[PATCH net-next 00/10] Netfilter updates for net-next

Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net-next 00/10] Netfilter updates for net-next
Date: Wed, 11 Aug 2021 10:48:58 +0200	[thread overview]
Message-ID: <20210811084908.14744-1-pablo@netfilter.org> (raw)

Hi,

The following patchset contains Netfilter updates for net-next:

1) Use nfnetlink_unicast() instead of netlink_unicast() in nft_compat.

2) Remove call to nf_ct_l4proto_find() in flowtable offload timeout
   fixup.

3) CLUSTERIP registers ARP hook on demand, from Florian.

4) Use clusterip_net to store pernet warning, also from Florian.

5) Remove struct netns_xt, from Florian Westphal.

6) Enable ebtables hooks in initns on demand, from Florian.

7) Allow to filter conntrack netlink dump per status bits,
   from Florian Westphal.

8) Register x_tables hooks in initns on demand, from Florian.

9) Remove queue_handler from per-netns structure, again from Florian.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git

Thanks.

----------------------------------------------------------------

The following changes since commit aae950b189413ed3201354600d44223da0bcf63c:

  Merge branch 'clean-devlink-net-namespace-operations' (2021-07-30 13:16:40 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD

for you to fetch changes up to 8702997074363c294a1f83928cd0c33ca57bf813:

  netfilter: nf_queue: move hookfn registration out of struct net (2021-08-10 17:32:00 +0200)

----------------------------------------------------------------
Florian Westphal (8):
      netfilter: ipt_CLUSTERIP: only add arp mangle hook when required
      netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning
      netfilter: remove xt pernet data
      netfilter: ebtables: do not hook tables by default
      netfilter: ctnetlink: add and use a helper for mark parsing
      netfilter: ctnetlink: allow to filter dump by status bits
      netfilter: x_tables: never register tables by default
      netfilter: nf_queue: move hookfn registration out of struct net

Pablo Neira Ayuso (2):
      netfilter: nft_compat: use nfnetlink_unicast()
      netfilter: flowtable: remove nf_ct_l4proto_find() call

 include/linux/netfilter/x_tables.h                 |   6 +-
 include/linux/netfilter_bridge/ebtables.h          |   2 +
 include/net/net_namespace.h                        |   2 -
 include/net/netfilter/nf_queue.h                   |   4 +-
 include/net/netns/netfilter.h                      |   1 -
 include/net/netns/x_tables.h                       |  12 ---
 include/uapi/linux/netfilter/nfnetlink_conntrack.h |   1 +
 net/bridge/netfilter/ebtable_broute.c              |  17 +++-
 net/bridge/netfilter/ebtable_filter.c              |  17 +++-
 net/bridge/netfilter/ebtable_nat.c                 |  17 +++-
 net/bridge/netfilter/ebtables.c                    | 109 ++++++++++++++++++---
 net/ipv4/netfilter/arptable_filter.c               |  23 +++--
 net/ipv4/netfilter/ipt_CLUSTERIP.c                 |  56 +++++++----
 net/ipv4/netfilter/iptable_filter.c                |  24 +++--
 net/ipv4/netfilter/iptable_mangle.c                |  17 ++--
 net/ipv4/netfilter/iptable_nat.c                   |  20 ++--
 net/ipv4/netfilter/iptable_raw.c                   |  21 ++--
 net/ipv4/netfilter/iptable_security.c              |  23 +++--
 net/ipv6/netfilter/ip6table_filter.c               |  23 +++--
 net/ipv6/netfilter/ip6table_mangle.c               |  22 ++---
 net/ipv6/netfilter/ip6table_nat.c                  |  16 +--
 net/ipv6/netfilter/ip6table_raw.c                  |  24 +++--
 net/ipv6/netfilter/ip6table_security.c             |  22 ++---
 net/netfilter/nf_conntrack_netlink.c               |  76 +++++++++++---
 net/netfilter/nf_flow_table_core.c                 |  10 --
 net/netfilter/nf_queue.c                           |  19 ++--
 net/netfilter/nfnetlink_queue.c                    |  15 ++-
 net/netfilter/nft_compat.c                         |   8 +-
 net/netfilter/x_tables.c                           |  98 ++++++++++++++----
 net/netfilter/xt_CT.c                              |  11 ---
 30 files changed, 468 insertions(+), 248 deletions(-)
 delete mode 100644 include/net/netns/x_tables.h

next             reply	other threads:[~2021-08-11  8:49 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-11  8:48 Pablo Neira Ayuso [this message]
2021-08-11  8:48 ` [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast() Pablo Neira Ayuso
2021-08-11  9:30   ` patchwork-bot+netdevbpf
2021-08-11  8:49 ` [PATCH net-next 02/10] netfilter: flowtable: remove nf_ct_l4proto_find() call Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 03/10] netfilter: ipt_CLUSTERIP: only add arp mangle hook when required Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 04/10] netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 05/10] netfilter: remove xt pernet data Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 06/10] netfilter: ebtables: do not hook tables by default Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 07/10] netfilter: ctnetlink: add and use a helper for mark parsing Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 08/10] netfilter: ctnetlink: allow to filter dump by status bits Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 09/10] netfilter: x_tables: never register tables by default Pablo Neira Ayuso
2021-09-15  9:51   ` youling257
2021-09-15  9:56     ` Florian Westphal
2021-09-15 10:12       ` youling 257
2021-09-15 14:34         ` Florian Westphal
2021-09-15 15:53           ` youling 257
2021-09-16 12:24             ` Florian Westphal
2021-09-16 15:59               ` youling 257
2021-08-11  8:49 ` [PATCH net-next 10/10] netfilter: nf_queue: move hookfn registration out of struct net Pablo Neira Ayuso
  -- strict thread matches above, loose matches on Subject: below --
2021-03-22 23:56 [PATCH net-next 00/10] Netfilter updates for net-next Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210811084908.14744-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --subject='Re: [PATCH net-next 00/10] Netfilter updates for net-next' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).