[PATCH net-next 00/10] Netfilter updates for net-next

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net-next 00/10] Netfilter updates for net-next
Date: Wed, 11 Aug 2021 10:48:58 +0200	[thread overview]
Message-ID: <20210811084908.14744-1-pablo@netfilter.org> (raw)

Hi,

The following patchset contains Netfilter updates for net-next:

1) Use nfnetlink_unicast() instead of netlink_unicast() in nft_compat.

2) Remove call to nf_ct_l4proto_find() in flowtable offload timeout
   fixup.

3) CLUSTERIP registers ARP hook on demand, from Florian.

4) Use clusterip_net to store pernet warning, also from Florian.

5) Remove struct netns_xt, from Florian Westphal.

6) Enable ebtables hooks in initns on demand, from Florian.

7) Allow to filter conntrack netlink dump per status bits,
   from Florian Westphal.

8) Register x_tables hooks in initns on demand, from Florian.

9) Remove queue_handler from per-netns structure, again from Florian.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git

Thanks.

----------------------------------------------------------------

The following changes since commit aae950b189413ed3201354600d44223da0bcf63c:

  Merge branch 'clean-devlink-net-namespace-operations' (2021-07-30 13:16:40 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD

for you to fetch changes up to 8702997074363c294a1f83928cd0c33ca57bf813:

  netfilter: nf_queue: move hookfn registration out of struct net (2021-08-10 17:32:00 +0200)

----------------------------------------------------------------
Florian Westphal (8):
      netfilter: ipt_CLUSTERIP: only add arp mangle hook when required
      netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning
      netfilter: remove xt pernet data
      netfilter: ebtables: do not hook tables by default
      netfilter: ctnetlink: add and use a helper for mark parsing
      netfilter: ctnetlink: allow to filter dump by status bits
      netfilter: x_tables: never register tables by default
      netfilter: nf_queue: move hookfn registration out of struct net

Pablo Neira Ayuso (2):
      netfilter: nft_compat: use nfnetlink_unicast()
      netfilter: flowtable: remove nf_ct_l4proto_find() call

 include/linux/netfilter/x_tables.h                 |   6 +-
 include/linux/netfilter_bridge/ebtables.h          |   2 +
 include/net/net_namespace.h                        |   2 -
 include/net/netfilter/nf_queue.h                   |   4 +-
 include/net/netns/netfilter.h                      |   1 -
 include/net/netns/x_tables.h                       |  12 ---
 include/uapi/linux/netfilter/nfnetlink_conntrack.h |   1 +
 net/bridge/netfilter/ebtable_broute.c              |  17 +++-
 net/bridge/netfilter/ebtable_filter.c              |  17 +++-
 net/bridge/netfilter/ebtable_nat.c                 |  17 +++-
 net/bridge/netfilter/ebtables.c                    | 109 ++++++++++++++++++---
 net/ipv4/netfilter/arptable_filter.c               |  23 +++--
 net/ipv4/netfilter/ipt_CLUSTERIP.c                 |  56 +++++++----
 net/ipv4/netfilter/iptable_filter.c                |  24 +++--
 net/ipv4/netfilter/iptable_mangle.c                |  17 ++--
 net/ipv4/netfilter/iptable_nat.c                   |  20 ++--
 net/ipv4/netfilter/iptable_raw.c                   |  21 ++--
 net/ipv4/netfilter/iptable_security.c              |  23 +++--
 net/ipv6/netfilter/ip6table_filter.c               |  23 +++--
 net/ipv6/netfilter/ip6table_mangle.c               |  22 ++---
 net/ipv6/netfilter/ip6table_nat.c                  |  16 +--
 net/ipv6/netfilter/ip6table_raw.c                  |  24 +++--
 net/ipv6/netfilter/ip6table_security.c             |  22 ++---
 net/netfilter/nf_conntrack_netlink.c               |  76 +++++++++++---
 net/netfilter/nf_flow_table_core.c                 |  10 --
 net/netfilter/nf_queue.c                           |  19 ++--
 net/netfilter/nfnetlink_queue.c                    |  15 ++-
 net/netfilter/nft_compat.c                         |   8 +-
 net/netfilter/x_tables.c                           |  98 ++++++++++++++----
 net/netfilter/xt_CT.c                              |  11 ---
 30 files changed, 468 insertions(+), 248 deletions(-)
 delete mode 100644 include/net/netns/x_tables.h

next             reply	other threads:[~2021-08-11  8:49 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-11  8:48 Pablo Neira Ayuso [this message]
2021-08-11  8:48 ` [PATCH net-next 01/10] netfilter: nft_compat: use nfnetlink_unicast() Pablo Neira Ayuso
2021-08-11  9:30   ` patchwork-bot+netdevbpf
2021-08-11  8:49 ` [PATCH net-next 02/10] netfilter: flowtable: remove nf_ct_l4proto_find() call Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 03/10] netfilter: ipt_CLUSTERIP: only add arp mangle hook when required Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 04/10] netfilter: ipt_CLUSTERIP: use clusterip_net to store pernet warning Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 05/10] netfilter: remove xt pernet data Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 06/10] netfilter: ebtables: do not hook tables by default Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 07/10] netfilter: ctnetlink: add and use a helper for mark parsing Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 08/10] netfilter: ctnetlink: allow to filter dump by status bits Pablo Neira Ayuso
2021-08-11  8:49 ` [PATCH net-next 09/10] netfilter: x_tables: never register tables by default Pablo Neira Ayuso
2021-09-15  9:51   ` youling257
2021-09-15  9:56     ` Florian Westphal
2021-09-15 10:12       ` youling 257
2021-09-15 14:34         ` Florian Westphal
2021-09-15 15:53           ` youling 257
2021-09-16 12:24             ` Florian Westphal
2021-09-16 15:59               ` youling 257
2021-08-11  8:49 ` [PATCH net-next 10/10] netfilter: nf_queue: move hookfn registration out of struct net Pablo Neira Ayuso
  -- strict thread matches above, loose matches on Subject: below --
2023-08-22 15:43 [PATCH net-next 00/10] netfilter updates for net-next Florian Westphal
2022-10-26 13:22 [PATCH net-next 00/10] Netfilter " Pablo Neira Ayuso
2021-03-22 23:56 Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210811084908.14744-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.