From: kernel test robot <lkp@intel.com>
To: Cole Dishington <Cole.Dishington@alliedtelesis.co.nz>,
pablo@netfilter.org
Cc: kbuild-all@lists.01.org, kadlec@netfilter.org, fw@strlen.de,
davem@davemloft.net, kuba@kernel.org, shuah@kernel.org,
linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org, netdev@vger.kernel.org
Subject: Re: [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
Date: Wed, 28 Jul 2021 13:23:33 +0800 [thread overview]
Message-ID: <202107281353.pGmCqOxp-lkp@intel.com> (raw)
In-Reply-To: <20210728032134.21983-1-Cole.Dishington@alliedtelesis.co.nz>
[-- Attachment #1: Type: text/plain, Size: 5890 bytes --]
Hi Cole,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
[also build test WARNING on nf/master ipvs/master v5.14-rc3 next-20210727]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210728-112306
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: xtensa-allyesconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 10.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/2e0f4c593d92890a9a5b0098b3f20a6486b4019d
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210728-112306
git checkout 2e0f4c593d92890a9a5b0098b3f20a6486b4019d
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-10.3.0 make.cross ARCH=xtensa
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> net/netfilter/nf_nat_core.c:363:6: warning: no previous prototype for 'nf_nat_l4proto_unique_tuple' [-Wmissing-prototypes]
363 | void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +/nf_nat_l4proto_unique_tuple +363 net/netfilter/nf_nat_core.c
357
358 /* Alter the per-proto part of the tuple (depending on maniptype), to
359 * give a unique tuple in the given range if possible.
360 *
361 * Per-protocol part of tuple is initialized to the incoming packet.
362 */
> 363 void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
364 const struct nf_nat_range2 *range,
365 enum nf_nat_manip_type maniptype,
366 const struct nf_conn *ct)
367 {
368 unsigned int range_size, min, max, i, attempts;
369 __be16 *keyptr;
370 u16 off;
371 static const unsigned int max_attempts = 128;
372
373 switch (tuple->dst.protonum) {
374 case IPPROTO_ICMP:
375 case IPPROTO_ICMPV6:
376 /* id is same for either direction... */
377 keyptr = &tuple->src.u.icmp.id;
378 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
379 min = 0;
380 range_size = 65536;
381 } else {
382 min = ntohs(range->min_proto.icmp.id);
383 range_size = ntohs(range->max_proto.icmp.id) -
384 ntohs(range->min_proto.icmp.id) + 1;
385 }
386 goto find_free_id;
387 #if IS_ENABLED(CONFIG_NF_CT_PROTO_GRE)
388 case IPPROTO_GRE:
389 /* If there is no master conntrack we are not PPTP,
390 do not change tuples */
391 if (!ct->master)
392 return;
393
394 if (maniptype == NF_NAT_MANIP_SRC)
395 keyptr = &tuple->src.u.gre.key;
396 else
397 keyptr = &tuple->dst.u.gre.key;
398
399 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
400 min = 1;
401 range_size = 65535;
402 } else {
403 min = ntohs(range->min_proto.gre.key);
404 range_size = ntohs(range->max_proto.gre.key) - min + 1;
405 }
406 goto find_free_id;
407 #endif
408 case IPPROTO_UDP:
409 case IPPROTO_UDPLITE:
410 case IPPROTO_TCP:
411 case IPPROTO_SCTP:
412 case IPPROTO_DCCP:
413 if (maniptype == NF_NAT_MANIP_SRC)
414 keyptr = &tuple->src.u.all;
415 else
416 keyptr = &tuple->dst.u.all;
417
418 break;
419 default:
420 return;
421 }
422
423 /* If no range specified... */
424 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
425 /* If it's dst rewrite, can't change port */
426 if (maniptype == NF_NAT_MANIP_DST)
427 return;
428
429 if (ntohs(*keyptr) < 1024) {
430 /* Loose convention: >> 512 is credential passing */
431 if (ntohs(*keyptr) < 512) {
432 min = 1;
433 range_size = 511 - min + 1;
434 } else {
435 min = 600;
436 range_size = 1023 - min + 1;
437 }
438 } else {
439 min = 1024;
440 range_size = 65535 - 1024 + 1;
441 }
442 } else {
443 min = ntohs(range->min_proto.all);
444 max = ntohs(range->max_proto.all);
445 if (unlikely(max < min))
446 swap(max, min);
447 range_size = max - min + 1;
448 }
449
450 find_free_id:
451 if (range->flags & NF_NAT_RANGE_PROTO_OFFSET)
452 off = (ntohs(*keyptr) - ntohs(range->base_proto.all));
453 else
454 off = prandom_u32();
455
456 attempts = range_size;
457 if (attempts > max_attempts)
458 attempts = max_attempts;
459
460 /* We are in softirq; doing a search of the entire range risks
461 * soft lockup when all tuples are already used.
462 *
463 * If we can't find any free port from first offset, pick a new
464 * one and try again, with ever smaller search window.
465 */
466 another_round:
467 for (i = 0; i < attempts; i++, off++) {
468 *keyptr = htons(min + off % range_size);
469 if (!nf_nat_used_tuple(tuple, ct))
470 return;
471 }
472
473 if (attempts >= range_size || attempts < 16)
474 return;
475 attempts /= 2;
476 off = prandom_u32();
477 goto another_round;
478 }
479
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 67880 bytes --]
next prev parent reply other threads:[~2021-07-28 5:24 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-28 3:21 [PATCH] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED Cole Dishington
2021-07-28 5:23 ` kernel test robot [this message]
2021-07-28 9:06 ` Florian Westphal
2021-07-28 10:30 ` kernel test robot
2021-07-28 11:09 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202107281353.pGmCqOxp-lkp@intel.com \
--to=lkp@intel.com \
--cc=Cole.Dishington@alliedtelesis.co.nz \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=kbuild-all@lists.01.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).