From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net-next 0/8] Netfilter updates for net-next
Date: Mon, 30 Aug 2021 11:38:44 +0200 [thread overview]
Message-ID: <20210830093852.21654-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter updates for net-next:
1) Clean up and consolidate ct ecache infrastructure by merging ct and
expect notifiers, from Florian Westphal.
2) Missing counters and timestamp in nfnetlink_queue and _log conntrack
information.
3) Missing error check for xt_register_template() in iptables mangle,
as a incremental fix for the previous pull request, also from
Florian Westphal.
4) Add netfilter hooks for the SRv6 lightweigh tunnel driver, from
Ryoga Sato. The hooks are enabled via nf_hooks_lwtunnel sysctl
to make sure existing netfilter rulesets do not break. There is
a static key to disable the hooks by default.
The pktgen_bench_xmit_mode_netif_receive.sh shows no noticeable
impact in the seg6_input path for non-netfilter users: similar
numbers with and without this patch.
This is a sample of the perf report output:
11.67% kpktgend_0 [ipv6] [k] ipv6_get_saddr_eval
7.89% kpktgend_0 [ipv6] [k] __ipv6_addr_label
7.52% kpktgend_0 [ipv6] [k] __ipv6_dev_get_saddr
6.63% kpktgend_0 [kernel.vmlinux] [k] asm_exc_nmi
4.74% kpktgend_0 [ipv6] [k] fib6_node_lookup_1
3.48% kpktgend_0 [kernel.vmlinux] [k] pskb_expand_head
3.33% kpktgend_0 [ipv6] [k] ip6_rcv_core.isra.29
3.33% kpktgend_0 [ipv6] [k] seg6_do_srh_encap
2.53% kpktgend_0 [ipv6] [k] ipv6_dev_get_saddr
2.45% kpktgend_0 [ipv6] [k] fib6_table_lookup
2.24% kpktgend_0 [kernel.vmlinux] [k] ___cache_free
2.16% kpktgend_0 [ipv6] [k] ip6_pol_route
2.11% kpktgend_0 [kernel.vmlinux] [k] __ipv6_addr_type
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks.
----------------------------------------------------------------
The following changes since commit 87e5ef4b19cec86c861e3ebab3a5d840ecc2f4a4:
mctp: Remove the repeated declaration (2021-08-25 11:23:14 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 7a3f5b0de3647c854e34269c3332d7a1e902901a:
netfilter: add netfilter hooks to SRv6 data plane (2021-08-30 01:51:36 +0200)
----------------------------------------------------------------
Florian Westphal (5):
netfilter: ecache: remove one indent level
netfilter: ecache: remove another indent level
netfilter: ecache: add common helper for nf_conntrack_eventmask_report
netfilter: ecache: prepare for event notifier merge
netfilter: ecache: remove nf_exp_event_notifier structure
Lukas Bulwahn (1):
netfilter: x_tables: handle xt_register_template() returning an error value
Pablo Neira Ayuso (1):
netfilter: ctnetlink: missing counters and timestamp in nfnetlink_{log,queue}
Ryoga Saito (1):
netfilter: add netfilter hooks to SRv6 data plane
Documentation/networking/nf_conntrack-sysctl.rst | 7 +
include/net/lwtunnel.h | 3 +
include/net/netfilter/nf_conntrack_ecache.h | 32 ++--
include/net/netfilter/nf_hooks_lwtunnel.h | 7 +
include/net/netns/conntrack.h | 1 -
net/core/lwtunnel.c | 3 +
net/ipv4/netfilter/iptable_mangle.c | 2 +
net/ipv6/seg6_iptunnel.c | 75 +++++++-
net/ipv6/seg6_local.c | 111 ++++++++----
net/netfilter/Makefile | 3 +
net/netfilter/nf_conntrack_ecache.c | 211 +++++++++--------------
net/netfilter/nf_conntrack_netlink.c | 56 ++----
net/netfilter/nf_conntrack_standalone.c | 15 ++
net/netfilter/nf_hooks_lwtunnel.c | 53 ++++++
14 files changed, 345 insertions(+), 234 deletions(-)
create mode 100644 include/net/netfilter/nf_hooks_lwtunnel.h
create mode 100644 net/netfilter/nf_hooks_lwtunnel.c
next reply other threads:[~2021-08-30 9:39 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-30 9:38 Pablo Neira Ayuso [this message]
2021-08-30 9:38 ` [PATCH net-next 1/8] netfilter: ecache: remove one indent level Pablo Neira Ayuso
2021-08-30 10:00 ` patchwork-bot+netdevbpf
2021-08-30 9:38 ` [PATCH net-next 2/8] netfilter: ecache: remove another " Pablo Neira Ayuso
2021-08-30 9:38 ` [PATCH net-next 3/8] netfilter: ecache: add common helper for nf_conntrack_eventmask_report Pablo Neira Ayuso
2021-08-30 9:38 ` [PATCH net-next 4/8] netfilter: ecache: prepare for event notifier merge Pablo Neira Ayuso
2021-08-30 9:38 ` [PATCH net-next 5/8] netfilter: ecache: remove nf_exp_event_notifier structure Pablo Neira Ayuso
2021-08-30 9:38 ` [PATCH net-next 6/8] netfilter: ctnetlink: missing counters and timestamp in nfnetlink_{log,queue} Pablo Neira Ayuso
2021-08-30 9:38 ` [PATCH net-next 7/8] netfilter: x_tables: handle xt_register_template() returning an error value Pablo Neira Ayuso
2021-08-30 9:38 ` [PATCH net-next 8/8] netfilter: add netfilter hooks to SRv6 data plane Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2025-09-01 8:08 [PATCH net-next 0/8] netfilter: updates for net-next Florian Westphal
2025-09-02 10:53 ` Florian Westphal
2023-12-22 11:57 [PATCH net-next 0/8] Netfilter " Pablo Neira Ayuso
2020-11-04 14:11 Pablo Neira Ayuso
2020-11-05 2:18 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210830093852.21654-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).