From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/15] Netfilter/IPVS updates for net-next
Date: Sat, 1 Jun 2019 20:23:25 +0200 [thread overview]
Message-ID: <20190601182340.2662-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset container Netfilter/IPVS update for net-next:
1) Add UDP tunnel support for ICMP errors in IPVS.
Julian Anastasov says:
This patchset is a followup to the commit that adds UDP/GUE tunnel:
"ipvs: allow tunneling with gue encapsulation".
What we do is to put tunnel real servers in hash table (patch 1),
add function to lookup tunnels (patch 2) and use it to strip the
embedded tunnel headers from ICMP errors (patch 3).
2) Extend xt_owner to match for supplementary groups, from
Lukasz Pawelczyk.
3) Remove unused oif field in flow_offload_tuple object, from
Taehee Yoo.
4) Release basechain counters from workqueue to skip synchronize_rcu()
call. From Florian Westphal.
5) Replace skb_make_writable() by skb_ensure_writable(). Patchset
from Florian Westphal.
6) Checksum support for gue encapsulation in IPVS, from Jacky Hu.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks!
----------------------------------------------------------------
The following changes since commit 7b3ed2a137b077bc0967352088b0adb6049eed20:
Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue (2019-05-30 15:17:05 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 29930e314da3833437a2ddc7b17f6a954f38d8fb:
ipvs: add checksum support for gue encapsulation (2019-05-31 18:23:52 +0200)
----------------------------------------------------------------
Florian Westphal (9):
netfilter: nf_tables: free base chain counters from worker
netfilter: bridge: convert skb_make_writable to skb_ensure_writable
netfilter: ipvs: prefer skb_ensure_writable
netfilter: conntrack, nat: prefer skb_ensure_writable
netfilter: ipv4: prefer skb_ensure_writable
netfilter: nf_tables: prefer skb_ensure_writable
netfilter: xt_HL: prefer skb_ensure_writable
netfilter: tcpmss, optstrip: prefer skb_ensure_writable
netfilter: replace skb_make_writable with skb_ensure_writable
Jacky Hu (1):
ipvs: add checksum support for gue encapsulation
Julian Anastasov (3):
ipvs: allow rs_table to contain different real server types
ipvs: add function to find tunnels
ipvs: strip udp tunnel headers from icmp errors
Lukasz Pawelczyk (1):
netfilter: xt_owner: Add supplementary groups option
Taehee Yoo (1):
netfilter: nf_flow_table: remove unnecessary variable in flow_offload_tuple
include/linux/netfilter.h | 5 -
include/net/ip_vs.h | 8 ++
include/net/netfilter/nf_flow_table.h | 2 -
include/uapi/linux/ip_vs.h | 7 ++
include/uapi/linux/netfilter/xt_owner.h | 7 +-
net/bridge/netfilter/ebt_dnat.c | 2 +-
net/bridge/netfilter/ebt_redirect.c | 2 +-
net/bridge/netfilter/ebt_snat.c | 2 +-
net/ipv4/netfilter/arpt_mangle.c | 2 +-
net/ipv4/netfilter/ipt_ECN.c | 4 +-
net/ipv4/netfilter/nf_nat_h323.c | 2 +-
net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 2 +-
net/netfilter/core.c | 22 ----
net/netfilter/ipvs/ip_vs_app.c | 4 +-
net/netfilter/ipvs/ip_vs_core.c | 72 ++++++++++++-
net/netfilter/ipvs/ip_vs_ctl.c | 83 +++++++++++++--
net/netfilter/ipvs/ip_vs_ftp.c | 4 +-
net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +-
net/netfilter/ipvs/ip_vs_proto_tcp.c | 4 +-
net/netfilter/ipvs/ip_vs_proto_udp.c | 4 +-
net/netfilter/ipvs/ip_vs_xmit.c | 155 ++++++++++++++++++++++++----
net/netfilter/nf_conntrack_proto_sctp.c | 2 +-
net/netfilter/nf_conntrack_seqadj.c | 4 +-
net/netfilter/nf_flow_table_core.c | 1 -
net/netfilter/nf_nat_helper.c | 4 +-
net/netfilter/nf_nat_proto.c | 24 ++---
net/netfilter/nf_nat_sip.c | 2 +-
net/netfilter/nf_synproxy_core.c | 2 +-
net/netfilter/nf_tables_api.c | 26 ++---
net/netfilter/nfnetlink_queue.c | 2 +-
net/netfilter/nft_exthdr.c | 3 +-
net/netfilter/nft_payload.c | 6 +-
net/netfilter/xt_DSCP.c | 8 +-
net/netfilter/xt_HL.c | 4 +-
net/netfilter/xt_TCPMSS.c | 2 +-
net/netfilter/xt_TCPOPTSTRIP.c | 28 +++--
net/netfilter/xt_owner.c | 23 ++++-
37 files changed, 389 insertions(+), 149 deletions(-)
next reply other threads:[~2019-06-01 18:24 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-01 18:23 Pablo Neira Ayuso [this message]
2019-06-01 18:23 ` [PATCH 01/15] ipvs: allow rs_table to contain different real server types Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 02/15] ipvs: add function to find tunnels Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 03/15] ipvs: strip udp tunnel headers from icmp errors Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 04/15] netfilter: xt_owner: Add supplementary groups option Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 05/15] netfilter: nf_flow_table: remove unnecessary variable in flow_offload_tuple Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 06/15] netfilter: nf_tables: free base chain counters from worker Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 07/15] netfilter: bridge: convert skb_make_writable to skb_ensure_writable Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 08/15] netfilter: ipvs: prefer skb_ensure_writable Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 09/15] netfilter: conntrack, nat: " Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 10/15] netfilter: ipv4: " Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 11/15] netfilter: nf_tables: " Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 12/15] netfilter: xt_HL: " Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 13/15] netfilter: tcpmss, optstrip: " Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 14/15] netfilter: replace skb_make_writable with skb_ensure_writable Pablo Neira Ayuso
2019-06-01 18:23 ` [PATCH 15/15] ipvs: add checksum support for gue encapsulation Pablo Neira Ayuso
2019-06-01 23:45 ` [PATCH 00/15] Netfilter/IPVS updates for net-next David Miller
-- strict thread matches above, loose matches on Subject: below --
2019-07-08 10:32 Pablo Neira Ayuso
2019-07-08 19:14 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190601182340.2662-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).