review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Lorenzo Bianconi <lorenzo@kernel.org>
	Thu, 21 Jul 2022 13:42:39 +0000 (15:42 +0200)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 22 Jul 2022 04:03:16 +0000 (21:03 -0700)
commit	d7e79c97c00ca82dace0e3b645d4b3b02fa273c2
tree	c33f4b595927cda1018fe3dd231f86531457dd9a	tree \| snapshot
parent	aed8ee7feb44b6537af1e0b4f03365d42928be38	commit \| diff

net: netfilter: Add kfuncs to allocate and insert CT

Introduce bpf_xdp_ct_alloc, bpf_skb_ct_alloc and bpf_ct_insert_entry
kfuncs in order to insert a new entry from XDP and TC programs.
Introduce bpf_nf_ct_tuple_parse utility routine to consolidate common
code.

We extract out a helper __nf_ct_set_timeout, used by the ctnetlink and
nf_conntrack_bpf code, extract it out to nf_conntrack_core, so that
nf_conntrack_bpf doesn't need a dependency on CONFIG_NF_CT_NETLINK.
Later this helper will be reused as a helper to set timeout of allocated
but not yet inserted CT entry.

The allocation functions return struct nf_conn___init instead of
nf_conn, to distinguish allocated CT from an already inserted or looked
up CT. This is later used to enforce restrictions on what kfuncs
allocated CT can be used with.

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Co-developed-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220721134245.2450-8-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

include/net/netfilter/nf_conntrack_core.h		diff \| blob \| history
net/netfilter/nf_conntrack_bpf.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history