From: kernel test robot <lkp@intel.com>
To: Cole Dishington <Cole.Dishington@alliedtelesis.co.nz>,
pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de,
davem@davemloft.net, kuba@kernel.org, shuah@kernel.org
Cc: llvm@lists.linux.dev, kbuild-all@lists.01.org,
linux-kernel@vger.kernel.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org, netdev@vger.kernel.org
Subject: Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
Date: Tue, 7 Sep 2021 13:14:06 +0800 [thread overview]
Message-ID: <202109071335.nzVG1KjE-lkp@intel.com> (raw)
In-Reply-To: <20210907021415.962-1-Cole.Dishington@alliedtelesis.co.nz>
[-- Attachment #1: Type: text/plain, Size: 6053 bytes --]
Hi Cole,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net/master]
url: https://github.com/0day-ci/linux/commits/Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210907-101823
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git b539c44df067ac116ec1b58b956efda51b6a7fc1
config: arm-randconfig-r003-20210906 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 9c476172b93367d2cb88d7d3f4b1b5b456fa6020)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://github.com/0day-ci/linux/commit/3d790f5d7c3d6069948749b4697090adfcc48e51
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210907-101823
git checkout 3d790f5d7c3d6069948749b4697090adfcc48e51
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> net/netfilter/nf_nat_core.c:373:6: warning: no previous prototype for function 'nf_nat_l4proto_unique_tuple' [-Wmissing-prototypes]
void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
^
net/netfilter/nf_nat_core.c:373:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
^
static
1 warning generated.
vim +/nf_nat_l4proto_unique_tuple +373 net/netfilter/nf_nat_core.c
367
368 /* Alter the per-proto part of the tuple (depending on maniptype), to
369 * give a unique tuple in the given range if possible.
370 *
371 * Per-protocol part of tuple is initialized to the incoming packet.
372 */
> 373 void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
374 const struct nf_nat_range2 *range,
375 enum nf_nat_manip_type maniptype,
376 const struct nf_conn *ct)
377 {
378 unsigned int range_size, min, max, i, attempts;
379 __be16 *keyptr;
380 u16 off;
381 static const unsigned int max_attempts = 128;
382
383 switch (tuple->dst.protonum) {
384 case IPPROTO_ICMP:
385 case IPPROTO_ICMPV6:
386 /* id is same for either direction... */
387 keyptr = &tuple->src.u.icmp.id;
388 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
389 min = 0;
390 range_size = 65536;
391 } else {
392 min = ntohs(range->min_proto.icmp.id);
393 range_size = ntohs(range->max_proto.icmp.id) -
394 ntohs(range->min_proto.icmp.id) + 1;
395 }
396 goto find_free_id;
397 #if IS_ENABLED(CONFIG_NF_CT_PROTO_GRE)
398 case IPPROTO_GRE:
399 /* If there is no master conntrack we are not PPTP,
400 do not change tuples */
401 if (!ct->master)
402 return;
403
404 if (maniptype == NF_NAT_MANIP_SRC)
405 keyptr = &tuple->src.u.gre.key;
406 else
407 keyptr = &tuple->dst.u.gre.key;
408
409 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
410 min = 1;
411 range_size = 65535;
412 } else {
413 min = ntohs(range->min_proto.gre.key);
414 range_size = ntohs(range->max_proto.gre.key) - min + 1;
415 }
416 goto find_free_id;
417 #endif
418 case IPPROTO_UDP:
419 case IPPROTO_UDPLITE:
420 case IPPROTO_TCP:
421 case IPPROTO_SCTP:
422 case IPPROTO_DCCP:
423 if (maniptype == NF_NAT_MANIP_SRC)
424 keyptr = &tuple->src.u.all;
425 else
426 keyptr = &tuple->dst.u.all;
427
428 break;
429 default:
430 return;
431 }
432
433 /* If no range specified... */
434 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
435 /* If it's dst rewrite, can't change port */
436 if (maniptype == NF_NAT_MANIP_DST)
437 return;
438
439 if (ntohs(*keyptr) < 1024) {
440 /* Loose convention: >> 512 is credential passing */
441 if (ntohs(*keyptr) < 512) {
442 min = 1;
443 range_size = 511 - min + 1;
444 } else {
445 min = 600;
446 range_size = 1023 - min + 1;
447 }
448 } else {
449 min = 1024;
450 range_size = 65535 - 1024 + 1;
451 }
452 } else {
453 min = ntohs(range->min_proto.all);
454 max = ntohs(range->max_proto.all);
455 if (unlikely(max < min))
456 swap(max, min);
457 range_size = max - min + 1;
458 }
459
460 find_free_id:
461 if (range->flags & NF_NAT_RANGE_PROTO_OFFSET)
462 off = (ntohs(*keyptr) - ntohs(range->base_proto.all));
463 else
464 off = prandom_u32();
465
466 attempts = range_size;
467 if (attempts > max_attempts)
468 attempts = max_attempts;
469
470 /* We are in softirq; doing a search of the entire range risks
471 * soft lockup when all tuples are already used.
472 *
473 * If we can't find any free port from first offset, pick a new
474 * one and try again, with ever smaller search window.
475 */
476 another_round:
477 for (i = 0; i < attempts; i++, off++) {
478 *keyptr = htons(min + off % range_size);
479 if (!nf_nat_used_tuple(tuple, ct))
480 return;
481 }
482
483 if (attempts >= range_size || attempts < 16)
484 return;
485 attempts /= 2;
486 off = prandom_u32();
487 goto another_round;
488 }
489
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 26493 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED
Date: Tue, 07 Sep 2021 13:14:06 +0800 [thread overview]
Message-ID: <202109071335.nzVG1KjE-lkp@intel.com> (raw)
In-Reply-To: <20210907021415.962-1-Cole.Dishington@alliedtelesis.co.nz>
[-- Attachment #1: Type: text/plain, Size: 6219 bytes --]
Hi Cole,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net/master]
url: https://github.com/0day-ci/linux/commits/Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210907-101823
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git b539c44df067ac116ec1b58b956efda51b6a7fc1
config: arm-randconfig-r003-20210906 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 9c476172b93367d2cb88d7d3f4b1b5b456fa6020)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://github.com/0day-ci/linux/commit/3d790f5d7c3d6069948749b4697090adfcc48e51
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Cole-Dishington/net-netfilter-Fix-port-selection-of-FTP-for-NF_NAT_RANGE_PROTO_SPECIFIED/20210907-101823
git checkout 3d790f5d7c3d6069948749b4697090adfcc48e51
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> net/netfilter/nf_nat_core.c:373:6: warning: no previous prototype for function 'nf_nat_l4proto_unique_tuple' [-Wmissing-prototypes]
void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
^
net/netfilter/nf_nat_core.c:373:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
^
static
1 warning generated.
vim +/nf_nat_l4proto_unique_tuple +373 net/netfilter/nf_nat_core.c
367
368 /* Alter the per-proto part of the tuple (depending on maniptype), to
369 * give a unique tuple in the given range if possible.
370 *
371 * Per-protocol part of tuple is initialized to the incoming packet.
372 */
> 373 void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
374 const struct nf_nat_range2 *range,
375 enum nf_nat_manip_type maniptype,
376 const struct nf_conn *ct)
377 {
378 unsigned int range_size, min, max, i, attempts;
379 __be16 *keyptr;
380 u16 off;
381 static const unsigned int max_attempts = 128;
382
383 switch (tuple->dst.protonum) {
384 case IPPROTO_ICMP:
385 case IPPROTO_ICMPV6:
386 /* id is same for either direction... */
387 keyptr = &tuple->src.u.icmp.id;
388 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
389 min = 0;
390 range_size = 65536;
391 } else {
392 min = ntohs(range->min_proto.icmp.id);
393 range_size = ntohs(range->max_proto.icmp.id) -
394 ntohs(range->min_proto.icmp.id) + 1;
395 }
396 goto find_free_id;
397 #if IS_ENABLED(CONFIG_NF_CT_PROTO_GRE)
398 case IPPROTO_GRE:
399 /* If there is no master conntrack we are not PPTP,
400 do not change tuples */
401 if (!ct->master)
402 return;
403
404 if (maniptype == NF_NAT_MANIP_SRC)
405 keyptr = &tuple->src.u.gre.key;
406 else
407 keyptr = &tuple->dst.u.gre.key;
408
409 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
410 min = 1;
411 range_size = 65535;
412 } else {
413 min = ntohs(range->min_proto.gre.key);
414 range_size = ntohs(range->max_proto.gre.key) - min + 1;
415 }
416 goto find_free_id;
417 #endif
418 case IPPROTO_UDP:
419 case IPPROTO_UDPLITE:
420 case IPPROTO_TCP:
421 case IPPROTO_SCTP:
422 case IPPROTO_DCCP:
423 if (maniptype == NF_NAT_MANIP_SRC)
424 keyptr = &tuple->src.u.all;
425 else
426 keyptr = &tuple->dst.u.all;
427
428 break;
429 default:
430 return;
431 }
432
433 /* If no range specified... */
434 if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
435 /* If it's dst rewrite, can't change port */
436 if (maniptype == NF_NAT_MANIP_DST)
437 return;
438
439 if (ntohs(*keyptr) < 1024) {
440 /* Loose convention: >> 512 is credential passing */
441 if (ntohs(*keyptr) < 512) {
442 min = 1;
443 range_size = 511 - min + 1;
444 } else {
445 min = 600;
446 range_size = 1023 - min + 1;
447 }
448 } else {
449 min = 1024;
450 range_size = 65535 - 1024 + 1;
451 }
452 } else {
453 min = ntohs(range->min_proto.all);
454 max = ntohs(range->max_proto.all);
455 if (unlikely(max < min))
456 swap(max, min);
457 range_size = max - min + 1;
458 }
459
460 find_free_id:
461 if (range->flags & NF_NAT_RANGE_PROTO_OFFSET)
462 off = (ntohs(*keyptr) - ntohs(range->base_proto.all));
463 else
464 off = prandom_u32();
465
466 attempts = range_size;
467 if (attempts > max_attempts)
468 attempts = max_attempts;
469
470 /* We are in softirq; doing a search of the entire range risks
471 * soft lockup when all tuples are already used.
472 *
473 * If we can't find any free port from first offset, pick a new
474 * one and try again, with ever smaller search window.
475 */
476 another_round:
477 for (i = 0; i < attempts; i++, off++) {
478 *keyptr = htons(min + off % range_size);
479 if (!nf_nat_used_tuple(tuple, ct))
480 return;
481 }
482
483 if (attempts >= range_size || attempts < 16)
484 return;
485 attempts /= 2;
486 off = prandom_u32();
487 goto another_round;
488 }
489
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 26493 bytes --]
next prev parent reply other threads:[~2021-09-07 5:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-07 2:14 [PATCH net v2] net: netfilter: Fix port selection of FTP for NF_NAT_RANGE_PROTO_SPECIFIED Cole Dishington
2021-09-07 5:14 ` kernel test robot [this message]
2021-09-07 5:14 ` kernel test robot
2021-09-07 13:54 ` Florian Westphal
2021-09-07 15:11 ` Jan Engelhardt
2021-09-08 2:22 ` Duncan Roe
2021-09-08 6:52 ` Jan Engelhardt
2021-09-07 14:11 ` kernel test robot
2021-09-07 14:11 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202109071335.nzVG1KjE-lkp@intel.com \
--to=lkp@intel.com \
--cc=Cole.Dishington@alliedtelesis.co.nz \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=kbuild-all@lists.01.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.