From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/35] Netfilter/IPVS updates for net-next
Date: Sat, 17 Oct 2015 13:32:35 +0200 [thread overview]
Message-ID: <1445081590-2924-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter/IPVS updates for your net-next
tree. Most relevantly, updates for the nfnetlink_log to integrate with
conntrack, fixes for cttimeout and improvements for nf_queue core, they are:
1) Remove useless ifdef around static inline function in IPVS, from
Eric W. Biederman.
2) Simplify the conntrack support for nfnetlink_queue: Merge
nfnetlink_queue_ct.c file into nfnetlink_queue_core.c, then rename it back
to nfnetlink_queue.c
3) Use y2038 safe timestamp from nfnetlink_queue.
4) Get rid of dead function definition in nf_conntrack, from Flavio
Leitner.
5) Attach conntrack support for nfnetlink_log.c, from Ken-ichirou MATSUZAWA.
This adds a new NETFILTER_NETLINK_GLUE_CT Kconfig switch that
controls enabling both nfqueue and nflog integration with conntrack.
The userspace application can request this via NFULNL_CFG_F_CONNTRACK
configuration flag.
6) Remove unused netns variables in IPVS, from Eric W. Biederman and
Simon Horman.
7) Put back the refcount on the cttimeout object from xt_CT.
8) Fix crash on cttimeout policy object removal. We have to flush out
the cttimeout extension area of the conntrack not to refer to an unexisting
object that was just removed.
9) Make sure rcu_callback completion before removing nfnetlink_cttimeout
module removal.
10) Fix compilation warning in br_netfilter when no nf_defrag_ipv4 and
nf_defrag_ipv6 are enabled. Patch from Arnd Bergmann.
11) Autoload ctnetlink dependencies when NFULNL_CFG_F_CONNTRACK is
requested. Again from Ken-ichirou MATSUZAWA.
12) Don't use pointer to previous hook when reinjecting traffic via
nf_queue with NF_REPEAT verdict since it may be already gone. This
also avoids a deadloop if the userspace application keeps returning
NF_REPEAT.
13) A bunch of cleanups for netfilter IPv4 and IPv6 code from Ian Morris.
14) Consolidate logger instance existence check in nfulnl_recv_config().
15) Fix broken atomicity when applying configuration updates to logger
instances in nfnetlink_log.
16) Get rid of the .owner attribute in our hook object. We don't need
this anymore since we're dropping pending packets that have escaped
from the kernel when unremoving the hook. Patch from Florian Westphal.
17) Remove unnecessary rcu_read_lock() from nf_reinject code, we always
assume RCU read side lock from .call_rcu in nfnetlink. Also from Florian.
18) Use static inline function instead of macros to define NF_HOOK() and
NF_HOOK_COND() when no netfilter support in on, from Arnd Bergmann.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks!
----------------------------------------------------------------
The following changes since commit e96f78ab2703f3b0d512f6b469bc685d2ef20475:
tcp/dccp: add SLAB_DESTROY_BY_RCU flag for request sockets (2015-10-03 13:25:20 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to c8d71d08aa23679f56e7072358383442c6ede352:
netfilter: ipv4: whitespace around operators (2015-10-16 19:19:23 +0200)
----------------------------------------------------------------
Arnd Bergmann (2):
netfilter: bridge: avoid unused label warning
netfilter: turn NF_HOOK into an inline function
David Ahern (1):
ipvs: Remove possibly unused variable from ip_vs_out
Eric W. Biederman (1):
ipvs: Don't protect ip_vs_addr_is_unicast with CONFIG_SYSCTL
Flavio Leitner (1):
netfilter: remove dead code
Florian Westphal (4):
netfilter: nfqueue: don't use prev pointer
netfilter: remove hook owner refcounting
netfilter: make nf_queue_entry_get_refs return void
netfilter: nf_queue: remove rcu_read_lock calls
Ian Morris (12):
netfilter: ip6_tables: label placement
netfilter: ip6_tables: function definition layout
netfilter: ipv6: code indentation
netfilter: ipv6: whitespace around operators
netfilter: ip6_tables: ternary operator layout
netfilter: ip6_tables: improve if statements
netfilter: ipv6: pointer cast layout
netfilter: ipv4: label placement
netfilter: ipv4: ternary operator layout
netfilter: ipv4: function definition layout
netfilter: ipv4: code indentation
netfilter: ipv4: whitespace around operators
Ken-ichirou MATSUZAWA (5):
netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info
netfilter: Kconfig rename QUEUE_CT to GLUE_CT
netfilter: ctnetlink: add const qualifier to nfnl_hook.get_ct
netfilter: nfnetlink_log: allow to attach conntrack
netfilter: nfnetlink_log: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag
Pablo Neira (1):
netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity
Pablo Neira Ayuso (9):
netfilter: nfnetlink_queue: get rid of nfnetlink_queue_ct.c
netfilter: rename nfnetlink_queue_core.c to nfnetlink_queue.c
Merge tag 'ipvs3-for-v4.4' of https://git.kernel.org/.../horms/ipvs-next
netfilter: nfnetlink_queue: use y2038 safe timestamp
netfilter: xt_CT: don't put back reference to timeout policy object
netfilter: conntrack: fix crash on timeout object removal
nfnetlink_cttimeout: add rcu_barrier() on module removal
Merge tag 'ipvs4-for-v4.4' of https://git.kernel.org/.../horms/ipvs-next
netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config()
Simon Horman (1):
ipvs: Remove possibly unused variables from ip_vs_conn_net_{init,cleanup}
include/linux/netfilter.h | 36 +++++--
include/net/netfilter/nf_conntrack.h | 4 -
include/net/netfilter/nf_conntrack_timeout.h | 25 +++--
include/net/netfilter/nf_queue.h | 2 +-
include/net/netfilter/nfnetlink_queue.h | 51 ----------
include/uapi/linux/netfilter/nfnetlink_log.h | 3 +
net/bridge/br_netfilter_hooks.c | 23 +----
net/bridge/netfilter/ebtable_filter.c | 3 -
net/bridge/netfilter/ebtable_nat.c | 3 -
net/decnet/dn_route.c | 2 -
net/ipv4/netfilter/arp_tables.c | 12 +--
net/ipv4/netfilter/ip_tables.c | 20 ++--
net/ipv4/netfilter/ipt_CLUSTERIP.c | 8 +-
net/ipv4/netfilter/ipt_SYNPROXY.c | 4 +-
net/ipv4/netfilter/ipt_ah.c | 2 +-
net/ipv4/netfilter/iptable_nat.c | 4 -
net/ipv4/netfilter/iptable_security.c | 2 +-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 --
net/ipv4/netfilter/nf_defrag_ipv4.c | 2 -
net/ipv4/netfilter/nf_nat_snmp_basic.c | 2 +-
net/ipv6/netfilter/ip6_tables.c | 22 ++--
net/ipv6/netfilter/ip6t_SYNPROXY.c | 4 +-
net/ipv6/netfilter/ip6table_nat.c | 4 -
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 6 --
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 4 +-
net/ipv6/netfilter/nf_conntrack_reasm.c | 4 +-
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 2 -
net/ipv6/netfilter/nf_reject_ipv6.c | 4 +-
net/ipv6/netfilter/nft_chain_route_ipv6.c | 6 +-
net/netfilter/Kconfig | 15 +--
net/netfilter/Makefile | 2 -
net/netfilter/core.c | 11 +-
net/netfilter/ipvs/ip_vs_conn.c | 13 +--
net/netfilter/ipvs/ip_vs_core.c | 17 +---
net/netfilter/nf_conntrack_core.c | 12 ++-
net/netfilter/nf_conntrack_netlink.c | 98 +++++++++++++-----
net/netfilter/nf_queue.c | 38 ++-----
net/netfilter/nf_tables_api.c | 1 -
net/netfilter/nfnetlink_cttimeout.c | 34 +++++++
net/netfilter/nfnetlink_log.c | 83 +++++++++------
.../{nfnetlink_queue_core.c => nfnetlink_queue.c} | 70 +++++++++----
net/netfilter/nfnetlink_queue_ct.c | 113 ---------------------
net/netfilter/x_tables.c | 1 -
net/netfilter/xt_CT.c | 7 +-
security/selinux/hooks.c | 5 -
security/smack/smack_netfilter.c | 2 -
46 files changed, 348 insertions(+), 444 deletions(-)
delete mode 100644 include/net/netfilter/nfnetlink_queue.h
rename net/netfilter/{nfnetlink_queue_core.c => nfnetlink_queue.c} (95%)
delete mode 100644 net/netfilter/nfnetlink_queue_ct.c
next reply other threads:[~2015-10-17 11:26 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-17 11:32 Pablo Neira Ayuso [this message]
2015-10-17 11:32 ` [PATCH 01/35] ipvs: Don't protect ip_vs_addr_is_unicast with CONFIG_SYSCTL Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 02/35] netfilter: nfnetlink_queue: get rid of nfnetlink_queue_ct.c Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 03/35] netfilter: rename nfnetlink_queue_core.c to nfnetlink_queue.c Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 04/35] netfilter: nfnetlink_queue: use y2038 safe timestamp Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 05/35] netfilter: remove dead code Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 06/35] netfilter: nfnetlink_queue: rename related to nfqueue attaching conntrack info Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 07/35] netfilter: Kconfig rename QUEUE_CT to GLUE_CT Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 08/35] netfilter: ctnetlink: add const qualifier to nfnl_hook.get_ct Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 09/35] netfilter: nfnetlink_log: allow to attach conntrack Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 10/35] ipvs: Remove possibly unused variable from ip_vs_out Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 11/35] ipvs: Remove possibly unused variables from ip_vs_conn_net_{init,cleanup} Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 12/35] netfilter: xt_CT: don't put back reference to timeout policy object Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 13/35] netfilter: conntrack: fix crash on timeout object removal Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 14/35] nfnetlink_cttimeout: add rcu_barrier() on module removal Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 15/35] netfilter: bridge: avoid unused label warning Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 16/35] netfilter: nfnetlink_log: autoload nf_conntrack_netlink module NFQA_CFG_F_CONNTRACK config flag Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 17/35] netfilter: nfqueue: don't use prev pointer Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 18/35] netfilter: ip6_tables: label placement Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 19/35] netfilter: ip6_tables: function definition layout Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 20/35] netfilter: ipv6: code indentation Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 21/35] netfilter: ipv6: whitespace around operators Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 22/35] netfilter: ip6_tables: ternary operator layout Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 23/35] netfilter: ip6_tables: improve if statements Pablo Neira Ayuso
2015-10-17 11:32 ` [PATCH 24/35] netfilter: ipv6: pointer cast layout Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 25/35] netfilter: nfnetlink_log: consolidate check for instance in nfulnl_recv_config() Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 26/35] netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 27/35] netfilter: remove hook owner refcounting Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 28/35] netfilter: make nf_queue_entry_get_refs return void Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 29/35] netfilter: nf_queue: remove rcu_read_lock calls Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 30/35] netfilter: turn NF_HOOK into an inline function Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 31/35] netfilter: ipv4: label placement Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 32/35] netfilter: ipv4: ternary operator layout Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 33/35] netfilter: ipv4: function definition layout Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 34/35] netfilter: ipv4: code indentation Pablo Neira Ayuso
2015-10-17 11:33 ` [PATCH 35/35] netfilter: ipv4: whitespace around operators Pablo Neira Ayuso
2015-10-17 13:07 ` [PATCH 00/35] Netfilter/IPVS updates for net-next David Miller
2015-10-17 13:38 ` Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2015-10-17 13:48 Pablo Neira Ayuso
2015-10-19 6:05 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1445081590-2924-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).