From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: [PATCH 0/8] Netfilter updates for net-next Date: Fri, 10 Aug 2018 13:16:14 +0200 Message-ID: <20180810111622.3981-1-pablo@netfilter.org> Cc: davem@davemloft.net, netdev@vger.kernel.org To: netfilter-devel@vger.kernel.org Return-path: Received: from mail.us.es ([193.147.175.20]:33326 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726963AbeHJNqA (ORCPT ); Fri, 10 Aug 2018 09:46:00 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id 6DBA5D25F5 for ; Fri, 10 Aug 2018 13:14:14 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id 5FA9ADA7B9 for ; Fri, 10 Aug 2018 13:14:14 +0200 (CEST) Sender: netdev-owner@vger.kernel.org List-ID: Hi David, The following batch contains netfilter updates for your net-next tree: 1) Expose NFT_OSF_MAXGENRELEN maximum OS name length from the new OS passive fingerprint matching extension, from Fernando Fernandez. 2) Add extension to support for fine grain conntrack timeout policies from nf_tables. As preparation works, this patchset moves nf_ct_untimeout() to nf_conntrack_timeout and it also decouples the timeout policy from the ctnl_timeout object, most work done by Harsha Sharma. 3) Enable connection tracking when conntrack helper is in place. 4) Missing enumeration in uapi header when splitting original xt_osf to nfnetlink_osf, also from Fernando. 5) Fix a sparse warning due to incorrect typing in the nf_osf_find(), from Wei Yongjun. You can pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git Thanks. ---------------------------------------------------------------- The following changes since commit 981467033a37d916649647fa3afe1fe99bba1817: tc-testing: remove duplicate spaces in skbedit match patterns (2018-08-05 17:39:24 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD for you to fetch changes up to e7ea2a52ffaf60a211edc0df97dcf194d1257714: netfilter: nfnetlink_osf: fix using plain integer as NULL warning (2018-08-08 19:05:39 +0200) ---------------------------------------------------------------- Fernando Fernandez Mancera (2): netfilter: nft_osf: use NFT_OSF_MAXGENRELEN instead of IFNAMSIZ netfilter: nfnetlink_osf: add missing enum in nfnetlink_osf uapi header Harsha Sharma (2): netfilter: cttimeout: move ctnl_untimeout to nf_conntrack netfilter: nft_ct: add ct timeout support Pablo Neira Ayuso (3): netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object netfilter: remove ifdef around cttimeout in struct nf_conntrack_l4proto netfilter: nft_ct: enable conntrack for helpers Wei Yongjun (1): netfilter: nfnetlink_osf: fix using plain integer as NULL warning include/linux/netfilter/nfnetlink_osf.h | 12 -- include/net/netfilter/nf_conntrack_l4proto.h | 2 - include/net/netfilter/nf_conntrack_timeout.h | 21 ++- include/uapi/linux/netfilter/nf_tables.h | 15 +- include/uapi/linux/netfilter/nfnetlink_osf.h | 12 ++ include/uapi/linux/netfilter/xt_osf.h | 1 + net/netfilter/nf_conntrack_timeout.c | 21 ++- net/netfilter/nfnetlink_cttimeout.c | 55 +++---- net/netfilter/nfnetlink_osf.c | 2 +- net/netfilter/nft_ct.c | 218 ++++++++++++++++++++++++++- net/netfilter/nft_osf.c | 8 +- net/netfilter/xt_CT.c | 4 +- 12 files changed, 304 insertions(+), 67 deletions(-)