From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/21] Netfilter updates for net-next
Date: Sun, 12 Feb 2017 20:42:32 +0100 [thread overview]
Message-ID: <1486928573-24773-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter updates for your net-next
tree, most relevantly they are:
1) Extend nft_exthdr to allow to match TCP options bitfields, from
Manuel Messner.
2) Allow to check if IPv6 extension header is present in nf_tables,
from Phil Sutter.
3) Allow to set and match conntrack zone in nf_tables, patches from
Florian Westphal.
4) Several patches for the nf_tables set infrastructure, this includes
cleanup and preparatory patches to add the new bitmap set type.
5) Add optional ruleset generation ID check to nf_tables and allow to
delete rules that got no public handle yet via NFTA_RULE_ID. These
patches add the missing kernel infrastructure to support rule
deletion by description from userspace.
6) Missing NFT_SET_OBJECT flag to select the right backend when sets
stores an object map.
7) A couple of cleanups for the expectation and SIP helper, from Gao
feng.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks!
----------------------------------------------------------------
The following changes since commit 6e7bc478c9a006c701c14476ec9d389a484b4864:
net: skb_needs_check() accepts CHECKSUM_NONE for tx (2017-02-03 17:33:01 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 7286ff7fde9f963736c7e575572899d8e16b06b7:
netfilter: nf_tables: honor NFT_SET_OBJECT in set backend selection (2017-02-12 14:45:14 +0100)
----------------------------------------------------------------
Florian Westphal (3):
netfilter: nft_ct: add zone id get support
netfilter: nft_ct: prepare for key-dependent error unwind
netfilter: nft_ct: add zone id set support
Gao Feng (2):
netfilter: nf_ct_sip: Use mod_timer_pending()
netfilter: nf_ct_expect: nf_ct_expect_insert() returns void
Manuel Messner (1):
netfilter: nft_exthdr: add TCP option matching
Pablo Neira Ayuso (14):
netfilter: nf_tables: pass netns to set->ops->remove()
netfilter: nf_tables: use struct nft_set_iter in set element flush
netfilter: nf_tables: rename deactivate_one() to flush()
netfilter: nf_tables: add flush field to struct nft_set_iter
netfilter: nf_tables: rename struct nft_set_estimate class field
netfilter: nf_tables: add space notation to sets
netfilter: nf_tables: add bitmap set type
netfilter: nfnetlink: get rid of u_intX_t types
netfilter: nfnetlink: add nfnetlink_rcv_skb_batch()
netfilter: nfnetlink: allow to check for generation ID
netfilter: nf_tables: add check_genid to the nfnetlink subsystem
netfilter: nf_tables: add NFTA_RULE_ID attribute
netfilter: update MAINTAINERS
netfilter: nf_tables: honor NFT_SET_OBJECT in set backend selection
Phil Sutter (1):
netfilter: nft_exthdr: Add support for existence check
MAINTAINERS | 3 +-
include/linux/netfilter/nfnetlink.h | 1 +
include/net/netfilter/nf_tables.h | 21 ++-
include/uapi/linux/netfilter/nf_tables.h | 27 ++-
include/uapi/linux/netfilter/nfnetlink.h | 12 ++
net/netfilter/Kconfig | 10 +-
net/netfilter/Makefile | 1 +
net/netfilter/nf_conntrack_expect.c | 8 +-
net/netfilter/nf_conntrack_sip.c | 12 +-
net/netfilter/nf_tables_api.c | 89 ++++++---
net/netfilter/nfnetlink.c | 90 ++++++---
net/netfilter/nft_ct.c | 195 +++++++++++++++++--
net/netfilter/nft_exthdr.c | 139 ++++++++++++--
net/netfilter/nft_set_bitmap.c | 314 +++++++++++++++++++++++++++++++
net/netfilter/nft_set_hash.c | 16 +-
net/netfilter/nft_set_rbtree.c | 16 +-
16 files changed, 832 insertions(+), 122 deletions(-)
create mode 100644 net/netfilter/nft_set_bitmap.c
next reply other threads:[~2017-02-12 19:42 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-12 19:42 Pablo Neira Ayuso [this message]
2017-02-12 19:42 ` [PATCH 01/21] netfilter: nft_exthdr: Add support for existence check Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 02/21] netfilter: nf_tables: pass netns to set->ops->remove() Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 03/21] netfilter: nf_tables: use struct nft_set_iter in set element flush Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 04/21] netfilter: nf_tables: rename deactivate_one() to flush() Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 05/21] netfilter: nf_tables: add flush field to struct nft_set_iter Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 06/21] netfilter: nf_tables: rename struct nft_set_estimate class field Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 07/21] netfilter: nf_tables: add space notation to sets Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 08/21] netfilter: nf_tables: add bitmap set type Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 09/21] netfilter: nft_ct: add zone id get support Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 10/21] netfilter: nft_ct: prepare for key-dependent error unwind Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 11/21] netfilter: nft_ct: add zone id set support Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 12/21] netfilter: nft_exthdr: add TCP option matching Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 13/21] netfilter: nf_ct_sip: Use mod_timer_pending() Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 14/21] netfilter: nf_ct_expect: nf_ct_expect_insert() returns void Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 15/21] netfilter: nfnetlink: get rid of u_intX_t types Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 16/21] netfilter: nfnetlink: add nfnetlink_rcv_skb_batch() Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 17/21] netfilter: nfnetlink: allow to check for generation ID Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 18/21] netfilter: nf_tables: add check_genid to the nfnetlink subsystem Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 19/21] netfilter: nf_tables: add NFTA_RULE_ID attribute Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 20/21] netfilter: update MAINTAINERS Pablo Neira Ayuso
2017-02-12 19:42 ` [PATCH 21/21] netfilter: nf_tables: honor NFT_SET_OBJECT in set backend selection Pablo Neira Ayuso
2017-02-13 3:12 ` [PATCH 00/21] Netfilter updates for net-next David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-01-18 20:13 Pablo Neira Ayuso
2020-01-19 9:33 ` David Miller
2018-08-05 21:21 Pablo Neira Ayuso
2018-08-06 0:06 ` David Miller
2015-05-18 16:25 Pablo Neira Ayuso
2015-05-18 18:48 ` David Miller
2015-04-13 19:29 Pablo Neira Ayuso
2015-04-14 2:18 ` David Miller
2013-01-25 13:54 [PATCH 00/21] netfilter " pablo
2013-01-27 5:56 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1486928573-24773-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).