Lines Matching +full:state +full:- +full:labels
1 // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
2 /* -
70 int i = flow_action->num_entries++; in tcf_ct_flow_table_flow_action_get_next()
72 return &flow_action->entries[i]; in tcf_ct_flow_table_flow_action_get_next()
84 entry->id = FLOW_ACTION_MANGLE; in tcf_ct_add_mangle_action()
85 entry->mangle.htype = htype; in tcf_ct_add_mangle_action()
86 entry->mangle.mask = ~mask; in tcf_ct_add_mangle_action()
87 entry->mangle.offset = offset; in tcf_ct_add_mangle_action()
88 entry->mangle.val = val; in tcf_ct_add_mangle_action()
92 * (target) is different then the current dir tuple - meaning nat for ports
100 if (memcmp(&target.src.u3, &tuple->src.u3, sizeof(target.src.u3))) in tcf_ct_flow_table_add_action_nat_ipv4()
105 if (memcmp(&target.dst.u3, &tuple->dst.u3, sizeof(target.dst.u3))) in tcf_ct_flow_table_add_action_nat_ipv4()
122 0xFFFFFFFF, be32_to_cpu(addr->ip6[i])); in tcf_ct_add_ipv6_addr_mangle_action()
130 if (memcmp(&target.src.u3, &tuple->src.u3, sizeof(target.src.u3))) in tcf_ct_flow_table_add_action_nat_ipv6()
134 if (memcmp(&target.dst.u3, &tuple->dst.u3, sizeof(target.dst.u3))) in tcf_ct_flow_table_add_action_nat_ipv6()
148 if (target_src != tuple->src.u.tcp.port) in tcf_ct_flow_table_add_action_nat_tcp()
152 if (target_dst != tuple->dst.u.tcp.port) in tcf_ct_flow_table_add_action_nat_tcp()
166 if (target_src != tuple->src.u.udp.port) in tcf_ct_flow_table_add_action_nat_udp()
170 if (target_dst != tuple->dst.u.udp.port) in tcf_ct_flow_table_add_action_nat_udp()
186 entry->id = FLOW_ACTION_CT_METADATA; in tcf_ct_flow_table_add_action_meta()
188 entry->ct_metadata.mark = READ_ONCE(ct->mark); in tcf_ct_flow_table_add_action_meta()
191 entry->ct_metadata.cookie = (unsigned long)ct | ctinfo; in tcf_ct_flow_table_add_action_meta()
192 entry->ct_metadata.orig_dir = dir == IP_CT_DIR_ORIGINAL; in tcf_ct_flow_table_add_action_meta()
194 act_ct_labels = entry->ct_metadata.labels; in tcf_ct_flow_table_add_action_meta()
197 memcpy(act_ct_labels, ct_labels->bits, NF_CT_LABELS_MAX_SIZE); in tcf_ct_flow_table_add_action_meta()
207 const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; in tcf_ct_flow_table_add_action_nat()
210 if (!(ct->status & IPS_NAT_MASK)) in tcf_ct_flow_table_add_action_nat()
213 nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple); in tcf_ct_flow_table_add_action_nat()
215 switch (tuple->src.l3num) { in tcf_ct_flow_table_add_action_nat()
225 return -EOPNOTSUPP; in tcf_ct_flow_table_add_action_nat()
236 return -EOPNOTSUPP; in tcf_ct_flow_table_add_action_nat()
247 struct flow_action *action = &flow_rule->rule->action; in tcf_ct_flow_table_fill_actions()
248 int num_entries = action->num_entries; in tcf_ct_flow_table_fill_actions()
249 struct nf_conn *ct = flow->ct; in tcf_ct_flow_table_fill_actions()
257 ctinfo = test_bit(IPS_SEEN_REPLY_BIT, &ct->status) ? in tcf_ct_flow_table_fill_actions()
260 set_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags); in tcf_ct_flow_table_fill_actions()
267 return -EOPNOTSUPP; in tcf_ct_flow_table_fill_actions()
279 for (i = num_entries; i < action->num_entries; i++) in tcf_ct_flow_table_fill_actions()
280 memset(&action->entries[i], 0, sizeof(action->entries[i])); in tcf_ct_flow_table_fill_actions()
281 action->num_entries = num_entries; in tcf_ct_flow_table_fill_actions()
288 return test_bit(IPS_SEEN_REPLY_BIT, &flow->ct->status) && in tcf_ct_flow_is_outdated()
289 test_bit(IPS_HW_OFFLOAD_BIT, &flow->ct->status) && in tcf_ct_flow_is_outdated()
290 !test_bit(NF_FLOW_HW_PENDING, &flow->flags) && in tcf_ct_flow_is_outdated()
291 !test_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags); in tcf_ct_flow_is_outdated()
324 struct zones_ht_key key = { .net = net, .zone = params->zone }; in tcf_ct_flow_table_get()
326 int err = -ENOMEM; in tcf_ct_flow_table_get()
330 if (ct_ft && refcount_inc_not_zero(&ct_ft->ref)) in tcf_ct_flow_table_get()
336 refcount_set(&ct_ft->ref, 1); in tcf_ct_flow_table_get()
338 ct_ft->key = key; in tcf_ct_flow_table_get()
339 err = rhashtable_insert_fast(&zones_ht, &ct_ft->node, zones_params); in tcf_ct_flow_table_get()
343 ct_ft->nf_ft.type = &flowtable_ct; in tcf_ct_flow_table_get()
344 ct_ft->nf_ft.flags |= NF_FLOWTABLE_HW_OFFLOAD | in tcf_ct_flow_table_get()
346 err = nf_flow_table_init(&ct_ft->nf_ft); in tcf_ct_flow_table_get()
349 write_pnet(&ct_ft->nf_ft.net, net); in tcf_ct_flow_table_get()
353 params->ct_ft = ct_ft; in tcf_ct_flow_table_get()
354 params->nf_ft = &ct_ft->nf_ft; in tcf_ct_flow_table_get()
360 rhashtable_remove_fast(&zones_ht, &ct_ft->node, zones_params); in tcf_ct_flow_table_get()
370 refcount_inc(&ct_ft->ref); in tcf_ct_flow_table_get_ref()
380 nf_flow_table_free(&ct_ft->nf_ft); in tcf_ct_flow_table_cleanup_work()
382 block = &ct_ft->nf_ft.flow_block; in tcf_ct_flow_table_cleanup_work()
383 down_write(&ct_ft->nf_ft.flow_block_lock); in tcf_ct_flow_table_cleanup_work()
384 WARN_ON(!list_empty(&block->cb_list)); in tcf_ct_flow_table_cleanup_work()
385 up_write(&ct_ft->nf_ft.flow_block_lock); in tcf_ct_flow_table_cleanup_work()
393 if (refcount_dec_and_test(&ct_ft->ref)) { in tcf_ct_flow_table_put()
394 rhashtable_remove_fast(&zones_ht, &ct_ft->node, zones_params); in tcf_ct_flow_table_put()
395 INIT_RCU_WORK(&ct_ft->rwork, tcf_ct_flow_table_cleanup_work); in tcf_ct_flow_table_put()
396 queue_rcu_work(act_ct_wq, &ct_ft->rwork); in tcf_ct_flow_table_put()
403 entry->tuplehash[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_TC; in tcf_ct_flow_tc_ifidx()
404 entry->tuplehash[dir].tuple.tc.iifidx = act_ct_ext->ifindex[dir]; in tcf_ct_flow_tc_ifidx()
411 act_ct_ext = nf_conn_act_ct_ext_find(entry->ct); in tcf_ct_flow_ct_ext_ifidx_update()
426 if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status)) in tcf_ct_flow_table_add()
436 ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; in tcf_ct_flow_table_add()
437 ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; in tcf_ct_flow_table_add()
440 __set_bit(NF_FLOW_HW_BIDIRECTIONAL, &entry->flags); in tcf_ct_flow_table_add()
448 err = flow_offload_add(&ct_ft->nf_ft, entry); in tcf_ct_flow_table_add()
457 clear_bit(IPS_OFFLOAD_BIT, &ct->status); in tcf_ct_flow_table_add()
470 !test_bit(IPS_ASSURED_BIT, &ct->status) || in tcf_ct_flow_table_process_conn()
471 ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED) in tcf_ct_flow_table_process_conn()
479 if (!test_bit(IPS_ASSURED_BIT, &ct->status)) in tcf_ct_flow_table_process_conn()
488 !test_bit(IPS_ASSURED_BIT, &ct->status) || in tcf_ct_flow_table_process_conn()
489 ct->status & IPS_NAT_MASK) in tcf_ct_flow_table_process_conn()
492 tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; in tcf_ct_flow_table_process_conn()
494 if (tuple->src.u.gre.key || tuple->dst.u.gre.key) in tcf_ct_flow_table_process_conn()
504 ct->status & IPS_SEQ_ADJUST) in tcf_ct_flow_table_process_conn()
525 thoff = iph->ihl * 4; in tcf_ct_flow_table_fill_tuple_ipv4()
531 ipproto = iph->protocol; in tcf_ct_flow_table_fill_tuple_ipv4()
548 if (iph->ttl <= 1) in tcf_ct_flow_table_fill_tuple_ipv4()
560 tuple->src_port = ports->source; in tcf_ct_flow_table_fill_tuple_ipv4()
561 tuple->dst_port = ports->dest; in tcf_ct_flow_table_fill_tuple_ipv4()
567 if ((greh->flags & GRE_VERSION) != GRE_VERSION_0) in tcf_ct_flow_table_fill_tuple_ipv4()
575 tuple->src_v4.s_addr = iph->saddr; in tcf_ct_flow_table_fill_tuple_ipv4()
576 tuple->dst_v4.s_addr = iph->daddr; in tcf_ct_flow_table_fill_tuple_ipv4()
577 tuple->l3proto = AF_INET; in tcf_ct_flow_table_fill_tuple_ipv4()
578 tuple->l4proto = ipproto; in tcf_ct_flow_table_fill_tuple_ipv4()
600 nexthdr = ip6h->nexthdr; in tcf_ct_flow_table_fill_tuple_ipv6()
617 if (ip6h->hop_limit <= 1) in tcf_ct_flow_table_fill_tuple_ipv6()
629 tuple->src_port = ports->source; in tcf_ct_flow_table_fill_tuple_ipv6()
630 tuple->dst_port = ports->dest; in tcf_ct_flow_table_fill_tuple_ipv6()
636 if ((greh->flags & GRE_VERSION) != GRE_VERSION_0) in tcf_ct_flow_table_fill_tuple_ipv6()
644 tuple->src_v6 = ip6h->saddr; in tcf_ct_flow_table_fill_tuple_ipv6()
645 tuple->dst_v6 = ip6h->daddr; in tcf_ct_flow_table_fill_tuple_ipv6()
646 tuple->l3proto = AF_INET6; in tcf_ct_flow_table_fill_tuple_ipv6()
647 tuple->l4proto = nexthdr; in tcf_ct_flow_table_fill_tuple_ipv6()
656 struct nf_flowtable *nf_ft = &p->ct_ft->nf_ft; in tcf_ct_flow_table_lookup()
683 dir = tuplehash->tuple.dir; in tcf_ct_flow_table_lookup()
685 ct = flow->ct; in tcf_ct_flow_table_lookup()
688 !test_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags)) { in tcf_ct_flow_table_lookup()
692 if (test_bit(IPS_ASSURED_BIT, &ct->status)) in tcf_ct_flow_table_lookup()
693 set_bit(NF_FLOW_HW_BIDIRECTIONAL, &flow->flags); in tcf_ct_flow_table_lookup()
694 else if (test_bit(NF_FLOW_HW_ESTABLISHED, &flow->flags)) in tcf_ct_flow_table_lookup()
696 * established state, then don't refresh. in tcf_ct_flow_table_lookup()
702 if (tcph && (unlikely(tcph->fin || tcph->rst))) { in tcf_ct_flow_table_lookup()
708 ctinfo = test_bit(IPS_SEEN_REPLY_BIT, &ct->status) ? in tcf_ct_flow_table_lookup()
716 if (!test_bit(IPS_ASSURED_BIT, &ct->status)) { in tcf_ct_flow_table_lookup()
721 nf_conntrack_get(&ct->ct_general); in tcf_ct_flow_table_lookup()
723 if (nf_ft->flags & NF_FLOWTABLE_COUNTER) in tcf_ct_flow_table_lookup()
724 nf_ct_acct_update(ct, dir, skb->len); in tcf_ct_flow_table_lookup()
745 /* Determine whether skb->_nfct is equal to the result of conntrack lookup. */
755 if (!net_eq(net, read_pnet(&ct->ct_net))) in tcf_ct_skb_nfct_cached()
757 if (nf_ct_zone(ct)->id != p->zone) in tcf_ct_skb_nfct_cached()
759 if (p->helper) { in tcf_ct_skb_nfct_cached()
763 if (help && rcu_access_pointer(help->helper) != p->helper) in tcf_ct_skb_nfct_cached()
768 if ((p->ct_action & TCA_CT_ACT_FORCE) && in tcf_ct_skb_nfct_cached()
808 if (unlikely(skb->len < len)) in tcf_ct_ipv4_is_fragment()
809 return -EINVAL; in tcf_ct_ipv4_is_fragment()
811 return -ENOMEM; in tcf_ct_ipv4_is_fragment()
824 if (unlikely(skb->len < len)) in tcf_ct_ipv6_is_fragment()
825 return -EINVAL; in tcf_ct_ipv6_is_fragment()
827 return -ENOMEM; in tcf_ct_ipv6_is_fragment()
829 nexthdr = ipv6_find_hdr(skb, &payload_ofs, -1, &frag_off, &flags); in tcf_ct_ipv6_is_fragment()
831 return -EPROTO; in tcf_ct_ipv6_is_fragment()
864 tc_skb_cb(skb)->mru = mru; in tcf_ct_handle_fragments()
871 if (params->helper) { in tcf_ct_params_free()
873 if (params->ct_action & TCA_CT_ACT_NAT) in tcf_ct_params_free()
874 nf_nat_helper_put(params->helper); in tcf_ct_params_free()
876 nf_conntrack_helper_put(params->helper); in tcf_ct_params_free()
878 if (params->ct_ft) in tcf_ct_params_free()
879 tcf_ct_flow_table_put(params->ct_ft); in tcf_ct_params_free()
880 if (params->tmpl) { in tcf_ct_params_free()
881 if (params->put_labels) in tcf_ct_params_free()
882 nf_connlabels_put(nf_ct_net(params->tmpl)); in tcf_ct_params_free()
884 nf_ct_put(params->tmpl); in tcf_ct_params_free()
906 new_mark = mark | (READ_ONCE(ct->mark) & ~(mask)); in tcf_ct_act_set_mark()
907 if (READ_ONCE(ct->mark) != new_mark) { in tcf_ct_act_set_mark()
908 WRITE_ONCE(ct->mark, new_mark); in tcf_ct_act_set_mark()
916 u32 *labels, in tcf_ct_act_set_labels() argument
920 size_t labels_sz = sizeof_field(struct tcf_ct_params, labels); in tcf_ct_act_set_labels()
925 nf_connlabels_replace(ct, labels, labels_m, 4); in tcf_ct_act_set_labels()
951 tc_skb_cb(skb)->post_ct_snat = 1; in tcf_ct_act_nat()
953 tc_skb_cb(skb)->post_ct_dnat = 1; in tcf_ct_act_nat()
964 struct net *net = dev_net(skb->dev); in tcf_ct_act()
968 struct nf_hook_state state; in tcf_ct_act() local
978 p = rcu_dereference_bh(c->params); in tcf_ct_act()
980 retval = READ_ONCE(c->tcf_action); in tcf_ct_act()
981 commit = p->ct_action & TCA_CT_ACT_COMMIT; in tcf_ct_act()
982 clear = p->ct_action & TCA_CT_ACT_CLEAR; in tcf_ct_act()
983 tmpl = p->tmpl; in tcf_ct_act()
985 tcf_lastuse_update(&c->tcf_tm); in tcf_ct_act()
986 tcf_action_update_bstats(&c->common, skb); in tcf_ct_act()
989 tc_skb_cb(skb)->post_ct = false; in tcf_ct_act()
1008 err = tcf_ct_handle_fragments(net, skb, family, p->zone, &defrag); in tcf_ct_act()
1031 nf_conntrack_get(&tmpl->ct_general); in tcf_ct_act()
1035 state.hook = NF_INET_PRE_ROUTING; in tcf_ct_act()
1036 state.net = net; in tcf_ct_act()
1037 state.pf = family; in tcf_ct_act()
1038 err = nf_conntrack_in(skb, &state); in tcf_ct_act()
1050 err = tcf_ct_act_nat(skb, ct, ctinfo, p->ct_action, &p->range, commit); in tcf_ct_act()
1054 if (!nf_ct_is_confirmed(ct) && commit && p->helper && !nfct_help(ct)) { in tcf_ct_act()
1055 err = __nf_ct_try_assign_helper(ct, p->tmpl, GFP_ATOMIC); in tcf_ct_act()
1059 if (p->ct_action & TCA_CT_ACT_NAT && !nfct_seqadj(ct)) { in tcf_ct_act()
1072 tcf_ct_act_set_mark(ct, p->mark, p->mark_mask); in tcf_ct_act()
1073 tcf_ct_act_set_labels(ct, p->labels, p->labels_mask); in tcf_ct_act()
1095 tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); in tcf_ct_act()
1100 tc_skb_cb(skb)->post_ct = true; in tcf_ct_act()
1101 tc_skb_cb(skb)->zone = p->zone; in tcf_ct_act()
1104 qdisc_skb_cb(skb)->pkt_len = skb->len; in tcf_ct_act()
1108 if (err != -EINPROGRESS) in tcf_ct_act()
1109 tcf_action_inc_drop_qstats(&c->common); in tcf_ct_act()
1113 tcf_action_inc_drop_qstats(&c->common); in tcf_ct_act()
1124 tcf_action_inc_drop_qstats(&c->common); in tcf_ct_act()
1160 if (!(p->ct_action & TCA_CT_ACT_NAT)) in tcf_ct_fill_params_nat()
1165 return -EOPNOTSUPP; in tcf_ct_fill_params_nat()
1168 if (!(p->ct_action & (TCA_CT_ACT_NAT_SRC | TCA_CT_ACT_NAT_DST))) in tcf_ct_fill_params_nat()
1171 if ((p->ct_action & TCA_CT_ACT_NAT_SRC) && in tcf_ct_fill_params_nat()
1172 (p->ct_action & TCA_CT_ACT_NAT_DST)) { in tcf_ct_fill_params_nat()
1174 return -EOPNOTSUPP; in tcf_ct_fill_params_nat()
1177 range = &p->range; in tcf_ct_fill_params_nat()
1181 p->ipv4_range = true; in tcf_ct_fill_params_nat()
1182 range->flags |= NF_NAT_RANGE_MAP_IPS; in tcf_ct_fill_params_nat()
1183 range->min_addr.ip = in tcf_ct_fill_params_nat()
1186 range->max_addr.ip = max_attr ? in tcf_ct_fill_params_nat()
1188 range->min_addr.ip; in tcf_ct_fill_params_nat()
1192 p->ipv4_range = false; in tcf_ct_fill_params_nat()
1193 range->flags |= NF_NAT_RANGE_MAP_IPS; in tcf_ct_fill_params_nat()
1194 range->min_addr.in6 = in tcf_ct_fill_params_nat()
1197 range->max_addr.in6 = max_attr ? in tcf_ct_fill_params_nat()
1199 range->min_addr.in6; in tcf_ct_fill_params_nat()
1203 range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED; in tcf_ct_fill_params_nat()
1204 range->min_proto.all = nla_get_be16(tb[TCA_CT_NAT_PORT_MIN]); in tcf_ct_fill_params_nat()
1206 range->max_proto.all = tb[TCA_CT_NAT_PORT_MAX] ? in tcf_ct_fill_params_nat()
1208 range->min_proto.all; in tcf_ct_fill_params_nat()
1244 p->zone = NF_CT_DEFAULT_ZONE_ID; in tcf_ct_fill_params()
1247 &p->ct_action, TCA_CT_ACTION, in tcf_ct_fill_params()
1249 sizeof(p->ct_action)); in tcf_ct_fill_params()
1251 if (p->ct_action & TCA_CT_ACT_CLEAR) in tcf_ct_fill_params()
1261 return -EOPNOTSUPP; in tcf_ct_fill_params()
1264 &p->mark, TCA_CT_MARK, in tcf_ct_fill_params()
1265 &p->mark_mask, TCA_CT_MARK_MASK, in tcf_ct_fill_params()
1266 sizeof(p->mark)); in tcf_ct_fill_params()
1270 unsigned int n_bits = sizeof_field(struct tcf_ct_params, labels) * 8; in tcf_ct_fill_params()
1273 NL_SET_ERR_MSG_MOD(extack, "Conntrack labels isn't enabled."); in tcf_ct_fill_params()
1274 return -EOPNOTSUPP; in tcf_ct_fill_params()
1277 if (nf_connlabels_get(net, n_bits - 1)) { in tcf_ct_fill_params()
1279 return -EOPNOTSUPP; in tcf_ct_fill_params()
1285 p->labels, TCA_CT_LABELS, in tcf_ct_fill_params()
1286 p->labels_mask, TCA_CT_LABELS_MASK, in tcf_ct_fill_params()
1287 sizeof(p->labels)); in tcf_ct_fill_params()
1293 return -EOPNOTSUPP; in tcf_ct_fill_params()
1297 &p->zone, TCA_CT_ZONE, in tcf_ct_fill_params()
1299 sizeof(p->zone)); in tcf_ct_fill_params()
1302 nf_ct_zone_init(&zone, p->zone, NF_CT_DEFAULT_ZONE_DIR, 0); in tcf_ct_fill_params()
1306 return -ENOMEM; in tcf_ct_fill_params()
1308 p->tmpl = tmpl; in tcf_ct_fill_params()
1312 if (len > 16 || name[len - 1] != '\0') { in tcf_ct_fill_params()
1314 err = -EINVAL; in tcf_ct_fill_params()
1320 p->ct_action & TCA_CT_ACT_NAT, &p->helper); in tcf_ct_fill_params()
1327 p->put_labels = put_labels; in tcf_ct_fill_params()
1329 if (p->ct_action & TCA_CT_ACT_COMMIT) in tcf_ct_fill_params()
1330 __set_bit(IPS_CONFIRMED_BIT, &tmpl->status); in tcf_ct_fill_params()
1336 nf_ct_put(p->tmpl); in tcf_ct_fill_params()
1337 p->tmpl = NULL; in tcf_ct_fill_params()
1358 return -EINVAL; in tcf_ct_init()
1367 return -EINVAL; in tcf_ct_init()
1370 index = parm->index; in tcf_ct_init()
1389 return -EEXIST; in tcf_ct_init()
1392 err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack); in tcf_ct_init()
1400 err = -ENOMEM; in tcf_ct_init()
1412 spin_lock_bh(&c->tcf_lock); in tcf_ct_init()
1413 goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch); in tcf_ct_init()
1414 params = rcu_replace_pointer(c->params, params, in tcf_ct_init()
1415 lockdep_is_held(&c->tcf_lock)); in tcf_ct_init()
1416 spin_unlock_bh(&c->tcf_lock); in tcf_ct_init()
1421 call_rcu(¶ms->rcu, tcf_ct_params_free_rcu); in tcf_ct_init()
1439 params = rcu_dereference_protected(c->params, 1); in tcf_ct_cleanup()
1441 call_rcu(¶ms->rcu, tcf_ct_params_free_rcu); in tcf_ct_cleanup()
1469 struct nf_nat_range2 *range = &p->range; in tcf_ct_dump_nat()
1471 if (!(p->ct_action & TCA_CT_ACT_NAT)) in tcf_ct_dump_nat()
1474 if (!(p->ct_action & (TCA_CT_ACT_NAT_SRC | TCA_CT_ACT_NAT_DST))) in tcf_ct_dump_nat()
1477 if (range->flags & NF_NAT_RANGE_MAP_IPS) { in tcf_ct_dump_nat()
1478 if (p->ipv4_range) { in tcf_ct_dump_nat()
1480 range->min_addr.ip)) in tcf_ct_dump_nat()
1481 return -1; in tcf_ct_dump_nat()
1483 range->max_addr.ip)) in tcf_ct_dump_nat()
1484 return -1; in tcf_ct_dump_nat()
1487 &range->min_addr.in6)) in tcf_ct_dump_nat()
1488 return -1; in tcf_ct_dump_nat()
1490 &range->max_addr.in6)) in tcf_ct_dump_nat()
1491 return -1; in tcf_ct_dump_nat()
1495 if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { in tcf_ct_dump_nat()
1497 range->min_proto.all)) in tcf_ct_dump_nat()
1498 return -1; in tcf_ct_dump_nat()
1500 range->max_proto.all)) in tcf_ct_dump_nat()
1501 return -1; in tcf_ct_dump_nat()
1512 if (nla_put_string(skb, TCA_CT_HELPER_NAME, helper->name) || in tcf_ct_dump_helper()
1513 nla_put_u8(skb, TCA_CT_HELPER_FAMILY, helper->tuple.src.l3num) || in tcf_ct_dump_helper()
1514 nla_put_u8(skb, TCA_CT_HELPER_PROTO, helper->tuple.dst.protonum)) in tcf_ct_dump_helper()
1515 return -1; in tcf_ct_dump_helper()
1528 .index = c->tcf_index, in tcf_ct_dump()
1529 .refcnt = refcount_read(&c->tcf_refcnt) - ref, in tcf_ct_dump()
1530 .bindcnt = atomic_read(&c->tcf_bindcnt) - bind, in tcf_ct_dump()
1534 spin_lock_bh(&c->tcf_lock); in tcf_ct_dump()
1535 p = rcu_dereference_protected(c->params, in tcf_ct_dump()
1536 lockdep_is_held(&c->tcf_lock)); in tcf_ct_dump()
1537 opt.action = c->tcf_action; in tcf_ct_dump()
1540 &p->ct_action, TCA_CT_ACTION, in tcf_ct_dump()
1542 sizeof(p->ct_action))) in tcf_ct_dump()
1545 if (p->ct_action & TCA_CT_ACT_CLEAR) in tcf_ct_dump()
1550 &p->mark, TCA_CT_MARK, in tcf_ct_dump()
1551 &p->mark_mask, TCA_CT_MARK_MASK, in tcf_ct_dump()
1552 sizeof(p->mark))) in tcf_ct_dump()
1557 p->labels, TCA_CT_LABELS, in tcf_ct_dump()
1558 p->labels_mask, TCA_CT_LABELS_MASK, in tcf_ct_dump()
1559 sizeof(p->labels))) in tcf_ct_dump()
1564 &p->zone, TCA_CT_ZONE, in tcf_ct_dump()
1566 sizeof(p->zone))) in tcf_ct_dump()
1572 if (tcf_ct_dump_helper(skb, p->helper)) in tcf_ct_dump()
1579 tcf_tm_dump(&t, &c->tcf_tm); in tcf_ct_dump()
1582 spin_unlock_bh(&c->tcf_lock); in tcf_ct_dump()
1584 return skb->len; in tcf_ct_dump()
1586 spin_unlock_bh(&c->tcf_lock); in tcf_ct_dump()
1588 return -1; in tcf_ct_dump()
1597 c->tcf_tm.lastuse = max_t(u64, c->tcf_tm.lastuse, lastuse); in tcf_stats_update()
1608 return -EOPNOTSUPP; in tcf_ct_offload_act_setup()
1610 entry->id = FLOW_ACTION_CT; in tcf_ct_offload_act_setup()
1611 entry->ct.action = tcf_ct_action(act); in tcf_ct_offload_act_setup()
1612 entry->ct.zone = tcf_ct_zone(act); in tcf_ct_offload_act_setup()
1613 entry->ct.flow_table = tcf_ct_ft(act); in tcf_ct_offload_act_setup()
1618 fl_action->id = FLOW_ACTION_CT; in tcf_ct_offload_act_setup()
1642 return tc_action_net_init(net, &tn->tn, &act_ct_ops); in ct_init_net()
1663 return -ENOMEM; in ct_init_module()