From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 00/31: netfilter 2.6.32 update
Date: Thu, 10 Sep 2009 18:11:46 +0200 (MEST) [thread overview]
Message-ID: <20090910161142.31179.5256.sendpatchset@x2.localnet> (raw)
Hi Dave,
following is my netfilter update for 2.6.32, containing:
- the scheduled removal of old x_tables match and target revisions from Jan
- the scheduled removal of old redirecting ip_tables header files from Jan
- x_tables cleanups and smaller improvements from Jan
- SCTP support for SO_ORIGINAL_DST from Rafael Laufer
- handling of ICMPv6 messages in IPVS from Julius Volz
- a patch to log packets dropped by conntrack helpers from myself
- patches to constify netlink message attributes in netfilter from myself
- a fix for bridge netfilter in_device refcount leaks from Eric
- a fix for conntrack cleanup in non-init namespaces from Alexey
- a fix for an ebt_ulog inverted return value from myself
- a fix for atomic operations in IPVS from Simon
- a fix for a read outside array bounds in ip6t_eui from myself
- a fix for inverted logic for persistent NAT mappings from Maximilian Engelhardt
Most of the fixes are for regressions, I'll pass all those on to -stable
once the patches hit mainline.
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6.git master
Thanks!
Documentation/feature-removal-schedule.txt | 25 ----
include/linux/netfilter/nfnetlink.h | 3 +-
include/linux/netfilter/x_tables.h | 4 +-
include/linux/netfilter/xt_CONNMARK.h | 6 -
include/linux/netfilter/xt_MARK.h | 17 ---
include/linux/netfilter/xt_connmark.h | 5 -
include/linux/netfilter/xt_conntrack.h | 36 -----
include/linux/netfilter/xt_mark.h | 5 -
include/linux/netfilter_arp/arp_tables.h | 2 +-
include/linux/netfilter_bridge/ebtables.h | 2 +-
include/linux/netfilter_ipv4/Kbuild | 32 -----
include/linux/netfilter_ipv4/ip_tables.h | 2 +-
include/linux/netfilter_ipv4/ipt_CLASSIFY.h | 7 -
include/linux/netfilter_ipv4/ipt_CONNMARK.h | 19 ---
include/linux/netfilter_ipv4/ipt_DSCP.h | 18 ---
include/linux/netfilter_ipv4/ipt_ECN.h | 4 +-
include/linux/netfilter_ipv4/ipt_MARK.h | 18 ---
include/linux/netfilter_ipv4/ipt_NFQUEUE.h | 16 ---
include/linux/netfilter_ipv4/ipt_TCPMSS.h | 9 --
include/linux/netfilter_ipv4/ipt_TOS.h | 12 --
include/linux/netfilter_ipv4/ipt_comment.h | 10 --
include/linux/netfilter_ipv4/ipt_connbytes.h | 18 ---
include/linux/netfilter_ipv4/ipt_connmark.h | 7 -
include/linux/netfilter_ipv4/ipt_conntrack.h | 28 ----
include/linux/netfilter_ipv4/ipt_dccp.h | 15 --
include/linux/netfilter_ipv4/ipt_dscp.h | 21 ---
include/linux/netfilter_ipv4/ipt_ecn.h | 4 +-
include/linux/netfilter_ipv4/ipt_esp.h | 10 --
include/linux/netfilter_ipv4/ipt_hashlimit.h | 14 --
include/linux/netfilter_ipv4/ipt_helper.h | 7 -
include/linux/netfilter_ipv4/ipt_iprange.h | 21 ---
include/linux/netfilter_ipv4/ipt_length.h | 7 -
include/linux/netfilter_ipv4/ipt_limit.h | 8 -
include/linux/netfilter_ipv4/ipt_mac.h | 7 -
include/linux/netfilter_ipv4/ipt_mark.h | 9 --
include/linux/netfilter_ipv4/ipt_multiport.h | 15 --
include/linux/netfilter_ipv4/ipt_owner.h | 20 ---
include/linux/netfilter_ipv4/ipt_physdev.h | 17 ---
include/linux/netfilter_ipv4/ipt_pkttype.h | 7 -
include/linux/netfilter_ipv4/ipt_policy.h | 23 ----
include/linux/netfilter_ipv4/ipt_recent.h | 21 ---
include/linux/netfilter_ipv4/ipt_sctp.h | 105 ---------------
include/linux/netfilter_ipv4/ipt_state.h | 15 --
include/linux/netfilter_ipv4/ipt_string.h | 10 --
include/linux/netfilter_ipv4/ipt_tcpmss.h | 7 -
include/linux/netfilter_ipv4/ipt_tos.h | 13 --
include/linux/netfilter_ipv6/Kbuild | 12 +--
include/linux/netfilter_ipv6/ip6_tables.h | 2 +-
include/linux/netfilter_ipv6/ip6t_MARK.h | 9 --
include/linux/netfilter_ipv6/ip6t_esp.h | 10 --
include/linux/netfilter_ipv6/ip6t_length.h | 8 -
include/linux/netfilter_ipv6/ip6t_limit.h | 8 -
include/linux/netfilter_ipv6/ip6t_mac.h | 7 -
include/linux/netfilter_ipv6/ip6t_mark.h | 9 --
include/linux/netfilter_ipv6/ip6t_multiport.h | 14 --
include/linux/netfilter_ipv6/ip6t_owner.h | 18 ---
include/linux/netfilter_ipv6/ip6t_physdev.h | 17 ---
include/linux/netfilter_ipv6/ip6t_policy.h | 23 ----
include/linux/netlink.h | 15 +-
include/net/netfilter/nf_nat_core.h | 2 +-
include/net/netlink.h | 4 +-
include/net/rtnetlink.h | 2 +-
net/bridge/br_netfilter.c | 2 +-
net/bridge/netfilter/ebt_log.c | 29 +---
net/bridge/netfilter/ebt_ulog.c | 2 +-
net/bridge/netfilter/ebtable_broute.c | 2 +-
net/bridge/netfilter/ebtable_filter.c | 8 +-
net/bridge/netfilter/ebtable_nat.c | 6 +-
net/bridge/netfilter/ebtables.c | 13 +-
net/ipv4/netfilter/arp_tables.c | 47 +++++--
net/ipv4/netfilter/arptable_filter.c | 4 +-
net/ipv4/netfilter/ip_tables.c | 51 +++++---
net/ipv4/netfilter/iptable_filter.c | 10 +-
net/ipv4/netfilter/iptable_mangle.c | 16 +-
net/ipv4/netfilter/iptable_raw.c | 10 +-
net/ipv4/netfilter/iptable_security.c | 12 +-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 22 ++--
net/ipv4/netfilter/nf_nat_core.c | 8 +-
net/ipv4/netfilter/nf_nat_rule.c | 6 +-
net/ipv4/netfilter/nf_nat_standalone.c | 8 +-
net/ipv6/netfilter/ip6_tables.c | 48 +++++--
net/ipv6/netfilter/ip6t_eui64.c | 9 +-
net/ipv6/netfilter/ip6table_filter.c | 10 +-
net/ipv6/netfilter/ip6table_mangle.c | 16 +-
net/ipv6/netfilter/ip6table_raw.c | 10 +-
net/ipv6/netfilter/ip6table_security.c | 12 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 18 ++-
net/netfilter/ipvs/ip_vs_core.c | 29 +++--
net/netfilter/ipvs/ip_vs_wrr.c | 7 +-
net/netfilter/nf_conntrack_core.c | 8 +-
net/netfilter/nf_conntrack_netlink.c | 54 +++++---
net/netfilter/nfnetlink.c | 2 +-
net/netfilter/nfnetlink_log.c | 6 +-
net/netfilter/nfnetlink_queue.c | 9 +-
net/netfilter/x_tables.c | 7 +-
net/netfilter/xt_CONNMARK.c | 134 ++------------------
net/netfilter/xt_DSCP.c | 46 -------
net/netfilter/xt_MARK.c | 163 ++----------------------
net/netfilter/xt_connmark.c | 101 ++-------------
net/netfilter/xt_conntrack.c | 155 +----------------------
net/netfilter/xt_dscp.c | 17 ---
net/netfilter/xt_iprange.c | 45 +------
net/netfilter/xt_mark.c | 86 ++-----------
net/netfilter/xt_osf.c | 6 +-
net/netfilter/xt_owner.c | 130 ++-----------------
net/netlink/af_netlink.c | 2 +-
net/sched/act_api.c | 2 +-
107 files changed, 373 insertions(+), 1856 deletions(-)
delete mode 100644 include/linux/netfilter_ipv4/ipt_CLASSIFY.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_CONNMARK.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_DSCP.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_MARK.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_NFQUEUE.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_TCPMSS.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_TOS.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_comment.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_connbytes.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_connmark.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_conntrack.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_dccp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_dscp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_esp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_hashlimit.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_helper.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_iprange.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_length.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_limit.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_mac.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_mark.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_multiport.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_owner.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_physdev.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_pkttype.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_policy.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_recent.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_sctp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_state.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_string.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_tcpmss.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_tos.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_MARK.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_esp.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_length.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_limit.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_mac.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_mark.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_multiport.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_owner.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_physdev.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_policy.h
Alexey Dobriyan (1):
netfilter: nf_conntrack: netns fix re reliable conntrack event delivery
Eric Dumazet (1):
netfilter: bridge: refcount fix
Jan Engelhardt (19):
netfilter: xtables: remove xt_TOS v0
netfilter: xtables: remove xt_CONNMARK v0
netfilter: xtables: remove xt_MARK v0, v1
netfilter: xtables: remove xt_connmark v0
netfilter: xtables: remove xt_conntrack v0
netfilter: xtables: remove xt_iprange v0
netfilter: xtables: remove xt_mark v0
netfilter: xtables: remove xt_owner v0
netfilter: xtables: remove redirecting header files
netfilter: conntrack: switch hook PFs to nfproto
netfilter: xtables: switch hook PFs to nfproto
netfilter: xtables: switch table AFs to nfproto
netfilter: xtables: realign struct xt_target_param
netfilter: iptables: remove unused datalen variable
netfilter: xtables: use memcmp in unconditional check
netfilter: xtables: ignore unassigned hooks in check_entry_size_and_hooks
netfilter: xtables: check for unconditionality of policies
netfilter: xtables: check for standard verdicts in policies
netfilter: xtables: mark initial tables constant
Julius Volz (1):
IPVS: Add handling of incoming ICMPV6 messages
Maximilian Engelhardt (1):
netfilter: nf_nat: fix inverted logic for persistent NAT mappings
Patrick McHardy (6):
Merge branch 'master' of git://dev.medozas.de/linux
netfilter: nf_conntrack: log packets dropped by helpers
netlink: constify nlmsghdr arguments
netfilter: nfnetlink: constify message attributes and headers
netfilter: ip6t_eui: fix read outside array bounds
netfilter: ebt_ulog: fix checkentry return value
Rafael Laufer (1):
netfilter: nf_conntrack: add SCTP support for SO_ORIGINAL_DST
Simon Horman (1):
ipvs: Use atomic operations atomicly
Tobias Klauser (1):
netfilter: ebtables: Use %pM conversion specifier
next reply other threads:[~2009-09-10 16:11 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-10 16:11 Patrick McHardy [this message]
2009-09-10 16:11 ` netfilter 01/31: nf_conntrack: add SCTP support for SO_ORIGINAL_DST Patrick McHardy
2009-09-10 16:11 ` netfilter 02/31: ebtables: Use %pM conversion specifier Patrick McHardy
2009-09-10 16:11 ` netfilter 03/31: xtables: remove xt_TOS v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 04/31: xtables: remove xt_CONNMARK v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 05/31: xtables: remove xt_MARK v0, v1 Patrick McHardy
2009-09-10 16:11 ` netfilter 06/31: xtables: remove xt_connmark v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 07/31: xtables: remove xt_conntrack v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 08/31: xtables: remove xt_iprange v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 09/31: xtables: remove xt_mark v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 10/31: xtables: remove xt_owner v0 Patrick McHardy
2009-09-10 16:12 ` netfilter 11/31: xtables: remove redirecting header files Patrick McHardy
2009-09-10 16:12 ` netfilter 12/31: conntrack: switch hook PFs to nfproto Patrick McHardy
2009-09-10 16:12 ` netfilter 13/31: xtables: " Patrick McHardy
2009-09-10 16:12 ` netfilter 14/31: xtables: switch table AFs " Patrick McHardy
2009-09-10 16:12 ` netfilter 15/31: xtables: realign struct xt_target_param Patrick McHardy
2009-09-10 16:12 ` netfilter 16/31: iptables: remove unused datalen variable Patrick McHardy
2009-09-10 16:12 ` netfilter 17/31: xtables: use memcmp in unconditional check Patrick McHardy
2009-09-10 16:12 ` netfilter 18/31: xtables: ignore unassigned hooks in check_entry_size_and_hooks Patrick McHardy
2009-09-10 16:12 ` netfilter 19/31: xtables: check for unconditionality of policies Patrick McHardy
2009-09-10 16:12 ` netfilter 20/31: xtables: check for standard verdicts in policies Patrick McHardy
2009-09-10 16:12 ` netfilter 21/31: xtables: mark initial tables constant Patrick McHardy
2009-09-10 16:12 ` netfilter 22/31: nf_nat: fix inverted logic for persistent NAT mappings Patrick McHardy
2009-09-10 16:12 ` netfilter 23/31: bridge: refcount fix Patrick McHardy
2009-09-10 16:12 ` netfilter 24/31: nf_conntrack: log packets dropped by helpers Patrick McHardy
2009-09-10 16:12 ` netlink 25/31: constify nlmsghdr arguments Patrick McHardy
2009-09-10 16:12 ` netfilter 26/31: nfnetlink: constify message attributes and headers Patrick McHardy
2009-09-10 16:12 ` ipvs 27/31: Use atomic operations atomicly Patrick McHardy
2009-09-10 16:12 ` netfilter 28/31: nf_conntrack: netns fix re reliable conntrack event delivery Patrick McHardy
2009-09-10 16:12 ` netfilter 29/31: ip6t_eui: fix read outside array bounds Patrick McHardy
2009-09-10 16:12 ` IPVS 30/31: Add handling of incoming ICMPV6 messages Patrick McHardy
2009-09-10 16:12 ` netfilter 31/31: ebt_ulog: fix checkentry return value Patrick McHardy
2009-09-11 1:25 ` netfilter 00/31: netfilter 2.6.32 update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090910161142.31179.5256.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.