Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH net-next 00/10] Netfilter updates for net-next
@ 2021-08-11  8:48 Pablo Neira Ayuso
  2021-08-11  8:48 ` [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast() Pablo Neira Ayuso
                   ` (9 more replies)
  0 siblings, 10 replies; 20+ messages in thread
From: Pablo Neira Ayuso @ 2021-08-11  8:48 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

Hi,

The following patchset contains Netfilter updates for net-next:

1) Use nfnetlink_unicast() instead of netlink_unicast() in nft_compat.

2) Remove call to nf_ct_l4proto_find() in flowtable offload timeout
   fixup.

3) CLUSTERIP registers ARP hook on demand, from Florian.

4) Use clusterip_net to store pernet warning, also from Florian.

5) Remove struct netns_xt, from Florian Westphal.

6) Enable ebtables hooks in initns on demand, from Florian.

7) Allow to filter conntrack netlink dump per status bits,
   from Florian Westphal.

8) Register x_tables hooks in initns on demand, from Florian.

9) Remove queue_handler from per-netns structure, again from Florian.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git

Thanks.

----------------------------------------------------------------

The following changes since commit aae950b189413ed3201354600d44223da0bcf63c:

  Merge branch 'clean-devlink-net-namespace-operations' (2021-07-30 13:16:40 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD

for you to fetch changes up to 8702997074363c294a1f83928cd0c33ca57bf813:

  netfilter: nf_queue: move hookfn registration out of struct net (2021-08-10 17:32:00 +0200)

----------------------------------------------------------------
Florian Westphal (8):
      netfilter: ipt_CLUSTERIP: only add arp mangle hook when required
      netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning
      netfilter: remove xt pernet data
      netfilter: ebtables: do not hook tables by default
      netfilter: ctnetlink: add and use a helper for mark parsing
      netfilter: ctnetlink: allow to filter dump by status bits
      netfilter: x_tables: never register tables by default
      netfilter: nf_queue: move hookfn registration out of struct net

Pablo Neira Ayuso (2):
      netfilter: nft_compat: use nfnetlink_unicast()
      netfilter: flowtable: remove nf_ct_l4proto_find() call

 include/linux/netfilter/x_tables.h                 |   6 +-
 include/linux/netfilter_bridge/ebtables.h          |   2 +
 include/net/net_namespace.h                        |   2 -
 include/net/netfilter/nf_queue.h                   |   4 +-
 include/net/netns/netfilter.h                      |   1 -
 include/net/netns/x_tables.h                       |  12 ---
 include/uapi/linux/netfilter/nfnetlink_conntrack.h |   1 +
 net/bridge/netfilter/ebtable_broute.c              |  17 +++-
 net/bridge/netfilter/ebtable_filter.c              |  17 +++-
 net/bridge/netfilter/ebtable_nat.c                 |  17 +++-
 net/bridge/netfilter/ebtables.c                    | 109 ++++++++++++++++++---
 net/ipv4/netfilter/arptable_filter.c               |  23 +++--
 net/ipv4/netfilter/ipt_CLUSTERIP.c                 |  56 +++++++----
 net/ipv4/netfilter/iptable_filter.c                |  24 +++--
 net/ipv4/netfilter/iptable_mangle.c                |  17 ++--
 net/ipv4/netfilter/iptable_nat.c                   |  20 ++--
 net/ipv4/netfilter/iptable_raw.c                   |  21 ++--
 net/ipv4/netfilter/iptable_security.c              |  23 +++--
 net/ipv6/netfilter/ip6table_filter.c               |  23 +++--
 net/ipv6/netfilter/ip6table_mangle.c               |  22 ++---
 net/ipv6/netfilter/ip6table_nat.c                  |  16 +--
 net/ipv6/netfilter/ip6table_raw.c                  |  24 +++--
 net/ipv6/netfilter/ip6table_security.c             |  22 ++---
 net/netfilter/nf_conntrack_netlink.c               |  76 +++++++++++---
 net/netfilter/nf_flow_table_core.c                 |  10 --
 net/netfilter/nf_queue.c                           |  19 ++--
 net/netfilter/nfnetlink_queue.c                    |  15 ++-
 net/netfilter/nft_compat.c                         |   8 +-
 net/netfilter/x_tables.c                           |  98 ++++++++++++++----
 net/netfilter/xt_CT.c                              |  11 ---
 30 files changed, 468 insertions(+), 248 deletions(-)
 delete mode 100644 include/net/netns/x_tables.h

^ permalink raw reply	[flat|nested] 20+ messages in thread
* [PATCH net-next 00/10] Netfilter updates for net-next
@ 2021-03-22 23:56 Pablo Neira Ayuso
  0 siblings, 0 replies; 20+ messages in thread
From: Pablo Neira Ayuso @ 2021-03-22 23:56 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev, kuba

Hi,

The following batch contains Netfilter updates for net-next:

1) Split flowtable workqueues per events, from Oz Shlomo.

2) fall-through warnings for clang, from Gustavo A. R. Silva

3) Remove unused declaration in conntrack, from YueHaibing.

4) Consolidate skb_try_make_writable() in flowtable datapath,
   simplify some of the existing codebase.

5) Call dst_check() to fall back to static classic forwarding path.

6) Update table flags from commit phase.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git

Thanks!

----------------------------------------------------------------

The following changes since commit ebfbc46b35cb70b9fbd88f376d7a33b79f60adff:

  openvswitch: Warn over-mtu packets only if iface is UP. (2021-03-16 16:28:30 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD

for you to fetch changes up to 0ce7cf4127f14078ca598ba9700d813178a59409:

  netfilter: nftables: update table flags from the commit phase (2021-03-18 01:35:39 +0100)

----------------------------------------------------------------
Gustavo A. R. Silva (1):
      netfilter: Fix fall-through warnings for Clang

Oz Shlomo (1):
      netfilter: flowtable: separate replace, destroy and stats to different workqueues

Pablo Neira Ayuso (7):
      netfilter: flowtable: consolidate skb_try_make_writable() call
      netfilter: flowtable: move skb_try_make_writable() before NAT in IPv4
      netfilter: flowtable: move FLOW_OFFLOAD_DIR_MAX away from enumeration
      netfilter: flowtable: fast NAT functions never fail
      netfilter: flowtable: call dst_check() to fall back to classic forwarding
      netfilter: flowtable: refresh timeout after dst and writable checks
      netfilter: nftables: update table flags from the commit phase

YueHaibing (1):
      netfilter: conntrack: Remove unused variable declaration

 include/net/netfilter/ipv6/nf_conntrack_ipv6.h |   3 -
 include/net/netfilter/nf_flow_table.h          |  14 +-
 include/net/netfilter/nf_tables.h              |   9 +-
 net/netfilter/nf_conntrack_proto_dccp.c        |   1 +
 net/netfilter/nf_flow_table_core.c             |  57 ++----
 net/netfilter/nf_flow_table_ip.c               | 231 ++++++++++---------------
 net/netfilter/nf_flow_table_offload.c          |  44 ++++-
 net/netfilter/nf_tables_api.c                  |  32 ++--
 net/netfilter/nft_ct.c                         |   1 +
 9 files changed, 174 insertions(+), 218 deletions(-)

^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, other threads:[~2021-09-16 15:59 UTC | newest]

Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-11  8:48 [PATCH net-next 00/10] Netfilter updates for net-next Pablo Neira Ayuso
2021-08-11  8:48 ` [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast() Pablo Neira Ayuso
2021-08-11  9:30   ` patchwork-bot+netdevbpf
2021-08-11  8:49 ` [PATCH net-next 02/10] netfilter: flowtable: remove nf_ct_l4proto_find() call Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 03/10] netfilter: ipt_CLUSTERIP: only add arp mangle hook when required Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 04/10] netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 05/10] netfilter: remove xt pernet data Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 06/10] netfilter: ebtables: do not hook tables by default Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 07/10] netfilter: ctnetlink: add and use a helper for mark parsing Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 08/10] netfilter: ctnetlink: allow to filter dump by status bits Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 09/10] netfilter: x_tables: never register tables by default Pablo Neira Ayuso
2021-09-15  9:51   ` youling257
2021-09-15  9:56     ` Florian Westphal
2021-09-15 10:12       ` youling 257
2021-09-15 14:34         ` Florian Westphal
2021-09-15 15:53           ` youling 257
2021-09-16 12:24             ` Florian Westphal
2021-09-16 15:59               ` youling 257
2021-08-11  8:49 ` [PATCH net-next 10/10] netfilter: nf_queue: move hookfn registration out of struct net Pablo Neira Ayuso
  -- strict thread matches above, loose matches on Subject: below --
2021-03-22 23:56 [PATCH net-next 00/10] Netfilter updates for net-next Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).