From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/21] Netfilter updates for net-next
Date: Mon, 18 May 2015 18:25:03 +0200 [thread overview]
Message-ID: <1431966324-4494-1-git-send-email-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter updates for net-next. Briefly
speaking, cleanups and minor fixes for ipset from Jozsef Kadlecsik and
Serget Popovich, more incremental updates to make br_netfilter a better
place from Florian Westphal, ARP support to the x_tables mark match /
target from and context Zhang Chunyu and the addition of context to know
that the x_tables runs through nft_compat. More specifically, they are:
1) Fix sparse warning in ipset/ip_set_hash_ipmark.c when fetching the
IPSET_ATTR_MARK netlink attribute, from Jozsef Kadlecsik.
2) Rename STREQ macro to STRNCMP in ipset, also from Jozsef.
3) Use skb->network_header to calculate the transport offset in
ip_set_get_ip{4,6}_port(). From Alexander Drozdov.
4) Reduce memory consumption per element due to size miscalculation,
this patch and follow up patches from Sergey Popovich.
5) Expand nomatch field from 1 bit to 8 bits to allow to simplify
mtype_data_reset_flags(), also from Sergey.
6) Small clean for ipset macro trickery.
7) Fix error reporting when both ip_set_get_hostipaddr4() and
ip_set_get_extensions() from per-set uadt functions.
8) Simplify IPSET_ATTR_PORT netlink attribute validation.
9) Introduce HOST_MASK instead of hardcoded 32 in ipset.
10) Return true/false instead of 0/1 in functions that return boolean
in the ipset code.
11) Validate maximum length of the IPSET_ATTR_COMMENT netlink attribute.
12) Allow to dereference from ext_*() ipset macros.
13) Get rid of incorrect definitions of HKEY_DATALEN.
14) Include linux/netfilter/ipset/ip_set.h in the x_tables set match.
15) Reduce nf_bridge_info size in br_netfilter, from Florian Westphal.
16) Release nf_bridge_info after POSTROUTING since this is only needed
from the physdev match, also from Florian.
17) Reduce size of ipset code by deinlining ip_set_put_extensions(),
from Denys Vlasenko.
18) Oneliner to add ARP support to the x_tables mark match/target, from
Zhang Chunyu.
19) Add context to know if the x_tables extension runs from nft_compat,
to address minor problems with three existing extensions.
20) Correct return value in several seqfile *_show() functions in the
netfilter tree, from Joe Perches.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks!
----------------------------------------------------------------
The following changes since commit 9449c3cd90472141cf081af88181a56163ff7132:
net: make skb_dst_pop routine static (2015-05-12 23:19:49 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
for you to fetch changes up to 861fb1078fd4ea09b442987b3e20fced0f15eb92:
netfilter: Use correct return for seq_show functions (2015-05-17 17:25:35 +0200)
----------------------------------------------------------------
Alexander Drozdov (1):
netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset
Denys Vlasenko (1):
netfilter: ipset: deinline ip_set_put_extensions()
Florian Westphal (2):
netfilter: bridge: neigh_head and physoutdev can't be used at same time
netfilter: bridge: free nf_bridge info on xmit
Joe Perches (1):
netfilter: Use correct return for seq_show functions
Jozsef Kadlecsik (3):
netfilter: ipset: Fix sparse warning
netfilter: ipset: Give a better name to a macro in ip_set_core.c
netfilter: ipset: Use better include files in xt_set.c
Pablo Neira Ayuso (1):
netfilter: x_tables: add context to know if extension runs from nft_compat
Sergey Popovich (11):
netfilter: ipset: Properly calculate extensions offsets and total length
netfilter: ipset: No need to make nomatch bitfield
netfilter: ipset: Preprocessor directices cleanup
netfilter: ipset: Return ipset error instead of bool
netfilter: ipset: Check IPSET_ATTR_PORT only once
netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len
netfilter: ipset: Return bool values instead of int
netfilter: ipset: Check for comment netlink attribute length
netfilter: ipset: Fix ext_*() macros
netfilter: ipset: Fix hashing for ipv6 sets
netfilter: ipset: Improve preprocessor macros checks
Zhang Chunyu (1):
netfilter: xt_MARK: Add ARP support
include/linux/netfilter/ipset/ip_set.h | 32 +++-------------
include/linux/netfilter/x_tables.h | 2 +
include/linux/skbuff.h | 8 ++--
net/bridge/br_netfilter.c | 19 +++++++++-
net/bridge/netfilter/ebt_stp.c | 6 ++-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 5 +++
net/netfilter/ipset/ip_set_bitmap_ip.c | 17 ++++++---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 13 +++++--
net/netfilter/ipset/ip_set_bitmap_port.c | 3 +-
net/netfilter/ipset/ip_set_core.c | 49 ++++++++++++++++++------
net/netfilter/ipset/ip_set_getport.c | 6 ++-
net/netfilter/ipset/ip_set_hash_gen.h | 22 +++++++++--
net/netfilter/ipset/ip_set_hash_ip.c | 33 ++++++++--------
net/netfilter/ipset/ip_set_hash_ipmark.c | 43 ++++++++++-----------
net/netfilter/ipset/ip_set_hash_ipport.c | 49 +++++++++++-------------
net/netfilter/ipset/ip_set_hash_ipportip.c | 40 ++++++++++----------
net/netfilter/ipset/ip_set_hash_ipportnet.c | 40 ++++++++++----------
net/netfilter/ipset/ip_set_hash_mac.c | 11 ++++--
net/netfilter/ipset/ip_set_hash_net.c | 28 ++++++++------
net/netfilter/ipset/ip_set_hash_netiface.c | 29 +++++++-------
net/netfilter/ipset/ip_set_hash_netnet.c | 30 ++++++++++-----
net/netfilter/ipset/ip_set_hash_netport.c | 38 +++++++++----------
net/netfilter/ipset/ip_set_hash_netportnet.c | 52 ++++++++++++++------------
net/netfilter/ipset/ip_set_list_set.c | 3 +-
net/netfilter/nfnetlink_queue_core.c | 2 +-
net/netfilter/nft_compat.c | 2 +
net/netfilter/x_tables.c | 18 +++------
net/netfilter/xt_TCPMSS.c | 6 +++
net/netfilter/xt_mark.c | 1 +
net/netfilter/xt_set.c | 3 +-
30 files changed, 346 insertions(+), 264 deletions(-)
next reply other threads:[~2015-05-18 16:20 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-18 16:25 Pablo Neira Ayuso [this message]
2015-05-18 16:25 ` [PATCH 01/21] netfilter: ipset: Fix sparse warning Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 02/21] netfilter: ipset: Give a better name to a macro in ip_set_core.c Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 03/21] netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 04/21] netfilter: ipset: Properly calculate extensions offsets and total length Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 05/21] netfilter: ipset: No need to make nomatch bitfield Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 06/21] netfilter: ipset: Preprocessor directices cleanup Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 07/21] netfilter: ipset: Return ipset error instead of bool Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 08/21] netfilter: ipset: Check IPSET_ATTR_PORT only once Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 09/21] netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 10/21] netfilter: ipset: Return bool values instead of int Pablo Neira Ayuso
2015-05-18 16:31 ` Joe Perches
2015-05-18 16:52 ` Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 11/21] netfilter: ipset: Check for comment netlink attribute length Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 12/21] netfilter: ipset: Fix ext_*() macros Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 13/21] netfilter: ipset: Fix hashing for ipv6 sets Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 14/21] netfilter: ipset: Improve preprocessor macros checks Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 15/21] netfilter: ipset: Use better include files in xt_set.c Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 16/21] netfilter: bridge: neigh_head and physoutdev can't be used at same time Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 17/21] netfilter: bridge: free nf_bridge info on xmit Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 18/21] netfilter: ipset: deinline ip_set_put_extensions() Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 19/21] netfilter: xt_MARK: Add ARP support Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 20/21] netfilter: x_tables: add context to know if extension runs from nft_compat Pablo Neira Ayuso
2015-05-18 16:25 ` [PATCH 21/21] netfilter: Use correct return for seq_show functions Pablo Neira Ayuso
2015-05-18 18:48 ` [PATCH 00/21] Netfilter updates for net-next David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-01-18 20:13 Pablo Neira Ayuso
2020-01-19 9:33 ` David Miller
2018-08-05 21:21 Pablo Neira Ayuso
2018-08-06 0:06 ` David Miller
2017-02-12 19:42 Pablo Neira Ayuso
2017-02-13 3:12 ` David Miller
2015-04-13 19:29 Pablo Neira Ayuso
2015-04-14 2:18 ` David Miller
2013-01-25 13:54 [PATCH 00/21] netfilter " pablo
2013-01-27 5:56 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431966324-4494-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).