Lines Matching +full:conntrack +full:- +full:related
1 // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
2 /* -
62 int i = flow_action->num_entries++; in tcf_ct_flow_table_flow_action_get_next()
64 return &flow_action->entries[i]; in tcf_ct_flow_table_flow_action_get_next()
76 entry->id = FLOW_ACTION_MANGLE; in tcf_ct_add_mangle_action()
77 entry->mangle.htype = htype; in tcf_ct_add_mangle_action()
78 entry->mangle.mask = ~mask; in tcf_ct_add_mangle_action()
79 entry->mangle.offset = offset; in tcf_ct_add_mangle_action()
80 entry->mangle.val = val; in tcf_ct_add_mangle_action()
84 * (target) is different then the current dir tuple - meaning nat for ports
92 if (memcmp(&target.src.u3, &tuple->src.u3, sizeof(target.src.u3))) in tcf_ct_flow_table_add_action_nat_ipv4()
97 if (memcmp(&target.dst.u3, &tuple->dst.u3, sizeof(target.dst.u3))) in tcf_ct_flow_table_add_action_nat_ipv4()
114 0xFFFFFFFF, be32_to_cpu(addr->ip6[i])); in tcf_ct_add_ipv6_addr_mangle_action()
122 if (memcmp(&target.src.u3, &tuple->src.u3, sizeof(target.src.u3))) in tcf_ct_flow_table_add_action_nat_ipv6()
126 if (memcmp(&target.dst.u3, &tuple->dst.u3, sizeof(target.dst.u3))) in tcf_ct_flow_table_add_action_nat_ipv6()
140 if (target_src != tuple->src.u.tcp.port) in tcf_ct_flow_table_add_action_nat_tcp()
144 if (target_dst != tuple->dst.u.tcp.port) in tcf_ct_flow_table_add_action_nat_tcp()
158 if (target_src != tuple->src.u.udp.port) in tcf_ct_flow_table_add_action_nat_udp()
162 if (target_dst != tuple->dst.u.udp.port) in tcf_ct_flow_table_add_action_nat_udp()
178 entry->id = FLOW_ACTION_CT_METADATA; in tcf_ct_flow_table_add_action_meta()
180 entry->ct_metadata.mark = READ_ONCE(ct->mark); in tcf_ct_flow_table_add_action_meta()
185 entry->ct_metadata.cookie = (unsigned long)ct | ctinfo; in tcf_ct_flow_table_add_action_meta()
187 act_ct_labels = entry->ct_metadata.labels; in tcf_ct_flow_table_add_action_meta()
190 memcpy(act_ct_labels, ct_labels->bits, NF_CT_LABELS_MAX_SIZE); in tcf_ct_flow_table_add_action_meta()
200 const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; in tcf_ct_flow_table_add_action_nat()
203 if (!(ct->status & IPS_NAT_MASK)) in tcf_ct_flow_table_add_action_nat()
206 nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple); in tcf_ct_flow_table_add_action_nat()
208 switch (tuple->src.l3num) { in tcf_ct_flow_table_add_action_nat()
218 return -EOPNOTSUPP; in tcf_ct_flow_table_add_action_nat()
229 return -EOPNOTSUPP; in tcf_ct_flow_table_add_action_nat()
240 struct flow_action *action = &flow_rule->rule->action; in tcf_ct_flow_table_fill_actions()
241 int num_entries = action->num_entries; in tcf_ct_flow_table_fill_actions()
242 struct nf_conn *ct = flow->ct; in tcf_ct_flow_table_fill_actions()
254 return -EOPNOTSUPP; in tcf_ct_flow_table_fill_actions()
266 for (i = num_entries; i < action->num_entries; i++) in tcf_ct_flow_table_fill_actions()
267 memset(&action->entries[i], 0, sizeof(action->entries[i])); in tcf_ct_flow_table_fill_actions()
268 action->num_entries = num_entries; in tcf_ct_flow_table_fill_actions()
281 int err = -ENOMEM; in tcf_ct_flow_table_get()
284 ct_ft = rhashtable_lookup_fast(&zones_ht, ¶ms->zone, zones_params); in tcf_ct_flow_table_get()
285 if (ct_ft && refcount_inc_not_zero(&ct_ft->ref)) in tcf_ct_flow_table_get()
291 refcount_set(&ct_ft->ref, 1); in tcf_ct_flow_table_get()
293 ct_ft->zone = params->zone; in tcf_ct_flow_table_get()
294 err = rhashtable_insert_fast(&zones_ht, &ct_ft->node, zones_params); in tcf_ct_flow_table_get()
298 ct_ft->nf_ft.type = &flowtable_ct; in tcf_ct_flow_table_get()
299 ct_ft->nf_ft.flags |= NF_FLOWTABLE_HW_OFFLOAD; in tcf_ct_flow_table_get()
300 err = nf_flow_table_init(&ct_ft->nf_ft); in tcf_ct_flow_table_get()
306 params->ct_ft = ct_ft; in tcf_ct_flow_table_get()
307 params->nf_ft = &ct_ft->nf_ft; in tcf_ct_flow_table_get()
313 rhashtable_remove_fast(&zones_ht, &ct_ft->node, zones_params); in tcf_ct_flow_table_get()
329 nf_flow_table_free(&ct_ft->nf_ft); in tcf_ct_flow_table_cleanup_work()
332 block = &ct_ft->nf_ft.flow_block; in tcf_ct_flow_table_cleanup_work()
333 down_write(&ct_ft->nf_ft.flow_block_lock); in tcf_ct_flow_table_cleanup_work()
334 list_for_each_entry_safe(block_cb, tmp_cb, &block->cb_list, list) { in tcf_ct_flow_table_cleanup_work()
335 list_del(&block_cb->list); in tcf_ct_flow_table_cleanup_work()
338 up_write(&ct_ft->nf_ft.flow_block_lock); in tcf_ct_flow_table_cleanup_work()
346 struct tcf_ct_flow_table *ct_ft = params->ct_ft; in tcf_ct_flow_table_put()
348 if (refcount_dec_and_test(¶ms->ct_ft->ref)) { in tcf_ct_flow_table_put()
349 rhashtable_remove_fast(&zones_ht, &ct_ft->node, zones_params); in tcf_ct_flow_table_put()
350 INIT_RCU_WORK(&ct_ft->rwork, tcf_ct_flow_table_cleanup_work); in tcf_ct_flow_table_put()
351 queue_rcu_work(act_ct_wq, &ct_ft->rwork); in tcf_ct_flow_table_put()
362 if (test_and_set_bit(IPS_OFFLOAD_BIT, &ct->status)) in tcf_ct_flow_table_add()
372 ct->proto.tcp.seen[0].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; in tcf_ct_flow_table_add()
373 ct->proto.tcp.seen[1].flags |= IP_CT_TCP_FLAG_BE_LIBERAL; in tcf_ct_flow_table_add()
376 err = flow_offload_add(&ct_ft->nf_ft, entry); in tcf_ct_flow_table_add()
385 clear_bit(IPS_OFFLOAD_BIT, &ct->status); in tcf_ct_flow_table_add()
400 if (ct->proto.tcp.state != TCP_CONNTRACK_ESTABLISHED) in tcf_ct_flow_table_process_conn()
410 ct->status & IPS_SEQ_ADJUST) in tcf_ct_flow_table_process_conn()
429 thoff = iph->ihl * 4; in tcf_ct_flow_table_fill_tuple_ipv4()
435 if (iph->protocol != IPPROTO_TCP && in tcf_ct_flow_table_fill_tuple_ipv4()
436 iph->protocol != IPPROTO_UDP) in tcf_ct_flow_table_fill_tuple_ipv4()
439 if (iph->ttl <= 1) in tcf_ct_flow_table_fill_tuple_ipv4()
442 if (!pskb_network_may_pull(skb, iph->protocol == IPPROTO_TCP ? in tcf_ct_flow_table_fill_tuple_ipv4()
448 if (iph->protocol == IPPROTO_TCP) in tcf_ct_flow_table_fill_tuple_ipv4()
452 tuple->src_v4.s_addr = iph->saddr; in tcf_ct_flow_table_fill_tuple_ipv4()
453 tuple->dst_v4.s_addr = iph->daddr; in tcf_ct_flow_table_fill_tuple_ipv4()
454 tuple->src_port = ports->source; in tcf_ct_flow_table_fill_tuple_ipv4()
455 tuple->dst_port = ports->dest; in tcf_ct_flow_table_fill_tuple_ipv4()
456 tuple->l3proto = AF_INET; in tcf_ct_flow_table_fill_tuple_ipv4()
457 tuple->l4proto = iph->protocol; in tcf_ct_flow_table_fill_tuple_ipv4()
476 if (ip6h->nexthdr != IPPROTO_TCP && in tcf_ct_flow_table_fill_tuple_ipv6()
477 ip6h->nexthdr != IPPROTO_UDP) in tcf_ct_flow_table_fill_tuple_ipv6()
480 if (ip6h->hop_limit <= 1) in tcf_ct_flow_table_fill_tuple_ipv6()
484 if (!pskb_network_may_pull(skb, ip6h->nexthdr == IPPROTO_TCP ? in tcf_ct_flow_table_fill_tuple_ipv6()
490 if (ip6h->nexthdr == IPPROTO_TCP) in tcf_ct_flow_table_fill_tuple_ipv6()
494 tuple->src_v6 = ip6h->saddr; in tcf_ct_flow_table_fill_tuple_ipv6()
495 tuple->dst_v6 = ip6h->daddr; in tcf_ct_flow_table_fill_tuple_ipv6()
496 tuple->src_port = ports->source; in tcf_ct_flow_table_fill_tuple_ipv6()
497 tuple->dst_port = ports->dest; in tcf_ct_flow_table_fill_tuple_ipv6()
498 tuple->l3proto = AF_INET6; in tcf_ct_flow_table_fill_tuple_ipv6()
499 tuple->l4proto = ip6h->nexthdr; in tcf_ct_flow_table_fill_tuple_ipv6()
508 struct nf_flowtable *nf_ft = &p->ct_ft->nf_ft; in tcf_ct_flow_table_lookup()
534 dir = tuplehash->tuple.dir; in tcf_ct_flow_table_lookup()
536 ct = flow->ct; in tcf_ct_flow_table_lookup()
538 if (tcph && (unlikely(tcph->fin || tcph->rst))) { in tcf_ct_flow_table_lookup()
547 nf_conntrack_get(&ct->ct_general); in tcf_ct_flow_table_lookup()
549 nf_ct_acct_update(ct, dir, skb->len); in tcf_ct_flow_table_lookup()
572 /* Determine whether skb->_nfct is equal to the result of conntrack lookup. */
582 if (!net_eq(net, read_pnet(&ct->ct_net))) in tcf_ct_skb_nfct_cached()
584 if (nf_ct_zone(ct)->id != zone_id) in tcf_ct_skb_nfct_cached()
587 /* Force conntrack entry direction. */ in tcf_ct_skb_nfct_cached()
592 nf_conntrack_put(&ct->ct_general); in tcf_ct_skb_nfct_cached()
602 * removing any trailing lower-layer padding. This prepares the skb
603 * for higher-layer processing that assumes skb->len excludes padding
614 len = ntohs(ip_hdr(skb)->tot_len); in tcf_ct_skb_network_trim()
618 + ntohs(ipv6_hdr(skb)->payload_len); in tcf_ct_skb_network_trim()
621 len = skb->len; in tcf_ct_skb_network_trim()
652 if (unlikely(skb->len < len)) in tcf_ct_ipv4_is_fragment()
653 return -EINVAL; in tcf_ct_ipv4_is_fragment()
655 return -ENOMEM; in tcf_ct_ipv4_is_fragment()
668 if (unlikely(skb->len < len)) in tcf_ct_ipv6_is_fragment()
669 return -EINVAL; in tcf_ct_ipv6_is_fragment()
671 return -ENOMEM; in tcf_ct_ipv6_is_fragment()
673 nexthdr = ipv6_find_hdr(skb, &payload_ofs, -1, &frag_off, &flags); in tcf_ct_ipv6_is_fragment()
675 return -EPROTO; in tcf_ct_ipv6_is_fragment()
712 if (err && err != -EINPROGRESS) in tcf_ct_handle_fragments()
717 cb.mru = IPCB(skb)->frag_max_size; in tcf_ct_handle_fragments()
725 if (err && err != -EINPROGRESS) in tcf_ct_handle_fragments()
730 cb.mru = IP6CB(skb)->frag_max_size; in tcf_ct_handle_fragments()
733 err = -EOPNOTSUPP; in tcf_ct_handle_fragments()
740 skb->ignore_df = 1; in tcf_ct_handle_fragments()
755 if (params->tmpl) in tcf_ct_params_free()
756 nf_conntrack_put(¶ms->tmpl->ct_general); in tcf_ct_params_free()
783 ip_hdr(skb)->protocol == IPPROTO_ICMP) { in ct_nat_execute()
790 u8 nexthdr = ipv6_hdr(skb)->nexthdr; in ct_nat_execute()
804 /* Non-ICMP, fall thru to initialize if needed. */ in ct_nat_execute()
812 err = (range && range->flags & NF_NAT_RANGE_MAP_IPS) in ct_nat_execute()
846 new_mark = mark | (READ_ONCE(ct->mark) & ~(mask)); in tcf_ct_act_set_mark()
847 if (READ_ONCE(ct->mark) != new_mark) { in tcf_ct_act_set_mark()
848 WRITE_ONCE(ct->mark, new_mark); in tcf_ct_act_set_mark()
887 if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) && in tcf_ct_act_nat()
889 /* NAT an established or related connection like before. */ in tcf_ct_act_nat()
895 maniptype = ct->status & IPS_SRC_NAT in tcf_ct_act_nat()
898 maniptype = ct->status & IPS_SRC_NAT in tcf_ct_act_nat()
909 if (err == NF_ACCEPT && ct->status & IPS_DST_NAT) { in tcf_ct_act_nat()
910 if (ct->status & IPS_SRC_NAT) { in tcf_ct_act_nat()
932 struct net *net = dev_net(skb->dev); in tcf_ct_act()
945 p = rcu_dereference_bh(c->params); in tcf_ct_act()
947 retval = READ_ONCE(c->tcf_action); in tcf_ct_act()
948 commit = p->ct_action & TCA_CT_ACT_COMMIT; in tcf_ct_act()
949 clear = p->ct_action & TCA_CT_ACT_CLEAR; in tcf_ct_act()
950 force = p->ct_action & TCA_CT_ACT_FORCE; in tcf_ct_act()
951 tmpl = p->tmpl; in tcf_ct_act()
953 tcf_lastuse_update(&c->tcf_tm); in tcf_ct_act()
958 nf_conntrack_put(&ct->ct_general); in tcf_ct_act()
969 /* The conntrack module expects to be working at L3. in tcf_ct_act()
974 err = tcf_ct_handle_fragments(net, skb, family, p->zone, &defrag); in tcf_ct_act()
975 if (err == -EINPROGRESS) { in tcf_ct_act()
988 * actually run the packet through conntrack twice unless it's for a in tcf_ct_act()
991 cached = tcf_ct_skb_nfct_cached(net, skb, p->zone, force); in tcf_ct_act()
1003 nf_conntrack_get(&tmpl->ct_general); in tcf_ct_act()
1021 err = tcf_ct_act_nat(skb, ct, ctinfo, p->ct_action, &p->range, commit); in tcf_ct_act()
1026 tcf_ct_act_set_mark(ct, p->mark, p->mark_mask); in tcf_ct_act()
1027 tcf_ct_act_set_labels(ct, p->labels, p->labels_mask); in tcf_ct_act()
1037 tcf_ct_flow_table_process_conn(p->ct_ft, ct, ctinfo); in tcf_ct_act()
1043 tcf_action_update_bstats(&c->common, skb); in tcf_ct_act()
1045 qdisc_skb_cb(skb)->pkt_len = skb->len; in tcf_ct_act()
1049 tcf_action_inc_drop_qstats(&c->common); in tcf_ct_act()
1078 if (!(p->ct_action & TCA_CT_ACT_NAT)) in tcf_ct_fill_params_nat()
1083 return -EOPNOTSUPP; in tcf_ct_fill_params_nat()
1086 if (!(p->ct_action & (TCA_CT_ACT_NAT_SRC | TCA_CT_ACT_NAT_DST))) in tcf_ct_fill_params_nat()
1089 if ((p->ct_action & TCA_CT_ACT_NAT_SRC) && in tcf_ct_fill_params_nat()
1090 (p->ct_action & TCA_CT_ACT_NAT_DST)) { in tcf_ct_fill_params_nat()
1092 return -EOPNOTSUPP; in tcf_ct_fill_params_nat()
1095 range = &p->range; in tcf_ct_fill_params_nat()
1099 p->ipv4_range = true; in tcf_ct_fill_params_nat()
1100 range->flags |= NF_NAT_RANGE_MAP_IPS; in tcf_ct_fill_params_nat()
1101 range->min_addr.ip = in tcf_ct_fill_params_nat()
1104 range->max_addr.ip = max_attr ? in tcf_ct_fill_params_nat()
1106 range->min_addr.ip; in tcf_ct_fill_params_nat()
1110 p->ipv4_range = false; in tcf_ct_fill_params_nat()
1111 range->flags |= NF_NAT_RANGE_MAP_IPS; in tcf_ct_fill_params_nat()
1112 range->min_addr.in6 = in tcf_ct_fill_params_nat()
1115 range->max_addr.in6 = max_attr ? in tcf_ct_fill_params_nat()
1117 range->min_addr.in6; in tcf_ct_fill_params_nat()
1121 range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED; in tcf_ct_fill_params_nat()
1122 range->min_proto.all = nla_get_be16(tb[TCA_CT_NAT_PORT_MIN]); in tcf_ct_fill_params_nat()
1124 range->max_proto.all = tb[TCA_CT_NAT_PORT_MAX] ? in tcf_ct_fill_params_nat()
1126 range->min_proto.all; in tcf_ct_fill_params_nat()
1161 p->zone = NF_CT_DEFAULT_ZONE_ID; in tcf_ct_fill_params()
1164 &p->ct_action, TCA_CT_ACTION, in tcf_ct_fill_params()
1166 sizeof(p->ct_action)); in tcf_ct_fill_params()
1168 if (p->ct_action & TCA_CT_ACT_CLEAR) in tcf_ct_fill_params()
1177 NL_SET_ERR_MSG_MOD(extack, "Conntrack mark isn't enabled."); in tcf_ct_fill_params()
1178 return -EOPNOTSUPP; in tcf_ct_fill_params()
1181 &p->mark, TCA_CT_MARK, in tcf_ct_fill_params()
1182 &p->mark_mask, TCA_CT_MARK_MASK, in tcf_ct_fill_params()
1183 sizeof(p->mark)); in tcf_ct_fill_params()
1188 NL_SET_ERR_MSG_MOD(extack, "Conntrack labels isn't enabled."); in tcf_ct_fill_params()
1189 return -EOPNOTSUPP; in tcf_ct_fill_params()
1192 if (!tn->labels) { in tcf_ct_fill_params()
1194 return -EOPNOTSUPP; in tcf_ct_fill_params()
1197 p->labels, TCA_CT_LABELS, in tcf_ct_fill_params()
1198 p->labels_mask, TCA_CT_LABELS_MASK, in tcf_ct_fill_params()
1199 sizeof(p->labels)); in tcf_ct_fill_params()
1204 NL_SET_ERR_MSG_MOD(extack, "Conntrack zones isn't enabled."); in tcf_ct_fill_params()
1205 return -EOPNOTSUPP; in tcf_ct_fill_params()
1209 &p->zone, TCA_CT_ZONE, in tcf_ct_fill_params()
1211 sizeof(p->zone)); in tcf_ct_fill_params()
1214 nf_ct_zone_init(&zone, p->zone, NF_CT_DEFAULT_ZONE_DIR, 0); in tcf_ct_fill_params()
1217 NL_SET_ERR_MSG_MOD(extack, "Failed to allocate conntrack template"); in tcf_ct_fill_params()
1218 return -ENOMEM; in tcf_ct_fill_params()
1220 __set_bit(IPS_CONFIRMED_BIT, &tmpl->status); in tcf_ct_fill_params()
1221 nf_conntrack_get(&tmpl->ct_general); in tcf_ct_fill_params()
1222 p->tmpl = tmpl; in tcf_ct_fill_params()
1244 return -EINVAL; in tcf_ct_init()
1253 return -EINVAL; in tcf_ct_init()
1256 index = parm->index; in tcf_ct_init()
1275 return -EEXIST; in tcf_ct_init()
1278 err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack); in tcf_ct_init()
1286 err = -ENOMEM; in tcf_ct_init()
1298 spin_lock_bh(&c->tcf_lock); in tcf_ct_init()
1299 goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch); in tcf_ct_init()
1300 params = rcu_replace_pointer(c->params, params, in tcf_ct_init()
1301 lockdep_is_held(&c->tcf_lock)); in tcf_ct_init()
1302 spin_unlock_bh(&c->tcf_lock); in tcf_ct_init()
1307 call_rcu(¶ms->rcu, tcf_ct_params_free); in tcf_ct_init()
1312 if (params->tmpl) in tcf_ct_init()
1313 nf_ct_put(params->tmpl); in tcf_ct_init()
1327 params = rcu_dereference_protected(c->params, 1); in tcf_ct_cleanup()
1329 call_rcu(¶ms->rcu, tcf_ct_params_free); in tcf_ct_cleanup()
1357 struct nf_nat_range2 *range = &p->range; in tcf_ct_dump_nat()
1359 if (!(p->ct_action & TCA_CT_ACT_NAT)) in tcf_ct_dump_nat()
1362 if (!(p->ct_action & (TCA_CT_ACT_NAT_SRC | TCA_CT_ACT_NAT_DST))) in tcf_ct_dump_nat()
1365 if (range->flags & NF_NAT_RANGE_MAP_IPS) { in tcf_ct_dump_nat()
1366 if (p->ipv4_range) { in tcf_ct_dump_nat()
1368 range->min_addr.ip)) in tcf_ct_dump_nat()
1369 return -1; in tcf_ct_dump_nat()
1371 range->max_addr.ip)) in tcf_ct_dump_nat()
1372 return -1; in tcf_ct_dump_nat()
1375 &range->min_addr.in6)) in tcf_ct_dump_nat()
1376 return -1; in tcf_ct_dump_nat()
1378 &range->max_addr.in6)) in tcf_ct_dump_nat()
1379 return -1; in tcf_ct_dump_nat()
1383 if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { in tcf_ct_dump_nat()
1385 range->min_proto.all)) in tcf_ct_dump_nat()
1386 return -1; in tcf_ct_dump_nat()
1388 range->max_proto.all)) in tcf_ct_dump_nat()
1389 return -1; in tcf_ct_dump_nat()
1403 .index = c->tcf_index, in tcf_ct_dump()
1404 .refcnt = refcount_read(&c->tcf_refcnt) - ref, in tcf_ct_dump()
1405 .bindcnt = atomic_read(&c->tcf_bindcnt) - bind, in tcf_ct_dump()
1409 spin_lock_bh(&c->tcf_lock); in tcf_ct_dump()
1410 p = rcu_dereference_protected(c->params, in tcf_ct_dump()
1411 lockdep_is_held(&c->tcf_lock)); in tcf_ct_dump()
1412 opt.action = c->tcf_action; in tcf_ct_dump()
1415 &p->ct_action, TCA_CT_ACTION, in tcf_ct_dump()
1417 sizeof(p->ct_action))) in tcf_ct_dump()
1420 if (p->ct_action & TCA_CT_ACT_CLEAR) in tcf_ct_dump()
1425 &p->mark, TCA_CT_MARK, in tcf_ct_dump()
1426 &p->mark_mask, TCA_CT_MARK_MASK, in tcf_ct_dump()
1427 sizeof(p->mark))) in tcf_ct_dump()
1432 p->labels, TCA_CT_LABELS, in tcf_ct_dump()
1433 p->labels_mask, TCA_CT_LABELS_MASK, in tcf_ct_dump()
1434 sizeof(p->labels))) in tcf_ct_dump()
1439 &p->zone, TCA_CT_ZONE, in tcf_ct_dump()
1441 sizeof(p->zone))) in tcf_ct_dump()
1451 tcf_tm_dump(&t, &c->tcf_tm); in tcf_ct_dump()
1454 spin_unlock_bh(&c->tcf_lock); in tcf_ct_dump()
1456 return skb->len; in tcf_ct_dump()
1458 spin_unlock_bh(&c->tcf_lock); in tcf_ct_dump()
1460 return -1; in tcf_ct_dump()
1486 c->tcf_tm.lastuse = max_t(u64, c->tcf_tm.lastuse, lastuse); in tcf_stats_update()
1508 if (nf_connlabels_get(net, n_bits - 1)) { in ct_init_net()
1509 tn->labels = false; in ct_init_net()
1512 tn->labels = true; in ct_init_net()
1515 return tc_action_net_init(net, &tn->tn, &act_ct_ops); in ct_init_net()
1526 if (tn->labels) in ct_exit_net()
1547 return -ENOMEM; in ct_init_module()