From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: [NETFILTER 00/38]: Netfilter update
Date: Tue, 15 Jan 2008 07:19:12 +0100 (MET) [thread overview]
Message-ID: <20080115061907.3184.39432.sendpatchset@localhost.localdomain> (raw)
Hi Dave,
following is another netfilter update. The diffstat contains mostly
noise from a MODULE_DESCRIPTION update, the main changes are:
- removal of EXPERIMENTAL dependencies for all but a few selected modules
- Updates from Jan for multiple matches and targets to use fixed types,
scheduling of the old version for removal in 2009
- IPv6 support for a few more matches and targets
- SCTP conntrack cleanup
- REJECT target conversion to construct TCP RSTs from scratch to properly
deal with IP options
- Minor cleanups and optimizations
Please apply, thanks.
Documentation/feature-removal-schedule.txt | 32 ++
include/linux/netfilter.h | 4 +
include/linux/netfilter/Kbuild | 1 +
include/linux/netfilter/nf_conntrack_sctp.h | 1 -
include/linux/netfilter/xt_CONNMARK.h | 5 +
include/linux/netfilter/xt_MARK.h | 4 +
include/linux/netfilter/xt_RATEEST.h | 2 +
include/linux/netfilter/xt_connlimit.h | 2 +-
include/linux/netfilter/xt_connmark.h | 5 +
include/linux/netfilter/xt_conntrack.h | 16 +-
include/linux/netfilter/xt_hashlimit.h | 2 +-
include/linux/netfilter/xt_iprange.h | 17 +
include/linux/netfilter/xt_mark.h | 5 +
include/linux/netfilter/xt_policy.h | 23 ++-
include/linux/netfilter/xt_quota.h | 2 +
include/linux/netfilter/xt_rateest.h | 2 +
include/linux/netfilter/xt_statistic.h | 1 +
include/linux/netfilter/xt_string.h | 2 +
include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 1 +
include/linux/netfilter_ipv4/ipt_iprange.h | 6 +-
include/net/netfilter/nf_conntrack.h | 7 -
include/net/netfilter/nf_conntrack_core.h | 12 -
include/net/netfilter/nf_conntrack_helper.h | 4 +
include/net/netfilter/nf_conntrack_l3proto.h | 3 -
net/ipv4/netfilter.c | 10 +
net/ipv4/netfilter/Kconfig | 14 +-
net/ipv4/netfilter/Makefile | 1 -
net/ipv4/netfilter/ip_tables.c | 47 ++--
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
net/ipv4/netfilter/ipt_ECN.c | 2 +-
net/ipv4/netfilter/ipt_LOG.c | 2 +-
net/ipv4/netfilter/ipt_MASQUERADE.c | 2 +-
net/ipv4/netfilter/ipt_NETMAP.c | 2 +-
net/ipv4/netfilter/ipt_REDIRECT.c | 2 +-
net/ipv4/netfilter/ipt_REJECT.c | 104 +++----
net/ipv4/netfilter/ipt_TOS.c | 82 -----
net/ipv4/netfilter/ipt_TTL.c | 2 +-
net/ipv4/netfilter/ipt_ULOG.c | 2 +-
net/ipv4/netfilter/ipt_addrtype.c | 2 +-
net/ipv4/netfilter/ipt_ah.c | 2 +-
net/ipv4/netfilter/ipt_ecn.c | 2 +-
net/ipv4/netfilter/ipt_iprange.c | 77 -----
net/ipv4/netfilter/ipt_recent.c | 2 +-
net/ipv4/netfilter/ipt_ttl.c | 2 +-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 7 -
.../netfilter/nf_conntrack_l3proto_ipv4_compat.c | 5 +-
net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 8 -
net/ipv6/netfilter/Kconfig | 12 +-
net/ipv6/netfilter/ip6_tables.c | 42 ++--
net/ipv6/netfilter/ip6t_HL.c | 2 +-
net/ipv6/netfilter/ip6t_LOG.c | 2 +-
net/ipv6/netfilter/ip6t_REJECT.c | 2 +-
net/ipv6/netfilter/ip6t_ah.c | 2 +-
net/ipv6/netfilter/ip6t_eui64.c | 2 +-
net/ipv6/netfilter/ip6t_frag.c | 2 +-
net/ipv6/netfilter/ip6t_hbh.c | 2 +-
net/ipv6/netfilter/ip6t_hl.c | 2 +-
net/ipv6/netfilter/ip6t_ipv6header.c | 2 +-
net/ipv6/netfilter/ip6t_mh.c | 2 +-
net/ipv6/netfilter/ip6t_rt.c | 2 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 7 -
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 8 -
net/netfilter/Kconfig | 37 ++-
net/netfilter/Makefile | 2 +-
net/netfilter/core.c | 9 +
net/netfilter/nf_conntrack_core.c | 5 +-
net/netfilter/nf_conntrack_l3proto_generic.c | 7 -
net/netfilter/nf_conntrack_proto_generic.c | 8 -
net/netfilter/nf_conntrack_proto_sctp.c | 310 ++++++++++----------
net/netfilter/nf_conntrack_proto_tcp.c | 69 ++---
net/netfilter/nf_conntrack_proto_udp.c | 9 -
net/netfilter/nf_conntrack_proto_udplite.c | 9 -
net/netfilter/nf_conntrack_standalone.c | 5 +-
net/netfilter/nf_sysctl.c | 25 --
net/netfilter/xt_CLASSIFY.c | 2 +-
net/netfilter/xt_CONNMARK.c | 119 ++++++--
net/netfilter/xt_CONNSECMARK.c | 2 +-
net/netfilter/xt_DSCP.c | 8 +-
net/netfilter/xt_MARK.c | 76 ++++--
net/netfilter/xt_NFLOG.c | 2 +-
net/netfilter/xt_NFQUEUE.c | 2 +-
net/netfilter/xt_NOTRACK.c | 1 +
net/netfilter/xt_RATEEST.c | 2 +-
net/netfilter/xt_SECMARK.c | 2 +-
net/netfilter/xt_TCPMSS.c | 2 +-
net/netfilter/xt_TCPOPTSTRIP.c | 2 +-
net/netfilter/xt_TRACE.c | 1 +
net/netfilter/xt_comment.c | 2 +-
net/netfilter/xt_connbytes.c | 2 +-
net/netfilter/xt_connlimit.c | 2 +-
net/netfilter/xt_connmark.c | 90 +++++--
net/netfilter/xt_conntrack.c | 209 ++++++++++++--
net/netfilter/xt_dccp.c | 2 +-
net/netfilter/xt_dscp.c | 2 +-
net/netfilter/xt_esp.c | 2 +-
net/netfilter/xt_hashlimit.c | 2 +-
net/netfilter/xt_helper.c | 2 +-
net/netfilter/xt_iprange.c | 180 ++++++++++++
net/netfilter/xt_length.c | 2 +-
net/netfilter/xt_limit.c | 2 +-
net/netfilter/xt_mac.c | 2 +-
net/netfilter/xt_mark.c | 74 ++++--
net/netfilter/xt_multiport.c | 2 +-
net/netfilter/xt_owner.c | 2 +-
net/netfilter/xt_physdev.c | 2 +-
net/netfilter/xt_pkttype.c | 19 +-
net/netfilter/xt_policy.c | 17 +-
net/netfilter/xt_quota.c | 1 +
net/netfilter/xt_realm.c | 2 +-
net/netfilter/xt_sctp.c | 2 +-
net/netfilter/xt_statistic.c | 2 +-
net/netfilter/xt_string.c | 2 +-
net/netfilter/xt_tcpmss.c | 2 +-
net/netfilter/xt_tcpudp.c | 2 +-
net/netfilter/xt_time.c | 2 +-
net/netfilter/xt_u32.c | 2 +-
116 files changed, 1168 insertions(+), 813 deletions(-)
create mode 100644 include/linux/netfilter/xt_iprange.h
delete mode 100644 net/ipv4/netfilter/ipt_TOS.c
delete mode 100644 net/ipv4/netfilter/ipt_iprange.c
delete mode 100644 net/netfilter/nf_sysctl.c
create mode 100644 net/netfilter/xt_iprange.c
Denys Vlasenko (1):
[NETFILTER]: {ip,ip6}_tables: remove some inlines
Jan Engelhardt (17):
[NETFILTER]: remove ipt_TOS.c
[NETFILTER]: xt_TOS: Change semantic of mask value
[NETFILTER]: xt_TOS: Properly set the TOS field
[NETFILTER]: Annotate start of kernel fields in NF headers
[NETFILTER]: xt_CONNMARK target, revision 1
[NETFILTER]: xt_MARK target, revision 2
[NETFILTER]: xt_connmark match, revision 1
[NETFILTER]: Extend nf_inet_addr with in{,6}_addr
[NETFILTER]: xt_conntrack match, revision 1
[NETFILTER]: xt_mark match, revision 1
[NETFILTER]: xt_pkttype: Add explicit check for IPv4
[NETFILTER]: xt_pkttype: IPv6 multicast address recognition
[NETFILTER]: xt_policy: use the new union nf_inet_addr
[NETFILTER]: Update modules' descriptions
[NETFILTER]: Rename ipt_iprange to xt_iprange
[NETFILTER]: xt_iprange match, revision 1
[NETFILTER]: Update feature-removal-schedule.txt
Patrick McHardy (20):
[NETFILTER]: Hide a few more options under NETFILTER_ADVANCED
[NETFILTER]: Remove some EXPERIMENTAL dependencies
[NETFILTER]: ipt_REJECT: properly handle IP options
[NETFILTER]: nf_conntrack_{tcp,sctp}: mark state table const
[NETFILTER]: nf_conntrack_{tcp,sctp}: shrink state table
[NETFILTER]: nf_conntrack_tcp: remove timeout indirection
[NETFILTER]: nf_conntrack_sctp: basic cleanups
[NETFILTER]: nf_conntrack_sctp: use proper types for bitops
[NETFILTER]: nf_conntrack_sctp: reduce line length
[NETFILTER]: nf_conntrack_sctp: reduce line length further
[NETFILTER]: nf_conntrack_sctp: consolidate sctp_packet() error paths
[NETFILTER]: nf_conntrack_sctp: rename "newconntrack" variable
[NETFILTER]: nf_conntrack_sctp: don't take sctp_lock once per chunk
[NETFILTER]: nf_conntrack_sctp: remove unused ttag field from conntrack data
[NETFILTER]: nf_conntrack_sctp: replace magic value by symbolic constant
[NETFILTER]: nf_conntrack_sctp: remove timeout indirection
[NETFILTER]: kill nf_sysctl.c
[NETFILTER]: nf_conntrack: clean up a few header files
[NETFILTER]: nf_conntrack: remove print_conntrack function from l3protos
[NETFILTER]: nf_conntrack: make print_conntrack function optional for l4protos
next reply other threads:[~2008-01-15 6:19 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-15 6:19 Patrick McHardy [this message]
2008-01-15 6:19 ` [NETFILTER 01/38]: Hide a few more options under NETFILTER_ADVANCED Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 02/38]: Remove some EXPERIMENTAL dependencies Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 03/38]: remove ipt_TOS.c Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 04/38]: xt_TOS: Change semantic of mask value Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 05/38]: xt_TOS: Properly set the TOS field Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 06/38]: Annotate start of kernel fields in NF headers Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 07/38]: xt_CONNMARK target, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 08/38]: xt_MARK target, revision 2 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 09/38]: xt_connmark match, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 10/38]: Extend nf_inet_addr with in{,6}_addr Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 11/38]: xt_conntrack match, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 12/38]: xt_mark " Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 13/38]: xt_pkttype: Add explicit check for IPv4 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 14/38]: xt_pkttype: IPv6 multicast address recognition Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 15/38]: xt_policy: use the new union nf_inet_addr Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 16/38]: Update modules' descriptions Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 17/38]: Rename ipt_iprange to xt_iprange Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 18/38]: xt_iprange match, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 19/38]: Update feature-removal-schedule.txt Patrick McHardy
2008-01-15 16:15 ` Jones Desougi
2008-01-15 16:40 ` Patrick McHardy
2008-01-15 16:54 ` Jan Engelhardt
2008-01-15 16:59 ` Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 20/38]: {ip,ip6}_tables: remove some inlines Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 21/38]: ipt_REJECT: properly handle IP options Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 22/38]: nf_conntrack_{tcp,sctp}: mark state table const Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 23/38]: nf_conntrack_{tcp,sctp}: shrink state table Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 24/38]: nf_conntrack_tcp: remove timeout indirection Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 25/38]: nf_conntrack_sctp: basic cleanups Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 26/38]: nf_conntrack_sctp: use proper types for bitops Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 27/38]: nf_conntrack_sctp: reduce line length Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 28/38]: nf_conntrack_sctp: reduce line length further Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 29/38]: nf_conntrack_sctp: consolidate sctp_packet() error paths Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 30/38]: nf_conntrack_sctp: rename "newconntrack" variable Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 31/38]: nf_conntrack_sctp: don't take sctp_lock once per chunk Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 32/38]: nf_conntrack_sctp: remove unused ttag field from conntrack data Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 33/38]: nf_conntrack_sctp: replace magic value by symbolic constant Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 34/38]: nf_conntrack_sctp: remove timeout indirection Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 35/38]: kill nf_sysctl.c Patrick McHardy
2008-01-15 6:20 ` [NETFILTER 36/38]: nf_conntrack: clean up a few header files Patrick McHardy
2008-01-15 6:20 ` [NETFILTER 37/38]: nf_conntrack: remove print_conntrack function from l3protos Patrick McHardy
2008-01-15 6:20 ` [NETFILTER 38/38]: nf_conntrack: make print_conntrack function optional for l4protos Patrick McHardy
2008-01-15 7:50 ` [NETFILTER 00/38]: Netfilter update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080115061907.3184.39432.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.