Westphal.

6) Checksum support for gue encapsulation in IPVS, from Jacky Hu.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 0462eaac 29930e31

include/linux/netfilter.h

+0 −5
Original line number Diff line number Diff line
@@ -336,11 +336,6 @@ int compat_nf_getsockopt(struct sock *sk, u_int8_t pf, int optval, 
		char __user *opt, int *len);

#endif



/* Call this before modifying an existing packet: ensures it is

   modifiable and linear to the point you care about (writable_len).

   Returns true or false. */

int skb_make_writable(struct sk_buff *skb, unsigned int writable_len);



struct flowi;

struct nf_queue_entry;

include/net/ip_vs.h

+8 −0
Original line number Diff line number Diff line
@@ -603,6 +603,7 @@ struct ip_vs_dest_user_kern { 


	u16			tun_type;	/* tunnel type */

	__be16			tun_port;	/* tunnel port */

	u16			tun_flags;	/* tunnel flags */

};
@@ -665,6 +666,7 @@ struct ip_vs_dest { 
	atomic_t		last_weight;	/* server latest weight */

	__u16			tun_type;	/* tunnel type */

	__be16			tun_port;	/* tunnel port */

	__u16			tun_flags;	/* tunnel flags */



	refcount_t		refcnt;		/* reference counter */

	struct ip_vs_stats      stats;          /* statistics */
@@ -1404,6 +1406,9 @@ bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol, 
struct ip_vs_dest *

ip_vs_find_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol,

			const union nf_inet_addr *daddr, __be16 dport);

struct ip_vs_dest *ip_vs_find_tunnel(struct netns_ipvs *ipvs, int af,

				     const union nf_inet_addr *daddr,

				     __be16 tun_port);



int ip_vs_use_count_inc(void);

void ip_vs_use_count_dec(void);
@@ -1497,6 +1502,9 @@ static inline int ip_vs_todrop(struct netns_ipvs *ipvs) 
static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }

#endif



#define IP_VS_DFWD_METHOD(dest) (atomic_read(&(dest)->conn_flags) & \

				 IP_VS_CONN_F_FWD_MASK)



/* ip_vs_fwd_tag returns the forwarding tag of the connection */

#define IP_VS_FWD_METHOD(cp)  (cp->flags & IP_VS_CONN_F_FWD_MASK)

include/net/netfilter/nf_flow_table.h

+0 −2
Original line number Diff line number Diff line
@@ -53,8 +53,6 @@ struct flow_offload_tuple { 
	u8				l4proto;

	u8				dir;



	int				oifidx;



	u16				mtu;



	struct dst_entry		*dst_cache;

include/uapi/linux/ip_vs.h

+7 −0
Original line number Diff line number Diff line
@@ -131,6 +131,11 @@ enum { 
	IP_VS_CONN_F_TUNNEL_TYPE_MAX,

};



/* Tunnel encapsulation flags */

#define IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM		(0)

#define IP_VS_TUNNEL_ENCAP_FLAG_CSUM		(1 << 0)

#define IP_VS_TUNNEL_ENCAP_FLAG_REMCSUM		(1 << 1)



/*

 *	The struct ip_vs_service_user and struct ip_vs_dest_user are

 *	used to set IPVS rules through setsockopt.
@@ -403,6 +408,8 @@ enum { 


	IPVS_DEST_ATTR_TUN_PORT,	/* tunnel port */



	IPVS_DEST_ATTR_TUN_FLAGS,	/* tunnel flags */



	__IPVS_DEST_ATTR_MAX,

};

include/uapi/linux/netfilter/xt_owner.h

+4 −3
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ enum { 
	XT_OWNER_UID          = 1 << 0,

	XT_OWNER_GID          = 1 << 1,

	XT_OWNER_SOCKET       = 1 << 2,

	XT_OWNER_SUPPL_GROUPS = 1 << 3,

};



struct xt_owner_match_info {