lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20180718115037.256e2663@canb.auug.org.au>
Date:   Wed, 18 Jul 2018 11:50:37 +1000
From:   Stephen Rothwell <sfr@...b.auug.org.au>
To:     Pablo Neira Ayuso <pablo@...filter.org>,
        NetFilter <netfilter-devel@...r.kernel.org>,
        David Miller <davem@...emloft.net>,
        Networking <netdev@...r.kernel.org>
Cc:     Linux-Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Máté Eckl <ecklm94@...il.com>
Subject: linux-next: build failure after merge of the netfilter-next tree

Hi all,

After merging the netfilter-next tree, today's linux-next build (x86_64
allmodconfig) failed like this:

net/netfilter/nft_tproxy.c: In function 'nft_tproxy_eval_v4':
net/netfilter/nft_tproxy.c:48:48: warning: passing argument 3 of 'nf_tproxy_get_sock_v4' makes integer from pointer without a cast [-Wint-conversion]
  sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
                                                ^~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: expected 'u8 {aka const unsigned char}' but argument is of type 'struct udphdr *'
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:50:20: warning: passing argument 8 of 'nf_tproxy_get_sock_v4' makes pointer from integer without a cast [-Wint-conversion]
        hp->source, hp->dest,
                    ^~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: expected 'const struct net_device *' but argument is of type '__be16 {aka short unsigned int}'
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:51:8: error: incompatible type for argument 9 of 'nf_tproxy_get_sock_v4'
        skb->dev, NF_TPROXY_LOOKUP_ESTABLISHED);
        ^~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: expected 'const enum nf_tproxy_lookup_t' but argument is of type 'struct net_device *'
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:48:7: error: too many arguments to function 'nf_tproxy_get_sock_v4'
  sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
       ^~~~~~~~~~~~~~~~~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: declared here
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:69:49: warning: passing argument 3 of 'nf_tproxy_get_sock_v4' makes integer from pointer without a cast [-Wint-conversion]
   sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
                                                 ^~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: expected 'u8 {aka const unsigned char}' but argument is of type 'struct udphdr *'
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:71:21: warning: passing argument 8 of 'nf_tproxy_get_sock_v4' makes pointer from integer without a cast [-Wint-conversion]
         hp->source, tport,
                     ^~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: expected 'const struct net_device *' but argument is of type '__be16 {aka short unsigned int}'
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:72:9: error: incompatible type for argument 9 of 'nf_tproxy_get_sock_v4'
         skb->dev, NF_TPROXY_LOOKUP_LISTENER);
         ^~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: expected 'const enum nf_tproxy_lookup_t' but argument is of type 'struct net_device *'
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:69:8: error: too many arguments to function 'nf_tproxy_get_sock_v4'
   sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
        ^~~~~~~~~~~~~~~~~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:75:1: note: declared here
 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c: In function 'nft_tproxy_eval_v6':
net/netfilter/nft_tproxy.c:111:55: warning: passing argument 4 of 'nf_tproxy_get_sock_v6' makes integer from pointer without a cast [-Wint-conversion]
  sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, hp, l4proto,
                                                       ^~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'u8 {aka const unsigned char}' but argument is of type 'struct udphdr *'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:111:59: warning: passing argument 5 of 'nf_tproxy_get_sock_v6' makes pointer from integer without a cast [-Wint-conversion]
  sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, hp, l4proto,
                                                           ^~~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'const struct in6_addr *' but argument is of type 'int'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:112:21: warning: passing argument 7 of 'nf_tproxy_get_sock_v6' makes integer from pointer without a cast [-Wint-conversion]
        &iph->saddr, &iph->daddr,
                     ^
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected '__be16 {aka const short unsigned int}' but argument is of type 'const struct in6_addr *'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:113:20: warning: passing argument 9 of 'nf_tproxy_get_sock_v6' makes pointer from integer without a cast [-Wint-conversion]
        hp->source, hp->dest,
                    ^~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'const struct net_device *' but argument is of type '__be16 {aka short unsigned int}'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:114:8: error: incompatible type for argument 10 of 'nf_tproxy_get_sock_v6'
        nft_in(pkt), NF_TPROXY_LOOKUP_ESTABLISHED);
        ^~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'const enum nf_tproxy_lookup_t' but argument is of type 'const struct net_device *'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:111:7: error: too many arguments to function 'nf_tproxy_get_sock_v6'
  sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, hp, l4proto,
       ^~~~~~~~~~~~~~~~~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: declared here
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:137:56: warning: passing argument 4 of 'nf_tproxy_get_sock_v6' makes integer from pointer without a cast [-Wint-conversion]
   sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, hp,
                                                        ^~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'u8 {aka const unsigned char}' but argument is of type 'struct udphdr *'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:138:9: warning: passing argument 5 of 'nf_tproxy_get_sock_v6' makes pointer from integer without a cast [-Wint-conversion]
         l4proto, &iph->saddr, &taddr,
         ^~~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'const struct in6_addr *' but argument is of type 'int'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:138:31: warning: passing argument 7 of 'nf_tproxy_get_sock_v6' makes integer from pointer without a cast [-Wint-conversion]
         l4proto, &iph->saddr, &taddr,
                               ^
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected '__be16 {aka const short unsigned int}' but argument is of type 'struct in6_addr *'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:139:21: warning: passing argument 9 of 'nf_tproxy_get_sock_v6' makes pointer from integer without a cast [-Wint-conversion]
         hp->source, tport,
                     ^~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'const struct net_device *' but argument is of type '__be16 {aka short unsigned int}'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:140:9: error: incompatible type for argument 10 of 'nf_tproxy_get_sock_v6'
         nft_in(pkt), NF_TPROXY_LOOKUP_LISTENER);
         ^~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: expected 'const enum nf_tproxy_lookup_t' but argument is of type 'const struct net_device *'
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nft_tproxy.c:137:8: error: too many arguments to function 'nf_tproxy_get_sock_v6'
   sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, hp,
        ^~~~~~~~~~~~~~~~~~~~~
In file included from net/netfilter/nft_tproxy.c:6:0:
include/net/netfilter/nf_tproxy.h:114:1: note: declared here
 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff,
 ^~~~~~~~~~~~~~~~~~~~~

Caused by commit

  08668354bdbf ("netfilter: Add native tproxy support for nf_tables")

interacting with commit

  5711b4e89319 ("netfilter: nf_tproxy: fix possible non-linear access to transport header")

from the net tree.

I have applied the following merge fix up patch:

From: Stephen Rothwell <sfr@...b.auug.org.au>
Date: Wed, 18 Jul 2018 11:41:50 +1000
Subject: [PATCH] netfilter: nf_tproxy: merge fix ups for API changes

Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
---
 net/netfilter/nft_tproxy.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/nft_tproxy.c b/net/netfilter/nft_tproxy.c
index 5ca797ea335c..23ea9396a693 100644
--- a/net/netfilter/nft_tproxy.c
+++ b/net/netfilter/nft_tproxy.c
@@ -45,7 +45,7 @@ static void nft_tproxy_eval_v4(const struct nft_expr *expr,
 	 * happens if the redirect already happened and the current packet
 	 * belongs to an already established connection
 	 */
-	sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
+	sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, iph->protocol,
 				   iph->saddr, iph->daddr,
 				   hp->source, hp->dest,
 				   skb->dev, NF_TPROXY_LOOKUP_ESTABLISHED);
@@ -66,7 +66,7 @@ static void nft_tproxy_eval_v4(const struct nft_expr *expr,
 	else if (!sk)
 		/* no, there's no established connection, check if
 		 * there's a listener on the redirected addr/port */
-		sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, hp, iph->protocol,
+		sk = nf_tproxy_get_sock_v4(nft_net(pkt), skb, iph->protocol,
 					   iph->saddr, taddr,
 					   hp->source, tport,
 					   skb->dev, NF_TPROXY_LOOKUP_LISTENER);
@@ -108,7 +108,7 @@ static void nft_tproxy_eval_v6(const struct nft_expr *expr,
 	 * happens if the redirect already happened and the current packet
 	 * belongs to an already established connection.
 	 */
-	sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, hp, l4proto,
+	sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, l4proto,
 				   &iph->saddr, &iph->daddr,
 				   hp->source, hp->dest,
 				   nft_in(pkt), NF_TPROXY_LOOKUP_ESTABLISHED);
@@ -134,7 +134,7 @@ static void nft_tproxy_eval_v6(const struct nft_expr *expr,
 	else if (!sk)
 		/* no there's no established connection, check if
 		 * there's a listener on the redirected addr/port */
-		sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff, hp,
+		sk = nf_tproxy_get_sock_v6(nft_net(pkt), skb, thoff,
 					   l4proto, &iph->saddr, &taddr,
 					   hp->source, tport,
 					   nft_in(pkt), NF_TPROXY_LOOKUP_LISTENER);
-- 
2.18.0

-- 
Cheers,
Stephen Rothwell

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ