From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/12] Netfilter updates for net-next
Date: Mon, 9 Mar 2015 18:14:23 +0100 [thread overview]
Message-ID: <1425921275-9171-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter updates for your net-next
tree. Basically, improvements for the packet rejection infrastructure,
deprecation of CLUSTERIP, cleanups for nf_tables and some untangling for
br_netfilter. More specifically they are:
1) Send packet to reset flow if checksum is valid, from Florian Westphal.
2) Fix nf_tables reject bridge from the input chain, also from Florian.
3) Deprecate the CLUSTERIP target, the cluster match supersedes it in
functionality and it's known to have problems.
4) A couple of cleanups for nf_tables rule tracing infrastructure, from
Patrick McHardy.
5) Another cleanup to place transaction declarations at the bottom of
nf_tables.h, also from Patrick.
6) Consolidate Kconfig dependencies wrt. NF_TABLES.
7) Limit table names to 32 bytes in nf_tables.
8) mac header copying in bridge netfilter is already required when
calling ip_fragment(), from Florian Westphal.
9) move nf_bridge_update_protocol() to br_netfilter.c, also from
Florian.
10) Small refactor in br_netfilter in the transmission path, again from
Florian.
11) Move br_nf_pre_routing_finish_bridge_slow() to br_netfilter.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
And I'd appreciate if you can pull net into net-next, Patrick has some
pending changes that require patches already your net tree.
Thanks a lot!
----------------------------------------------------------------
The following changes since commit b898441f4ece44933af90b116b467f7864dd1ae7:
Merge branch 'neigh_cleanups' (2015-03-02 16:43:46 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
for you to fetch changes up to e5de75bf88858f5b3ab11e2504b86ec059f03102:
netfilter: bridge: move DNAT helper to br_netfilter (2015-03-09 17:56:07 +0100)
----------------------------------------------------------------
Florian Westphal (5):
netfilter: reject: don't send icmp error if csum is invalid
netfilter: bridge: rework reject handling
bridge: move mac header copying into br_netfilter
netfilter: bridge: move nf_bridge_update_protocol to where its used
netfilter: bridge: refactor conditional in br_nf_dev_queue_xmit
Pablo Neira Ayuso (4):
netfilter: ipt_CLUSTERIP: deprecate it in favour of xt_cluster
netfilter: nf_tables: consolidate Kconfig options
netfilter: nf_tables: limit maximum table name length to 32 bytes
netfilter: bridge: move DNAT helper to br_netfilter
Patrick McHardy (3):
netfilter: nf_tables: minor tracing cleanups
netfilter: nf_tables: consolidate tracing invocations
netfilter: nf_tables: cleanup nf_tables.h
include/linux/netfilter_bridge.h | 51 ---------
include/net/netfilter/ipv4/nf_reject.h | 6 +-
include/net/netfilter/ipv6/nf_reject.h | 11 +-
include/net/netfilter/nf_tables.h | 176 +++++++++++++++---------------
include/net/netns/x_tables.h | 1 +
include/uapi/linux/netfilter/nf_tables.h | 1 +
net/bridge/br_device.c | 5 +-
net/bridge/br_forward.c | 4 +-
net/bridge/br_netfilter.c | 78 ++++++++++++-
net/bridge/br_private.h | 5 +
net/bridge/netfilter/nft_reject_bridge.c | 84 +++++++++++---
net/ipv4/netfilter/Kconfig | 38 ++++---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 7 ++
net/ipv4/netfilter/ipt_REJECT.c | 17 +--
net/ipv4/netfilter/nf_reject_ipv4.c | 23 ++++
net/ipv4/netfilter/nft_reject_ipv4.c | 3 +-
net/ipv6/netfilter/Kconfig | 18 +--
net/ipv6/netfilter/nf_reject_ipv6.c | 35 ++++++
net/netfilter/Kconfig | 20 +---
net/netfilter/nf_tables_api.c | 7 +-
net/netfilter/nf_tables_core.c | 105 +++++++++---------
net/netfilter/nft_reject_inet.c | 6 +-
22 files changed, 412 insertions(+), 289 deletions(-)
next reply other threads:[~2015-03-09 17:10 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-09 17:14 Pablo Neira Ayuso [this message]
2015-03-09 17:14 ` [PATCH 01/12] netfilter: reject: don't send icmp error if csum is invalid Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 02/12] netfilter: bridge: rework reject handling Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 03/12] netfilter: ipt_CLUSTERIP: deprecate it in favour of xt_cluster Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 04/12] netfilter: nf_tables: minor tracing cleanups Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 05/12] netfilter: nf_tables: consolidate tracing invocations Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 06/12] netfilter: nf_tables: cleanup nf_tables.h Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 07/12] netfilter: nf_tables: consolidate Kconfig options Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 08/12] netfilter: nf_tables: limit maximum table name length to 32 bytes Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 09/12] bridge: move mac header copying into br_netfilter Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 10/12] netfilter: bridge: move nf_bridge_update_protocol to where its used Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 11/12] netfilter: bridge: refactor conditional in br_nf_dev_queue_xmit Pablo Neira Ayuso
2015-03-09 17:14 ` [PATCH 12/12] netfilter: bridge: move DNAT helper to br_netfilter Pablo Neira Ayuso
2015-03-10 5:28 ` Simon Horman
2015-03-10 9:41 ` Pablo Neira Ayuso
2015-03-09 19:59 ` [PATCH 00/12] Netfilter updates for net-next David Miller
-- strict thread matches above, loose matches on Subject: below --
2019-05-05 23:32 Pablo Neira Ayuso
2019-05-06 4:35 ` David Miller
2016-11-01 21:26 Pablo Neira Ayuso
2016-11-02 18:59 ` David Miller
2015-06-19 17:17 Pablo Neira Ayuso
2015-06-20 22:40 ` David Miller
2014-12-03 12:55 Pablo Neira Ayuso
2014-12-06 4:58 ` David Miller
2014-01-05 23:12 [PATCH 00/12] netfilter " Pablo Neira Ayuso
2013-06-30 23:54 Pablo Neira Ayuso
2013-07-01 0:35 ` David Miller
2013-03-25 12:15 [PATCH 00/12] Netfilter " pablo
2013-03-25 16:13 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1425921275-9171-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).