From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 00/31: netfilter 2.6.32 update
Date: Thu, 10 Sep 2009 18:11:46 +0200 (MEST) [thread overview]
Message-ID: <20090910161142.31179.5256.sendpatchset@x2.localnet> (raw)
Hi Dave,
following is my netfilter update for 2.6.32, containing:
- the scheduled removal of old x_tables match and target revisions from Jan
- the scheduled removal of old redirecting ip_tables header files from Jan
- x_tables cleanups and smaller improvements from Jan
- SCTP support for SO_ORIGINAL_DST from Rafael Laufer
- handling of ICMPv6 messages in IPVS from Julius Volz
- a patch to log packets dropped by conntrack helpers from myself
- patches to constify netlink message attributes in netfilter from myself
- a fix for bridge netfilter in_device refcount leaks from Eric
- a fix for conntrack cleanup in non-init namespaces from Alexey
- a fix for an ebt_ulog inverted return value from myself
- a fix for atomic operations in IPVS from Simon
- a fix for a read outside array bounds in ip6t_eui from myself
- a fix for inverted logic for persistent NAT mappings from Maximilian Engelhardt
Most of the fixes are for regressions, I'll pass all those on to -stable
once the patches hit mainline.
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6.git master
Thanks!
Documentation/feature-removal-schedule.txt | 25 ----
include/linux/netfilter/nfnetlink.h | 3 +-
include/linux/netfilter/x_tables.h | 4 +-
include/linux/netfilter/xt_CONNMARK.h | 6 -
include/linux/netfilter/xt_MARK.h | 17 ---
include/linux/netfilter/xt_connmark.h | 5 -
include/linux/netfilter/xt_conntrack.h | 36 -----
include/linux/netfilter/xt_mark.h | 5 -
include/linux/netfilter_arp/arp_tables.h | 2 +-
include/linux/netfilter_bridge/ebtables.h | 2 +-
include/linux/netfilter_ipv4/Kbuild | 32 -----
include/linux/netfilter_ipv4/ip_tables.h | 2 +-
include/linux/netfilter_ipv4/ipt_CLASSIFY.h | 7 -
include/linux/netfilter_ipv4/ipt_CONNMARK.h | 19 ---
include/linux/netfilter_ipv4/ipt_DSCP.h | 18 ---
include/linux/netfilter_ipv4/ipt_ECN.h | 4 +-
include/linux/netfilter_ipv4/ipt_MARK.h | 18 ---
include/linux/netfilter_ipv4/ipt_NFQUEUE.h | 16 ---
include/linux/netfilter_ipv4/ipt_TCPMSS.h | 9 --
include/linux/netfilter_ipv4/ipt_TOS.h | 12 --
include/linux/netfilter_ipv4/ipt_comment.h | 10 --
include/linux/netfilter_ipv4/ipt_connbytes.h | 18 ---
include/linux/netfilter_ipv4/ipt_connmark.h | 7 -
include/linux/netfilter_ipv4/ipt_conntrack.h | 28 ----
include/linux/netfilter_ipv4/ipt_dccp.h | 15 --
include/linux/netfilter_ipv4/ipt_dscp.h | 21 ---
include/linux/netfilter_ipv4/ipt_ecn.h | 4 +-
include/linux/netfilter_ipv4/ipt_esp.h | 10 --
include/linux/netfilter_ipv4/ipt_hashlimit.h | 14 --
include/linux/netfilter_ipv4/ipt_helper.h | 7 -
include/linux/netfilter_ipv4/ipt_iprange.h | 21 ---
include/linux/netfilter_ipv4/ipt_length.h | 7 -
include/linux/netfilter_ipv4/ipt_limit.h | 8 -
include/linux/netfilter_ipv4/ipt_mac.h | 7 -
include/linux/netfilter_ipv4/ipt_mark.h | 9 --
include/linux/netfilter_ipv4/ipt_multiport.h | 15 --
include/linux/netfilter_ipv4/ipt_owner.h | 20 ---
include/linux/netfilter_ipv4/ipt_physdev.h | 17 ---
include/linux/netfilter_ipv4/ipt_pkttype.h | 7 -
include/linux/netfilter_ipv4/ipt_policy.h | 23 ----
include/linux/netfilter_ipv4/ipt_recent.h | 21 ---
include/linux/netfilter_ipv4/ipt_sctp.h | 105 ---------------
include/linux/netfilter_ipv4/ipt_state.h | 15 --
include/linux/netfilter_ipv4/ipt_string.h | 10 --
include/linux/netfilter_ipv4/ipt_tcpmss.h | 7 -
include/linux/netfilter_ipv4/ipt_tos.h | 13 --
include/linux/netfilter_ipv6/Kbuild | 12 +--
include/linux/netfilter_ipv6/ip6_tables.h | 2 +-
include/linux/netfilter_ipv6/ip6t_MARK.h | 9 --
include/linux/netfilter_ipv6/ip6t_esp.h | 10 --
include/linux/netfilter_ipv6/ip6t_length.h | 8 -
include/linux/netfilter_ipv6/ip6t_limit.h | 8 -
include/linux/netfilter_ipv6/ip6t_mac.h | 7 -
include/linux/netfilter_ipv6/ip6t_mark.h | 9 --
include/linux/netfilter_ipv6/ip6t_multiport.h | 14 --
include/linux/netfilter_ipv6/ip6t_owner.h | 18 ---
include/linux/netfilter_ipv6/ip6t_physdev.h | 17 ---
include/linux/netfilter_ipv6/ip6t_policy.h | 23 ----
include/linux/netlink.h | 15 +-
include/net/netfilter/nf_nat_core.h | 2 +-
include/net/netlink.h | 4 +-
include/net/rtnetlink.h | 2 +-
net/bridge/br_netfilter.c | 2 +-
net/bridge/netfilter/ebt_log.c | 29 +---
net/bridge/netfilter/ebt_ulog.c | 2 +-
net/bridge/netfilter/ebtable_broute.c | 2 +-
net/bridge/netfilter/ebtable_filter.c | 8 +-
net/bridge/netfilter/ebtable_nat.c | 6 +-
net/bridge/netfilter/ebtables.c | 13 +-
net/ipv4/netfilter/arp_tables.c | 47 +++++--
net/ipv4/netfilter/arptable_filter.c | 4 +-
net/ipv4/netfilter/ip_tables.c | 51 +++++---
net/ipv4/netfilter/iptable_filter.c | 10 +-
net/ipv4/netfilter/iptable_mangle.c | 16 +-
net/ipv4/netfilter/iptable_raw.c | 10 +-
net/ipv4/netfilter/iptable_security.c | 12 +-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 22 ++--
net/ipv4/netfilter/nf_nat_core.c | 8 +-
net/ipv4/netfilter/nf_nat_rule.c | 6 +-
net/ipv4/netfilter/nf_nat_standalone.c | 8 +-
net/ipv6/netfilter/ip6_tables.c | 48 +++++--
net/ipv6/netfilter/ip6t_eui64.c | 9 +-
net/ipv6/netfilter/ip6table_filter.c | 10 +-
net/ipv6/netfilter/ip6table_mangle.c | 16 +-
net/ipv6/netfilter/ip6table_raw.c | 10 +-
net/ipv6/netfilter/ip6table_security.c | 12 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 18 ++-
net/netfilter/ipvs/ip_vs_core.c | 29 +++--
net/netfilter/ipvs/ip_vs_wrr.c | 7 +-
net/netfilter/nf_conntrack_core.c | 8 +-
net/netfilter/nf_conntrack_netlink.c | 54 +++++---
net/netfilter/nfnetlink.c | 2 +-
net/netfilter/nfnetlink_log.c | 6 +-
net/netfilter/nfnetlink_queue.c | 9 +-
net/netfilter/x_tables.c | 7 +-
net/netfilter/xt_CONNMARK.c | 134 ++------------------
net/netfilter/xt_DSCP.c | 46 -------
net/netfilter/xt_MARK.c | 163 ++----------------------
net/netfilter/xt_connmark.c | 101 ++-------------
net/netfilter/xt_conntrack.c | 155 +----------------------
net/netfilter/xt_dscp.c | 17 ---
net/netfilter/xt_iprange.c | 45 +------
net/netfilter/xt_mark.c | 86 ++-----------
net/netfilter/xt_osf.c | 6 +-
net/netfilter/xt_owner.c | 130 ++-----------------
net/netlink/af_netlink.c | 2 +-
net/sched/act_api.c | 2 +-
107 files changed, 373 insertions(+), 1856 deletions(-)
delete mode 100644 include/linux/netfilter_ipv4/ipt_CLASSIFY.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_CONNMARK.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_DSCP.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_MARK.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_NFQUEUE.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_TCPMSS.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_TOS.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_comment.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_connbytes.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_connmark.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_conntrack.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_dccp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_dscp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_esp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_hashlimit.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_helper.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_iprange.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_length.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_limit.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_mac.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_mark.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_multiport.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_owner.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_physdev.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_pkttype.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_policy.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_recent.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_sctp.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_state.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_string.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_tcpmss.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_tos.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_MARK.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_esp.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_length.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_limit.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_mac.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_mark.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_multiport.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_owner.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_physdev.h
delete mode 100644 include/linux/netfilter_ipv6/ip6t_policy.h
Alexey Dobriyan (1):
netfilter: nf_conntrack: netns fix re reliable conntrack event delivery
Eric Dumazet (1):
netfilter: bridge: refcount fix
Jan Engelhardt (19):
netfilter: xtables: remove xt_TOS v0
netfilter: xtables: remove xt_CONNMARK v0
netfilter: xtables: remove xt_MARK v0, v1
netfilter: xtables: remove xt_connmark v0
netfilter: xtables: remove xt_conntrack v0
netfilter: xtables: remove xt_iprange v0
netfilter: xtables: remove xt_mark v0
netfilter: xtables: remove xt_owner v0
netfilter: xtables: remove redirecting header files
netfilter: conntrack: switch hook PFs to nfproto
netfilter: xtables: switch hook PFs to nfproto
netfilter: xtables: switch table AFs to nfproto
netfilter: xtables: realign struct xt_target_param
netfilter: iptables: remove unused datalen variable
netfilter: xtables: use memcmp in unconditional check
netfilter: xtables: ignore unassigned hooks in check_entry_size_and_hooks
netfilter: xtables: check for unconditionality of policies
netfilter: xtables: check for standard verdicts in policies
netfilter: xtables: mark initial tables constant
Julius Volz (1):
IPVS: Add handling of incoming ICMPV6 messages
Maximilian Engelhardt (1):
netfilter: nf_nat: fix inverted logic for persistent NAT mappings
Patrick McHardy (6):
Merge branch 'master' of git://dev.medozas.de/linux
netfilter: nf_conntrack: log packets dropped by helpers
netlink: constify nlmsghdr arguments
netfilter: nfnetlink: constify message attributes and headers
netfilter: ip6t_eui: fix read outside array bounds
netfilter: ebt_ulog: fix checkentry return value
Rafael Laufer (1):
netfilter: nf_conntrack: add SCTP support for SO_ORIGINAL_DST
Simon Horman (1):
ipvs: Use atomic operations atomicly
Tobias Klauser (1):
netfilter: ebtables: Use %pM conversion specifier
next reply other threads:[~2009-09-10 16:11 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-10 16:11 Patrick McHardy [this message]
2009-09-10 16:11 ` netfilter 01/31: nf_conntrack: add SCTP support for SO_ORIGINAL_DST Patrick McHardy
2009-09-10 16:11 ` netfilter 02/31: ebtables: Use %pM conversion specifier Patrick McHardy
2009-09-10 16:11 ` netfilter 03/31: xtables: remove xt_TOS v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 04/31: xtables: remove xt_CONNMARK v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 05/31: xtables: remove xt_MARK v0, v1 Patrick McHardy
2009-09-10 16:11 ` netfilter 06/31: xtables: remove xt_connmark v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 07/31: xtables: remove xt_conntrack v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 08/31: xtables: remove xt_iprange v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 09/31: xtables: remove xt_mark v0 Patrick McHardy
2009-09-10 16:11 ` netfilter 10/31: xtables: remove xt_owner v0 Patrick McHardy
2009-09-10 16:12 ` netfilter 11/31: xtables: remove redirecting header files Patrick McHardy
2009-09-10 16:12 ` netfilter 12/31: conntrack: switch hook PFs to nfproto Patrick McHardy
2009-09-10 16:12 ` netfilter 13/31: xtables: " Patrick McHardy
2009-09-10 16:12 ` netfilter 14/31: xtables: switch table AFs " Patrick McHardy
2009-09-10 16:12 ` netfilter 15/31: xtables: realign struct xt_target_param Patrick McHardy
2009-09-10 16:12 ` netfilter 16/31: iptables: remove unused datalen variable Patrick McHardy
2009-09-10 16:12 ` netfilter 17/31: xtables: use memcmp in unconditional check Patrick McHardy
2009-09-10 16:12 ` netfilter 18/31: xtables: ignore unassigned hooks in check_entry_size_and_hooks Patrick McHardy
2009-09-10 16:12 ` netfilter 19/31: xtables: check for unconditionality of policies Patrick McHardy
2009-09-10 16:12 ` netfilter 20/31: xtables: check for standard verdicts in policies Patrick McHardy
2009-09-10 16:12 ` netfilter 21/31: xtables: mark initial tables constant Patrick McHardy
2009-09-10 16:12 ` netfilter 22/31: nf_nat: fix inverted logic for persistent NAT mappings Patrick McHardy
2009-09-10 16:12 ` netfilter 23/31: bridge: refcount fix Patrick McHardy
2009-09-10 16:12 ` netfilter 24/31: nf_conntrack: log packets dropped by helpers Patrick McHardy
2009-09-10 16:12 ` netlink 25/31: constify nlmsghdr arguments Patrick McHardy
2009-09-10 16:12 ` netfilter 26/31: nfnetlink: constify message attributes and headers Patrick McHardy
2009-09-10 16:12 ` ipvs 27/31: Use atomic operations atomicly Patrick McHardy
2009-09-10 16:12 ` netfilter 28/31: nf_conntrack: netns fix re reliable conntrack event delivery Patrick McHardy
2009-09-10 16:12 ` netfilter 29/31: ip6t_eui: fix read outside array bounds Patrick McHardy
2009-09-10 16:12 ` IPVS 30/31: Add handling of incoming ICMPV6 messages Patrick McHardy
2009-09-10 16:12 ` netfilter 31/31: ebt_ulog: fix checkentry return value Patrick McHardy
2009-09-11 1:25 ` netfilter 00/31: netfilter 2.6.32 update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090910161142.31179.5256.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).