From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/23] Netfilter/IPVS updates for net-next
Date: Tue, 7 Nov 2017 01:51:50 +0100 [thread overview]
Message-ID: <20171107005213.22618-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter/IPVS updates for your net-next
tree, they are:
1) Speed up table replacement on busy systems with large tables
(and many cores) in x_tables. Now xt_replace_table() synchronizes by
itself by waiting until all cpus had an even seqcount and we use no
use seqlock when fetching old counters, from Florian Westphal.
2) Add nf_l4proto_log_invalid() and nf_ct_l4proto_log_invalid() to speed
up packet processing in the fast path when logging is not enabled, from
Florian Westphal.
3) Precompute masked address from configuration plane in xt_connlimit,
from Florian.
4) Don't use explicit size for set selection if performance set policy
is selected.
5) Allow to get elements from an existing set in nf_tables.
6) Fix incorrect check in nft_hash_deactivate(), from Florian.
7) Cache netlink attribute size result in l4proto->nla_size, from
Florian.
8) Handle NFPROTO_INET in nf_ct_netns_get() from conntrack core.
9) Use power efficient workqueue in conntrack garbage collector, from
Vincent Guittot.
10) Remove unnecessary parameter, in conntrack l4proto functions, also
from Florian.
11) Constify struct nf_conntrack_l3proto definitions, from Florian.
12) Remove all typedefs in nf_conntrack_h323 via coccinelle semantic
patch, from Harsha Sharma.
13) Don't store address in the rbtree nodes in xt_connlimit, they are
never used, from Florian.
14) Fix out of bound access in the conntrack h323 helper, patch from
Eric Sesterhenn.
15) Print symbols for the address returned with %pS in IPVS, from
Helge Deller.
16) Proc output should only display its own netns in IPVS, from
KUWAZAWA Takuya.
17) Small clean up in size_entry_mwt(), from Colin Ian King.
18) Use test_and_clear_bit from nf_nat_proto_clean() instead of separated
non-atomic test and then clear bit, from Florian Westphal.
19) Consolidate prefix length maps in ipset, from Aaron Conole.
20) Fix sparse warnings in ipset, from Jozsef Kadlecsik.
21) Simplify list_set_memsize(), from simran singhal.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks!
----------------------------------------------------------------
The following changes since commit 26873308b21654b6e0785b9f9e2c5414d37a4c4c:
Merge branch 'sctp-stream-schedulers' (2017-10-03 16:27:29 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to ba0e4d9917b43dfa746cbbcb4477da59aae73bd6:
netfilter: nf_tables: get set elements via netlink (2017-11-07 01:00:31 +0100)
----------------------------------------------------------------
Aaron Conole (1):
netfilter: ipset: deduplicate prefixlen maps
Colin Ian King (1):
netfilter: ebtables: clean up initialization of buf
Eric Sesterhenn (1):
netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack
Florian Westphal (11):
netfilter: nat: use test_and_clear_bit when deleting ct from bysource list
netfilter: conntrack: add and use nf_l4proto_log_invalid
netfilter: conntrack: add and use nf_ct_l4proto_log_invalid
netfilter: conntrack: remove pf argument from l4 packet functions
netfilter: x_tables: make xt_replace_table wait until old rules are not used anymore
netfilter: x_tables: don't use seqlock when fetching old counters
netfilter: conntrack: make l3proto trackers const
netfilter: xt_connlimit: don't store address in the conn nodes
netfilter: xt_connlimit: remove mask argument
netfilter: nft_hash: fix nft_hash_deactivate
netfilter: conntrack: don't cache nlattr_tuple_size result in nla_size
Harsha Sharma (1):
netfilter: nf_conntrack_h323: Remove typedef struct
Helge Deller (1):
netfilter: ipvs: Use %pS printk format for direct addresses
Jozsef Kadlecsik (1):
netfilter: ipset: Fix sparse warnings
KUWAZAWA Takuya (1):
netfilter: ipvs: Fix inappropriate output of procfs
Pablo Neira Ayuso (3):
netfilter: conntrack: move nf_ct_netns_{get,put}() to core
netfilter: nf_tables: performance set policy skips size description in selection
netfilter: nf_tables: get set elements via netlink
Vincent Guittot (1):
netfilter: conntrack: use power efficient workqueue
simran singhal (1):
netfilter: ipset: Compress return logic
include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 2 +-
include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 2 +-
include/net/netfilter/nf_conntrack_l4proto.h | 25 +-
include/net/netfilter/nf_tables.h | 5 +
net/bridge/netfilter/ebtables.c | 3 +-
net/ipv4/netfilter/arp_tables.c | 22 +-
net/ipv4/netfilter/ip_tables.c | 23 +-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 +-
net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 28 +-
net/ipv6/netfilter/ip6_tables.c | 22 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 2 +-
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 24 +-
net/netfilter/ipset/ip_set_hash_ipportnet.c | 2 +-
net/netfilter/ipset/ip_set_list_set.c | 5 +-
net/netfilter/ipset/pfxlen.c | 395 +++++++++----------------
net/netfilter/ipvs/ip_vs_conn.c | 2 +-
net/netfilter/ipvs/ip_vs_ctl.c | 8 +-
net/netfilter/nf_conntrack_core.c | 15 +-
net/netfilter/nf_conntrack_h323_asn1.c | 81 ++---
net/netfilter/nf_conntrack_netlink.c | 10 +-
net/netfilter/nf_conntrack_proto.c | 86 +++++-
net/netfilter/nf_conntrack_proto_dccp.c | 21 +-
net/netfilter/nf_conntrack_proto_generic.c | 1 -
net/netfilter/nf_conntrack_proto_gre.c | 1 -
net/netfilter/nf_conntrack_proto_sctp.c | 4 +-
net/netfilter/nf_conntrack_proto_tcp.c | 62 ++--
net/netfilter/nf_conntrack_proto_udp.c | 41 ++-
net/netfilter/nf_nat_core.c | 9 +-
net/netfilter/nf_tables_api.c | 195 ++++++++----
net/netfilter/nft_ct.c | 39 +--
net/netfilter/nft_set_bitmap.c | 18 ++
net/netfilter/nft_set_hash.c | 41 ++-
net/netfilter/nft_set_rbtree.c | 73 +++++
net/netfilter/x_tables.c | 21 +-
net/netfilter/xt_connlimit.c | 55 ++--
35 files changed, 767 insertions(+), 578 deletions(-)
next reply other threads:[~2017-11-07 0:51 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-07 0:51 Pablo Neira Ayuso [this message]
2017-11-07 0:51 ` [PATCH 01/23] netfilter: ipset: Compress return logic Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 02/23] netfilter: ipset: Fix sparse warnings Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 03/23] netfilter: ipset: deduplicate prefixlen maps Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 04/23] netfilter: nat: use test_and_clear_bit when deleting ct from bysource list Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 05/23] netfilter: conntrack: add and use nf_l4proto_log_invalid Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 06/23] netfilter: conntrack: add and use nf_ct_l4proto_log_invalid Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 07/23] netfilter: conntrack: remove pf argument from l4 packet functions Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 08/23] netfilter: x_tables: make xt_replace_table wait until old rules are not used anymore Pablo Neira Ayuso
2017-11-07 0:51 ` [PATCH 09/23] netfilter: x_tables: don't use seqlock when fetching old counters Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 10/23] netfilter: conntrack: make l3proto trackers const Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 11/23] netfilter: nf_conntrack_h323: Remove typedef struct Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 12/23] netfilter: xt_connlimit: don't store address in the conn nodes Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 13/23] netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 14/23] netfilter: ipvs: Use %pS printk format for direct addresses Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 15/23] netfilter: ipvs: Fix inappropriate output of procfs Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 16/23] netfilter: ebtables: clean up initialization of buf Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 17/23] netfilter: xt_connlimit: remove mask argument Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 18/23] netfilter: nft_hash: fix nft_hash_deactivate Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 19/23] netfilter: conntrack: don't cache nlattr_tuple_size result in nla_size Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 20/23] netfilter: conntrack: move nf_ct_netns_{get,put}() to core Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 21/23] netfilter: conntrack: use power efficient workqueue Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 22/23] netfilter: nf_tables: performance set policy skips size description in selection Pablo Neira Ayuso
2017-11-07 0:52 ` [PATCH 23/23] netfilter: nf_tables: get set elements via netlink Pablo Neira Ayuso
2017-11-08 5:32 ` [PATCH 00/23] Netfilter/IPVS updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171107005213.22618-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).