From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/25] Netfilter updates for net-next
Date: Tue, 4 Sep 2012 01:53:47 +0200 [thread overview]
Message-ID: <1346716452-3080-1-git-send-email-pablo@netfilter.org> (raw)
From: Pablo Neira Ayuso <pablo@netfilter.org>
Hi David,
The following patchset contains updates for your net-next tree, the most
relevant thing here is the new IPv6 NAT support from Patrick McHardy.
More specifically, they are:
* Several patches to prepare IPv6 NAT support, including one to improve
IPv6 fragmentation handling for Netfilter and IPVS from Patrick McHardy
and Jesper Dangaard respectively.
* IPv6 NAT support for source/destination NAT, masquerading, redirection
and network mapping, again from Patrick.
* A new target that allows stateless Network Prefix Translation (NPT)
for IPv6, also from Patrick.
* Changes in existing helpers to support IPv6 NAT, mostly and Patrick and
a couple from myself.
* Removal of xt_NOTRACK that has now been superseded by the CT target, from
Cong Wang.
* Minor cleanups from Jan Beulich, Michael Wang and myself.
You can pull these changes from:
git://1984.lsi.us.es/nf-next master
P.S: I merged your net-next tree to nf-next to make sure there were no
conflicts with one recent SIP NAT helper fix pushed to net and Patrick's
SIP helper conversion to support IPv6 NAT.
Thanks!
Cong Wang (1):
netfilter: remove xt_NOTRACK
Jan Beulich (1):
netfilter: properly annotate ipv4_netfilter_{init,fini}()
Jesper Dangaard Brouer (1):
ipvs: IPv6 MTU checking cleanup and bugfix
Michael Wang (2):
netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_iterate()
netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue()
Pablo Neira Ayuso (5):
netfilter: nf_nat: support IPv6 in IRC NAT helper
netfilter: nf_nat: support IPv6 in TFTP NAT helper
netfilter: xt_socket: fix compilation warnings with gcc 4.7
netfilter: xt_CT: refactorize xt_ct_tg_check
netfilter: nf_conntrack: add nf_ct_timeout_lookup
Patrick McHardy (15):
netfilter: nf_conntrack_ipv6: improve fragmentation handling
netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments
netfilter: nf_conntrack: restrict NAT helper invocation to IPv4
netfilter: nf_nat: add protoff argument to packet mangling functions
netfilter: add protocol independent NAT core
netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change
net: core: add function for incremental IPv6 pseudo header checksum updates
netfilter: ipv6: add IPv6 NAT support
netfilter: ip6tables: add MASQUERADE target
netfilter: ip6tables: add REDIRECT target
netfilter: ip6tables: add NETMAP target
netfilter: nf_nat: support IPv6 in FTP NAT helper
netfilter: nf_nat: support IPv6 in amanda NAT helper
netfilter: nf_nat: support IPv6 in SIP NAT helper
netfilter: ip6tables: add stateless IPv6-to-IPv6 Network Prefix Translation target
Documentation/feature-removal-schedule.txt | 8 -
arch/m68k/configs/amiga_defconfig | 1 -
arch/m68k/configs/apollo_defconfig | 1 -
arch/m68k/configs/atari_defconfig | 1 -
arch/m68k/configs/bvme6000_defconfig | 1 -
arch/m68k/configs/hp300_defconfig | 1 -
arch/m68k/configs/mac_defconfig | 1 -
arch/m68k/configs/multi_defconfig | 1 -
arch/m68k/configs/mvme147_defconfig | 1 -
arch/m68k/configs/mvme16x_defconfig | 1 -
arch/m68k/configs/q40_defconfig | 1 -
arch/m68k/configs/sun3_defconfig | 1 -
arch/m68k/configs/sun3x_defconfig | 1 -
arch/mips/configs/ar7_defconfig | 1 -
arch/mips/configs/bcm47xx_defconfig | 1 -
arch/mips/configs/ip22_defconfig | 1 -
arch/mips/configs/jazz_defconfig | 1 -
arch/mips/configs/malta_defconfig | 1 -
arch/mips/configs/markeins_defconfig | 1 -
arch/mips/configs/nlm_xlp_defconfig | 1 -
arch/mips/configs/nlm_xlr_defconfig | 1 -
arch/mips/configs/rm200_defconfig | 1 -
arch/powerpc/configs/pmac32_defconfig | 1 -
arch/powerpc/configs/ppc64_defconfig | 1 -
arch/powerpc/configs/ppc64e_defconfig | 1 -
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/tile/configs/tilegx_defconfig | 1 -
arch/tile/configs/tilepro_defconfig | 1 -
include/linux/ipv6.h | 1 +
include/linux/netfilter.h | 14 +-
include/linux/netfilter/nf_conntrack_amanda.h | 1 +
include/linux/netfilter/nf_conntrack_ftp.h | 1 +
include/linux/netfilter/nf_conntrack_h323.h | 15 +-
include/linux/netfilter/nf_conntrack_irc.h | 1 +
include/linux/netfilter/nf_conntrack_pptp.h | 2 +
include/linux/netfilter/nf_conntrack_sip.h | 21 +-
include/linux/netfilter/nf_nat.h | 8 +
include/linux/netfilter/nfnetlink_conntrack.h | 8 +-
include/linux/netfilter_ipv4.h | 1 -
include/linux/netfilter_ipv6/Kbuild | 1 +
include/linux/netfilter_ipv6/ip6t_NPT.h | 16 +
include/net/addrconf.h | 2 +-
include/net/checksum.h | 3 +
include/net/netfilter/nf_conntrack_expect.h | 2 +-
include/net/netfilter/nf_conntrack_timeout.h | 20 +
include/net/netfilter/nf_nat.h | 6 +-
include/net/netfilter/nf_nat_core.h | 5 +-
include/net/netfilter/nf_nat_helper.h | 11 +-
include/net/netfilter/nf_nat_l3proto.h | 52 ++
include/net/netfilter/nf_nat_l4proto.h | 72 ++
include/net/netfilter/nf_nat_protocol.h | 67 --
include/net/netfilter/nf_nat_rule.h | 15 -
include/net/netns/conntrack.h | 4 +
include/net/netns/ipv4.h | 2 -
include/net/netns/ipv6.h | 1 +
net/core/secure_seq.c | 1 +
net/core/utils.c | 20 +
net/ipv4/netfilter.c | 41 +-
net/ipv4/netfilter/Kconfig | 69 +-
net/ipv4/netfilter/Makefile | 16 +-
net/ipv4/netfilter/ipt_MASQUERADE.c | 18 +-
net/ipv4/netfilter/ipt_NETMAP.c | 15 +-
net/ipv4/netfilter/ipt_REDIRECT.c | 15 +-
net/ipv4/netfilter/iptable_nat.c | 320 +++++++++
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 8 +-
net/ipv4/netfilter/nf_nat_amanda.c | 85 ---
net/ipv4/netfilter/nf_nat_core.c | 763 ---------------------
net/ipv4/netfilter/nf_nat_ftp.c | 137 ----
net/ipv4/netfilter/nf_nat_h323.c | 71 +-
net/ipv4/netfilter/nf_nat_helper.c | 458 -------------
net/ipv4/netfilter/nf_nat_irc.c | 99 ---
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 281 ++++++++
net/ipv4/netfilter/nf_nat_pptp.c | 21 +-
net/ipv4/netfilter/nf_nat_proto_common.c | 114 ----
net/ipv4/netfilter/nf_nat_proto_dccp.c | 106 ---
net/ipv4/netfilter/nf_nat_proto_gre.c | 30 +-
net/ipv4/netfilter/nf_nat_proto_icmp.c | 24 +-
net/ipv4/netfilter/nf_nat_proto_sctp.c | 96 ---
net/ipv4/netfilter/nf_nat_proto_tcp.c | 91 ---
net/ipv4/netfilter/nf_nat_proto_udp.c | 82 ---
net/ipv4/netfilter/nf_nat_proto_udplite.c | 98 ---
net/ipv4/netfilter/nf_nat_proto_unknown.c | 52 --
net/ipv4/netfilter/nf_nat_rule.c | 214 ------
net/ipv4/netfilter/nf_nat_sip.c | 569 ----------------
net/ipv4/netfilter/nf_nat_standalone.c | 326 ---------
net/ipv4/netfilter/nf_nat_tftp.c | 51 --
net/ipv6/addrconf.c | 2 +-
net/ipv6/ip6_output.c | 7 +-
net/ipv6/netfilter.c | 8 +
net/ipv6/netfilter/Kconfig | 54 ++
net/ipv6/netfilter/Makefile | 8 +
net/ipv6/netfilter/ip6t_MASQUERADE.c | 135 ++++
net/ipv6/netfilter/ip6t_NETMAP.c | 94 +++
net/ipv6/netfilter/ip6t_NPT.c | 165 +++++
net/ipv6/netfilter/ip6t_REDIRECT.c | 98 +++
net/ipv6/netfilter/ip6table_nat.c | 321 +++++++++
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 137 ++--
net/ipv6/netfilter/nf_conntrack_reasm.c | 19 +-
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 287 ++++++++
net/ipv6/netfilter/nf_nat_proto_icmpv6.c | 90 +++
net/netfilter/Kconfig | 62 +-
net/netfilter/Makefile | 19 +-
net/netfilter/core.c | 25 +-
net/netfilter/ipvs/ip_vs_ftp.c | 1 +
net/netfilter/ipvs/ip_vs_xmit.c | 28 +-
net/netfilter/nf_conntrack_amanda.c | 5 +-
net/netfilter/nf_conntrack_core.c | 13 +-
net/netfilter/nf_conntrack_ftp.c | 3 +-
net/netfilter/nf_conntrack_h323_main.c | 232 ++++---
net/netfilter/nf_conntrack_irc.c | 3 +-
net/netfilter/nf_conntrack_netlink.c | 35 +-
net/netfilter/nf_conntrack_pptp.c | 18 +-
net/netfilter/nf_conntrack_proto_tcp.c | 8 +-
net/netfilter/nf_conntrack_sip.c | 143 ++--
net/netfilter/nf_internals.h | 4 +-
net/netfilter/nf_nat_amanda.c | 85 +++
net/netfilter/nf_nat_core.c | 856 ++++++++++++++++++++++++
net/netfilter/nf_nat_ftp.c | 143 ++++
net/netfilter/nf_nat_helper.c | 435 ++++++++++++
net/netfilter/nf_nat_irc.c | 93 +++
net/netfilter/nf_nat_proto_common.c | 112 ++++
net/netfilter/nf_nat_proto_dccp.c | 116 ++++
net/netfilter/nf_nat_proto_sctp.c | 103 +++
net/netfilter/nf_nat_proto_tcp.c | 85 +++
net/netfilter/nf_nat_proto_udp.c | 76 +++
net/netfilter/nf_nat_proto_udplite.c | 106 +++
net/netfilter/nf_nat_proto_unknown.c | 54 ++
net/netfilter/nf_nat_sip.c | 609 +++++++++++++++++
net/netfilter/nf_nat_tftp.c | 50 ++
net/netfilter/nf_queue.c | 10 +-
net/netfilter/xt_CT.c | 262 ++++----
net/netfilter/xt_NOTRACK.c | 53 --
net/netfilter/xt_nat.c | 170 +++++
net/netfilter/xt_socket.c | 12 +-
134 files changed, 5959 insertions(+), 4173 deletions(-)
create mode 100644 include/linux/netfilter_ipv6/ip6t_NPT.h
create mode 100644 include/net/netfilter/nf_nat_l3proto.h
create mode 100644 include/net/netfilter/nf_nat_l4proto.h
delete mode 100644 include/net/netfilter/nf_nat_protocol.h
delete mode 100644 include/net/netfilter/nf_nat_rule.h
create mode 100644 net/ipv4/netfilter/iptable_nat.c
delete mode 100644 net/ipv4/netfilter/nf_nat_amanda.c
delete mode 100644 net/ipv4/netfilter/nf_nat_core.c
delete mode 100644 net/ipv4/netfilter/nf_nat_ftp.c
delete mode 100644 net/ipv4/netfilter/nf_nat_helper.c
delete mode 100644 net/ipv4/netfilter/nf_nat_irc.c
create mode 100644 net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
delete mode 100644 net/ipv4/netfilter/nf_nat_proto_common.c
delete mode 100644 net/ipv4/netfilter/nf_nat_proto_dccp.c
delete mode 100644 net/ipv4/netfilter/nf_nat_proto_sctp.c
delete mode 100644 net/ipv4/netfilter/nf_nat_proto_tcp.c
delete mode 100644 net/ipv4/netfilter/nf_nat_proto_udp.c
delete mode 100644 net/ipv4/netfilter/nf_nat_proto_udplite.c
delete mode 100644 net/ipv4/netfilter/nf_nat_proto_unknown.c
delete mode 100644 net/ipv4/netfilter/nf_nat_rule.c
delete mode 100644 net/ipv4/netfilter/nf_nat_sip.c
delete mode 100644 net/ipv4/netfilter/nf_nat_standalone.c
delete mode 100644 net/ipv4/netfilter/nf_nat_tftp.c
create mode 100644 net/ipv6/netfilter/ip6t_MASQUERADE.c
create mode 100644 net/ipv6/netfilter/ip6t_NETMAP.c
create mode 100644 net/ipv6/netfilter/ip6t_NPT.c
create mode 100644 net/ipv6/netfilter/ip6t_REDIRECT.c
create mode 100644 net/ipv6/netfilter/ip6table_nat.c
create mode 100644 net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
create mode 100644 net/ipv6/netfilter/nf_nat_proto_icmpv6.c
create mode 100644 net/netfilter/nf_nat_amanda.c
create mode 100644 net/netfilter/nf_nat_core.c
create mode 100644 net/netfilter/nf_nat_ftp.c
create mode 100644 net/netfilter/nf_nat_helper.c
create mode 100644 net/netfilter/nf_nat_irc.c
create mode 100644 net/netfilter/nf_nat_proto_common.c
create mode 100644 net/netfilter/nf_nat_proto_dccp.c
create mode 100644 net/netfilter/nf_nat_proto_sctp.c
create mode 100644 net/netfilter/nf_nat_proto_tcp.c
create mode 100644 net/netfilter/nf_nat_proto_udp.c
create mode 100644 net/netfilter/nf_nat_proto_udplite.c
create mode 100644 net/netfilter/nf_nat_proto_unknown.c
create mode 100644 net/netfilter/nf_nat_sip.c
create mode 100644 net/netfilter/nf_nat_tftp.c
delete mode 100644 net/netfilter/xt_NOTRACK.c
create mode 100644 net/netfilter/xt_nat.c
--
1.7.10.4
next reply other threads:[~2012-09-03 23:53 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-03 23:53 pablo [this message]
2012-09-03 23:53 ` [PATCH 01/25] ipvs: IPv6 MTU checking cleanup and bugfix pablo
2012-09-03 23:53 ` [PATCH 02/25] netfilter: nf_conntrack_ipv6: improve fragmentation handling pablo
2012-09-03 23:53 ` [PATCH 03/25] netfilter: nf_conntrack_ipv6: fix tracking of ICMPv6 error messages containing fragments pablo
2012-09-03 23:53 ` [PATCH 04/25] netfilter: nf_conntrack: restrict NAT helper invocation to IPv4 pablo
2012-09-03 23:53 ` [PATCH 05/25] netfilter: nf_nat: add protoff argument to packet mangling functions pablo
2012-09-03 23:53 ` [PATCH 06/25] netfilter: add protocol independent NAT core pablo
2012-09-03 23:53 ` [PATCH 07/25] netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change pablo
2012-09-03 23:53 ` [PATCH 08/25] net: core: add function for incremental IPv6 pseudo header checksum updates pablo
2012-09-03 23:53 ` [PATCH 09/25] netfilter: ipv6: add IPv6 NAT support pablo
2012-09-03 23:53 ` [PATCH 10/25] netfilter: ip6tables: add MASQUERADE target pablo
2012-09-03 23:53 ` [PATCH 11/25] netfilter: ip6tables: add REDIRECT target pablo
2012-09-03 23:53 ` [PATCH 12/25] netfilter: ip6tables: add NETMAP target pablo
2012-09-03 23:54 ` [PATCH 13/25] netfilter: nf_nat: support IPv6 in FTP NAT helper pablo
2012-09-03 23:54 ` [PATCH 14/25] netfilter: nf_nat: support IPv6 in amanda " pablo
2012-09-03 23:54 ` [PATCH 15/25] netfilter: nf_nat: support IPv6 in SIP " pablo
2012-09-04 23:14 ` Eric W. Biederman
2012-09-03 23:54 ` [PATCH 16/25] netfilter: nf_nat: support IPv6 in IRC " pablo
2012-09-03 23:54 ` [PATCH 17/25] netfilter: nf_nat: support IPv6 in TFTP " pablo
2012-09-03 23:54 ` [PATCH 18/25] netfilter: ip6tables: add stateless IPv6-to-IPv6 Network Prefix Translation target pablo
2012-09-03 23:54 ` [PATCH 19/25] netfilter: xt_socket: fix compilation warnings with gcc 4.7 pablo
2012-09-03 23:54 ` [PATCH 20/25] netfilter: xt_CT: refactorize xt_ct_tg_check pablo
2012-09-03 23:54 ` [PATCH 21/25] netfilter: nf_conntrack: add nf_ct_timeout_lookup pablo
2012-09-03 23:54 ` [PATCH 22/25] netfilter: remove xt_NOTRACK pablo
2012-09-03 23:54 ` [PATCH 23/25] netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_iterate() pablo
2012-09-03 23:54 ` [PATCH 24/25] netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue() pablo
2012-09-03 23:54 ` [PATCH 25/25] netfilter: properly annotate ipv4_netfilter_{init,fini}() pablo
2012-09-04 0:39 ` [PATCH 00/25] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1346716452-3080-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).