From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>,
pablo@netfilter.org
Subject: [PATCH net-next 0/8] netfilter: updates for net-next
Date: Mon, 1 Sep 2025 10:08:34 +0200 [thread overview]
Message-ID: <20250901080843.1468-1-fw@strlen.de> (raw)
Hi,
The following patchset contains Netfilter fixes for *net-next*:
1) prefer vmalloc_array in ebtables, from Qianfeng Rong.
2) Use csum_replace4 instead of open-coding it, from Christophe Leroy.
3+4) Get rid of GFP_ATOMIC in transaction object allocations, those
cause silly failures with large sets under memory pressure, from
myself.
5) Introduce new NFTA_DEVICE_PREFIX attribute in nftables netlink api,
re-using old NFTA_DEVICE_NAME led to confusion with different
kernel/userspace versions. This refines the wildcard interface
support added in 6.16 release. From Phil Sutter.
6) Remove test for AVX cpu feature in nftables pipapo set type,
testing for AVX2 feature is sufficient.
7) Unexport a few function in nf_reject infra: no external callers.
8) Extend payload offset to u16, this was restricted to values <=255
so far, from Fernando Fernandez Mancera.
Please, pull these changes from:
The following changes since commit 864ecc4a6dade82d3f70eab43dad0e277aa6fc78:
Merge branch 'net-add-rcu-safety-to-dst-dev' (2025-08-29 19:36:34 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-09-01
for you to fetch changes up to 0618948e58e09e1ebf59078bf5b7841bbd1ce1d2:
netfilter: nft_payload: extend offset to 65535 bytes (2025-09-01 09:53:17 +0200)
----------------------------------------------------------------
netfilter pull request nf-next-25-09-01
----------------------------------------------------------------
Christophe Leroy (1):
netfilter: nft_payload: Use csum_replace4() instead of opencoding
Fernando Fernandez Mancera (1):
netfilter: nft_payload: extend offset to 65535 bytes
Florian Westphal (4):
netfilter: nf_tables: allow iter callbacks to sleep
netfilter: nf_tables: all transaction allocations can now sleep
netfilter: nft_set_pipapo: remove redundant test for avx feature bit
netfilter: nf_reject: remove unneeded exports
Phil Sutter (1):
netfilter: nf_tables: Introduce NFTA_DEVICE_PREFIX
Qianfeng Rong (1):
netfilter: ebtables: Use vmalloc_array() to improve code
include/net/netfilter/ipv4/nf_reject.h | 8 --
include/net/netfilter/ipv6/nf_reject.h | 10 ---
include/net/netfilter/nf_tables.h | 2 +
include/net/netfilter/nf_tables_core.h | 2 +-
include/uapi/linux/netfilter/nf_tables.h | 2 +
net/bridge/netfilter/ebtables.c | 14 ++--
net/ipv4/netfilter/nf_reject_ipv4.c | 27 +++---
net/ipv6/netfilter/nf_reject_ipv6.c | 37 ++++++---
net/netfilter/nf_tables_api.c | 89 +++++++++++---------
net/netfilter/nft_payload.c | 20 +++--
net/netfilter/nft_set_hash.c | 100 ++++++++++++++++++++++-
net/netfilter/nft_set_pipapo.c | 3 +-
net/netfilter/nft_set_pipapo_avx2.c | 2 +-
net/netfilter/nft_set_rbtree.c | 35 ++++++--
14 files changed, 242 insertions(+), 109 deletions(-)
--
2.49.1
next reply other threads:[~2025-09-01 8:08 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-01 8:08 Florian Westphal [this message]
2025-09-01 8:08 ` [PATCH net-next 1/8] netfilter: ebtables: Use vmalloc_array() to improve code Florian Westphal
2025-09-01 8:08 ` [PATCH net-next 2/8] netfilter: nft_payload: Use csum_replace4() instead of opencoding Florian Westphal
2025-09-01 8:08 ` [PATCH net-next 3/8] netfilter: nf_tables: allow iter callbacks to sleep Florian Westphal
2025-09-01 8:08 ` [PATCH net-next 4/8] netfilter: nf_tables: all transaction allocations can now sleep Florian Westphal
2025-09-01 8:08 ` [PATCH net-next 5/8] netfilter: nf_tables: Introduce NFTA_DEVICE_PREFIX Florian Westphal
2025-09-01 20:46 ` Jakub Kicinski
2025-09-01 21:12 ` Pablo Neira Ayuso
2025-09-02 0:04 ` Florian Westphal
2025-09-02 13:03 ` Paolo Abeni
2025-09-01 8:08 ` [PATCH net-next 6/8] netfilter: nft_set_pipapo: remove redundant test for avx feature bit Florian Westphal
2025-09-01 8:08 ` [PATCH net-next 7/8] netfilter: nf_reject: remove unneeded exports Florian Westphal
2025-09-01 8:08 ` [PATCH net-next 8/8] netfilter: nft_payload: extend offset to 65535 bytes Florian Westphal
2025-09-02 10:53 ` [PATCH net-next 0/8] netfilter: updates for net-next Florian Westphal
-- strict thread matches above, loose matches on Subject: below --
2023-12-22 11:57 [PATCH net-next 0/8] Netfilter " Pablo Neira Ayuso
2021-08-30 9:38 Pablo Neira Ayuso
2020-11-04 14:11 Pablo Neira Ayuso
2020-11-05 2:18 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250901080843.1468-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).