Skip to content

Commit

Permalink
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Browse files Browse the repository at this point in the history 
Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

1) Fix NAT IPv6 flowtable hardware offload, from Qingfang DENG.

2) Add a safety check to IPVS socket option interface report a
   warning if unsupported command is seen, this. From Li Qiong.

3) Document SCTP conntrack timeouts, from Sriram Yagnaraman.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: conntrack: document sctp timeouts
  ipvs: add a 'default' case in do_ip_vs_set_ctl()
  netfilter: flowtable: really fix NAT IPv6 offload
====================

Link: https://lore.kernel.org/r/20221213140923.154594-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  • Loading branch information
@kuba-moo
kuba-moo committed Dec 14, 2022
2 parents 2d4ee16 + f9645ab commit 7ae9888
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 3 deletions.
33 changes: 33 additions & 0 deletions Documentation/networking/nf_conntrack-sysctl.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,39 @@ nf_conntrack_timestamp - BOOLEAN

Enable connection tracking flow timestamping.

nf_conntrack_sctp_timeout_closed - INTEGER (seconds)
default 10

nf_conntrack_sctp_timeout_cookie_wait - INTEGER (seconds)
default 3

nf_conntrack_sctp_timeout_cookie_echoed - INTEGER (seconds)
default 3

nf_conntrack_sctp_timeout_established - INTEGER (seconds)
default 432000 (5 days)

nf_conntrack_sctp_timeout_shutdown_sent - INTEGER (seconds)
default 0.3

nf_conntrack_sctp_timeout_shutdown_recd - INTEGER (seconds)
default 0.3

nf_conntrack_sctp_timeout_shutdown_ack_sent - INTEGER (seconds)
default 3

nf_conntrack_sctp_timeout_heartbeat_sent - INTEGER (seconds)
default 30

This timeout is used to setup conntrack entry on secondary paths.
Default is set to hb_interval.

nf_conntrack_sctp_timeout_heartbeat_acked - INTEGER (seconds)
default 210

This timeout is used to setup conntrack entry on secondary paths.
Default is set to (hb_interval * path_max_retrans + rto_max)

nf_conntrack_udp_timeout - INTEGER (seconds)
default 30

Expand Down
5 changes: 5 additions & 0 deletions net/netfilter/ipvs/ip_vs_ctl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2841,6 +2841,11 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, sockptr_t ptr, unsigned int len)
break;
case IP_VS_SO_SET_DELDEST:
ret = ip_vs_del_dest(svc, &udest);
break;
default:
WARN_ON_ONCE(1);
ret = -EINVAL;
break;
}

out_unlock:
Expand Down
6 changes: 3 additions & 3 deletions net/netfilter/nf_flow_table_offload.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,12 +383,12 @@ static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule,
const __be32 *addr, const __be32 *mask)
{
struct flow_action_entry *entry;
int i, j;
int i;

for (i = 0, j = 0; i < sizeof(struct in6_addr) / sizeof(u32); i += sizeof(u32), j++) {
for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i++) {
entry = flow_action_entry_next(flow_rule);
flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6,
offset + i, &addr[j], mask);
offset + i * sizeof(u32), &addr[i], mask);
}
}

Expand Down

0 comments on commit 7ae9888

Please sign in to comment.