--- zzzz-none-000/linux-5.4.213/net/netfilter/nf_conntrack_core.c 2022-09-15 10:04:56.000000000 +0000 +++ miami-7690-761/linux-5.4.213/net/netfilter/nf_conntrack_core.c 2024-05-29 11:20:02.000000000 +0000 @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -478,7 +479,7 @@ static void clean_from_lists(struct nf_conn *ct) { - pr_debug("clean_from_lists(%p)\n", ct); + pr_debug("clean_from_lists(%pK)\n", ct); hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode); hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_REPLY].hnnode); @@ -592,7 +593,7 @@ { struct nf_conn *ct = (struct nf_conn *)nfct; - pr_debug("destroy_conntrack(%p)\n", ct); + pr_debug("destroy_conntrack(%pK)\n", ct); WARN_ON(atomic_read(&nfct->use) != 0); if (unlikely(nf_ct_is_template(ct))) { @@ -618,7 +619,7 @@ if (ct->master) nf_ct_put(ct->master); - pr_debug("destroy_conntrack: returning ct=%p to slab\n", ct); + pr_debug("destroy_conntrack: returning ct=%pK to slab\n", ct); nf_conntrack_free(ct); } @@ -979,7 +980,7 @@ return NF_DROP; } - pr_debug("Confirming conntrack %p\n", ct); + pr_debug("Confirming conntrack %pK\n", ct); /* We have to check the DYING flag after unlink to prevent * a race against nf_ct_get_next_corpse() possibly called from * user context, else we insert an already 'dead' hash, blocking @@ -1207,18 +1208,6 @@ return false; } -#define DAY (86400 * HZ) - -/* Set an arbitrary timeout large enough not to ever expire, this save - * us a check for the IPS_OFFLOAD_BIT from the packet path via - * nf_ct_is_expired(). - */ -static void nf_ct_offload_timeout(struct nf_conn *ct) -{ - if (nf_ct_expires(ct) < DAY / 2) - ct->timeout = nfct_time_stamp + DAY; -} - static void gc_worker(struct work_struct *work) { unsigned long end_time = jiffies + GC_SCAN_MAX_DURATION; @@ -1250,10 +1239,8 @@ tmp = nf_ct_tuplehash_to_ctrack(h); - if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) { - nf_ct_offload_timeout(tmp); + if (test_bit(IPS_OFFLOAD_BIT, &tmp->status)) continue; - } if (nf_ct_is_expired(tmp)) { nf_ct_gc_expired(tmp); @@ -1446,6 +1433,7 @@ nf_ct_acct_ext_add(ct, GFP_ATOMIC); nf_ct_tstamp_ext_add(ct, GFP_ATOMIC); nf_ct_labels_ext_add(ct); + nf_ct_dscpremark_ext_add(ct, GFP_ATOMIC); ecache = tmpl ? nf_ct_ecache_find(tmpl) : NULL; nf_ct_ecache_ext_add(ct, ecache ? ecache->ctmask : 0, @@ -1457,7 +1445,7 @@ spin_lock(&nf_conntrack_expect_lock); exp = nf_ct_find_expectation(net, zone, tuple); if (exp) { - pr_debug("expectation arrives ct=%p exp=%p\n", + pr_debug("expectation arrives ct=%pK exp=%pK\n", ct, exp); /* Welcome, Mr. Bond. We've been expecting you... */ __set_bit(IPS_EXPECTED_BIT, &ct->status); @@ -1540,13 +1528,13 @@ } else { /* Once we've had two way comms, always ESTABLISHED. */ if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { - pr_debug("normal packet for %p\n", ct); + pr_debug("normal packet for %pK\n", ct); ctinfo = IP_CT_ESTABLISHED; } else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) { - pr_debug("related packet for %p\n", ct); + pr_debug("related packet for %pK\n", ct); ctinfo = IP_CT_RELATED; } else { - pr_debug("new packet for %p\n", ct); + pr_debug("new packet for %pK\n", ct); ctinfo = IP_CT_NEW; } } @@ -1742,10 +1730,7 @@ { struct nf_conn_help *help = nfct_help(ct); - /* Should be unconfirmed, so not in hash table yet */ - WARN_ON(nf_ct_is_confirmed(ct)); - - pr_debug("Altering reply tuple of %p to ", ct); + pr_debug("Altering reply tuple of %pK to ", ct); nf_ct_dump_tuple(newreply); ct->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply; @@ -2233,6 +2218,7 @@ nf_conntrack_proto_fini(); nf_conntrack_seqadj_fini(); nf_conntrack_labels_fini(); + nf_conntrack_dscpremark_ext_fini(); nf_conntrack_helper_fini(); nf_conntrack_timeout_fini(); nf_conntrack_ecache_fini(); @@ -2467,6 +2453,10 @@ if (!nf_conntrack_cachep) goto err_cachep; + ret = nf_conntrack_dscpremark_ext_init(); + if (ret < 0) + goto err_dscpremark_ext; + ret = nf_conntrack_expect_init(); if (ret < 0) goto err_expect; @@ -2525,6 +2515,8 @@ err_acct: nf_conntrack_expect_fini(); err_expect: + nf_conntrack_dscpremark_ext_fini(); +err_dscpremark_ext: kmem_cache_destroy(nf_conntrack_cachep); err_cachep: kvfree(nf_conntrack_hash); @@ -2586,6 +2578,9 @@ nf_conntrack_helper_pernet_init(net); nf_conntrack_proto_pernet_init(net); +#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS + ATOMIC_INIT_NOTIFIER_HEAD(&net->ct.nf_conntrack_chain); +#endif return 0; err_expect: