From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/51] Netfilter/IPVS updates for net-next
Date: Mon, 7 May 2018 00:46:18 +0200 [thread overview]
Message-ID: <20180506224709.29100-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter/IPVS updates for your net-next
tree, more relevant updates in this batch are:
1) Add Maglev support to IPVS. Moreover, store lastest server weight in
IPVS since this is needed by maglev, patches from from Inju Song.
2) Preparation works to add iptables flowtable support, patches
from Felix Fietkau.
3) Hand over flows back to conntrack slow path in case of TCP RST/FIN
packet is seen via new teardown state, also from Felix.
4) Add support for extended netlink error reporting for nf_tables.
5) Support for larger timeouts that 23 days in nf_tables, patch from
Florian Westphal.
6) Always set an upper limit to dynamic sets, also from Florian.
7) Allow number generator to make map lookups, from Laura Garcia.
8) Use hash_32() instead of opencode hashing in IPVS, from Vicent Bernat.
9) Extend ip6tables SRH match to support previous, next and last SID,
from Ahmed Abdelsalam.
10) Move Passive OS fingerprint nf_osf.c, from Fernando Fernandez.
11) Expose nf_conntrack_max through ctnetlink, from Florent Fourcot.
12) Several housekeeping patches for xt_NFLOG, x_tables and ebtables,
from Taehee Yoo.
13) Unify meta bridge with core nft_meta, then make nft_meta built-in.
Make rt and exthdr built-in too, again from Florian.
14) Missing initialization of tbl->entries in IPVS, from Cong Wang.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks.
----------------------------------------------------------------
The following changes since commit 415787d7799f4fccbe8d49cb0b8e5811be6b0389:
ipv6: frags: fix a lockdep false positive (2018-04-18 23:19:39 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to b13468dc577498002cf4e62978359ff97ffcd187:
netfilter: nft_dynset: fix timeout updates on 32bit (2018-05-07 00:05:22 +0200)
----------------------------------------------------------------
Ahmed Abdelsalam (1):
netfilter: ip6t_srh: extend SRH matching for previous, next and last SID
Arvind Yadav (1):
netfilter: ipvs: Fix space before '[' error.
Cong Wang (2):
ipvs: initialize tbl->entries after allocation
ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
Felix Fietkau (19):
netfilter: nf_flow_table: use IP_CT_DIR_* values for FLOW_OFFLOAD_DIR_*
netfilter: nf_flow_table: clean up flow_offload_alloc
ipv6: make ip6_dst_mtu_forward inline
netfilter: nf_flow_table: cache mtu in struct flow_offload_tuple
netfilter: nf_flow_table: rename nf_flow_table.c to nf_flow_table_core.c
netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table
netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu
netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table
netfilter: nf_flow_table: relax mixed ipv4/ipv6 flowtable dependencies
netfilter: nf_flow_table: move init code to nf_flow_table_core.c
netfilter: nf_flow_table: fix priv pointer for netdev hook
netfilter: nf_flow_table: track flow tables in nf_flow_table directly
netfilter: nf_flow_table: make flow_offload_dead inline
netfilter: nf_flow_table: add a new flow state for tearing down offloading
netfilter: nf_flow_table: in flow_offload_lookup, skip entries being deleted
netfilter: nf_flow_table: add support for sending flows back to the slow path
netfilter: nf_flow_table: tear down TCP flows if RST or FIN was seen
netfilter: nf_flow_table: add missing condition for TCP state check
netfilter: nf_flow_table: fix offloading connections with SNAT+DNAT
Fernando Fernandez Mancera (1):
netfilter: extract Passive OS fingerprint infrastructure from xt_osf
Florent Fourcot (1):
netfilter: ctnetlink: export nf_conntrack_max
Florian Westphal (8):
netfilter: nf_tables: support timeouts larger than 23 days
netfilter: nf_tables: always use an upper set size for dynsets
netfilter: merge meta_bridge into nft_meta
netfilter: nf_tables: make meta expression builtin
netfilter: nf_tables: merge rt expression into nft core
netfilter: nf_tables: merge exthdr expression into nft core
netfilter: nf_nat: remove unused ct arg from lookup functions
netfilter: nft_dynset: fix timeout updates on 32bit
Inju Song (3):
netfilter: ipvs: Keep latest weight of destination
netfilter: ipvs: Add Maglev hashing scheduler
netfilter: ipvs: Add configurations of Maglev hashing
Laura Garcia Liebana (2):
netfilter: nft_numgen: add map lookups for numgen statements
netfilter: nft_numgen: enable hashing of one element
Pablo Neira Ayuso (3):
netfilter: nf_tables: simplify lookup functions
netfilter: nf_tables: initial support for extended ACK reporting
Merge tag 'ipvs-for-v4.18' of http://git.kernel.org/.../horms/ipvs-next
Phil Sutter (2):
netfilter: nf_tables: Simplify set backend selection
netfilter: nf_tables: Provide NFT_{RT,CT}_MAX for userspace
Taehee Yoo (7):
netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet.
netfilter: add __exit mark to helper modules
netfilter: ebtables: add ebt_free_table_info function
netfilter: ebtables: remove EBT_MATCH and EBT_NOMATCH
netfilter: x_tables: remove duplicate ip6t_get_target function call
netfilter: ebtables: add ebt_get_target and ebt_get_target_c
netfilter: xtables: use ipt_get_target_c instead of ipt_get_target
Thierry Du Tre (1):
netfilter: add NAT support for shifted portmap ranges
Vincent Bernat (1):
ipvs: fix multiplicative hashing in sh/dh/lblc/lblcr algorithms
include/linux/netfilter/nf_osf.h | 27 +
include/linux/netfilter_bridge/ebtables.h | 4 -
include/net/ip6_route.h | 21 +
include/net/ip_vs.h | 1 +
include/net/ipv6.h | 2 -
include/net/netfilter/ipv4/nf_nat_masquerade.h | 2 +-
include/net/netfilter/ipv6/nf_nat_masquerade.h | 2 +-
include/net/netfilter/nf_flow_table.h | 24 +-
include/net/netfilter/nf_nat.h | 2 +-
include/net/netfilter/nf_nat_l3proto.h | 28 +-
include/net/netfilter/nf_nat_l4proto.h | 8 +-
include/net/netfilter/nf_nat_redirect.h | 2 +-
include/net/netfilter/nf_tables.h | 53 +-
include/net/netfilter/nf_tables_core.h | 3 +
include/net/netfilter/nfnetlink_log.h | 17 -
include/net/netfilter/nft_meta.h | 44 --
include/uapi/linux/netfilter/nf_nat.h | 12 +-
include/uapi/linux/netfilter/nf_osf.h | 90 +++
include/uapi/linux/netfilter/nf_tables.h | 8 +
include/uapi/linux/netfilter/nfnetlink_conntrack.h | 1 +
include/uapi/linux/netfilter/xt_osf.h | 106 +---
include/uapi/linux/netfilter_bridge/ebtables.h | 6 +
include/uapi/linux/netfilter_ipv6/ip6t_srh.h | 43 +-
net/bridge/netfilter/Kconfig | 7 -
net/bridge/netfilter/Makefile | 1 -
net/bridge/netfilter/ebtables.c | 63 +--
net/bridge/netfilter/nft_meta_bridge.c | 135 -----
net/ipv4/netfilter/ip_tables.c | 2 +-
net/ipv4/netfilter/ipt_MASQUERADE.c | 2 +-
net/ipv4/netfilter/iptable_nat.c | 3 +-
net/ipv4/netfilter/nf_flow_table_ipv4.c | 255 +--------
net/ipv4/netfilter/nf_nat_h323.c | 4 +-
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c | 18 +-
net/ipv4/netfilter/nf_nat_masquerade_ipv4.c | 4 +-
net/ipv4/netfilter/nf_nat_pptp.c | 2 +-
net/ipv4/netfilter/nf_nat_proto_gre.c | 2 +-
net/ipv4/netfilter/nf_nat_proto_icmp.c | 2 +-
net/ipv4/netfilter/nft_chain_nat_ipv4.c | 3 +-
net/ipv4/netfilter/nft_masq_ipv4.c | 2 +-
net/ipv6/ip6_output.c | 22 -
net/ipv6/netfilter/ip6_tables.c | 1 -
net/ipv6/netfilter/ip6t_MASQUERADE.c | 2 +-
net/ipv6/netfilter/ip6t_srh.c | 173 +++++-
net/ipv6/netfilter/ip6table_nat.c | 3 +-
net/ipv6/netfilter/nf_flow_table_ipv6.c | 246 +-------
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c | 18 +-
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c | 4 +-
net/ipv6/netfilter/nf_nat_proto_icmpv6.c | 2 +-
net/ipv6/netfilter/nft_chain_nat_ipv6.c | 3 +-
net/ipv6/netfilter/nft_masq_ipv6.c | 2 +-
net/ipv6/netfilter/nft_redir_ipv6.c | 2 +-
net/netfilter/Kconfig | 25 +-
net/netfilter/Makefile | 8 +-
net/netfilter/ipvs/Kconfig | 37 ++
net/netfilter/ipvs/Makefile | 1 +
net/netfilter/ipvs/ip_vs_ctl.c | 4 +
net/netfilter/ipvs/ip_vs_dh.c | 3 +-
net/netfilter/ipvs/ip_vs_lblc.c | 4 +-
net/netfilter/ipvs/ip_vs_lblcr.c | 4 +-
net/netfilter/ipvs/ip_vs_mh.c | 540 ++++++++++++++++++
net/netfilter/ipvs/ip_vs_proto_tcp.c | 4 +-
net/netfilter/ipvs/ip_vs_sh.c | 3 +-
net/netfilter/nf_conntrack_core.c | 1 +
net/netfilter/nf_conntrack_ftp.c | 3 +-
net/netfilter/nf_conntrack_irc.c | 6 +-
net/netfilter/nf_conntrack_netlink.c | 3 +
net/netfilter/nf_conntrack_sane.c | 3 +-
net/netfilter/nf_conntrack_sip.c | 2 +-
net/netfilter/nf_conntrack_tftp.c | 2 +-
.../{nf_flow_table.c => nf_flow_table_core.c} | 309 ++++++----
net/netfilter/nf_flow_table_inet.c | 3 +-
net/netfilter/nf_flow_table_ip.c | 487 ++++++++++++++++
net/netfilter/nf_nat_core.c | 27 +-
net/netfilter/nf_nat_helper.c | 2 +-
net/netfilter/nf_nat_proto_common.c | 9 +-
net/netfilter/nf_nat_proto_dccp.c | 2 +-
net/netfilter/nf_nat_proto_sctp.c | 2 +-
net/netfilter/nf_nat_proto_tcp.c | 2 +-
net/netfilter/nf_nat_proto_udp.c | 4 +-
net/netfilter/nf_nat_proto_unknown.c | 2 +-
net/netfilter/nf_nat_redirect.c | 6 +-
net/netfilter/nf_nat_sip.c | 2 +-
net/netfilter/nf_osf.c | 218 +++++++
net/netfilter/nf_tables_api.c | 624 +++++++++++----------
net/netfilter/nf_tables_core.c | 3 +
net/netfilter/nfnetlink_log.c | 8 +-
net/netfilter/nft_dynset.c | 7 +-
net/netfilter/nft_exthdr.c | 23 +-
net/netfilter/nft_flow_offload.c | 5 +-
net/netfilter/nft_hash.c | 2 +-
net/netfilter/nft_meta.c | 112 ++--
net/netfilter/nft_nat.c | 2 +-
net/netfilter/nft_numgen.c | 85 ++-
net/netfilter/nft_objref.c | 4 +-
net/netfilter/nft_rt.c | 22 +-
net/netfilter/nft_set_bitmap.c | 34 +-
net/netfilter/nft_set_hash.c | 153 ++---
net/netfilter/nft_set_rbtree.c | 36 +-
net/netfilter/xt_NETMAP.c | 8 +-
net/netfilter/xt_NFLOG.c | 15 +-
net/netfilter/xt_REDIRECT.c | 2 +-
net/netfilter/xt_nat.c | 72 ++-
net/netfilter/xt_osf.c | 202 +------
net/openvswitch/conntrack.c | 4 +-
104 files changed, 2753 insertions(+), 1887 deletions(-)
create mode 100644 include/linux/netfilter/nf_osf.h
delete mode 100644 include/net/netfilter/nft_meta.h
create mode 100644 include/uapi/linux/netfilter/nf_osf.h
delete mode 100644 net/bridge/netfilter/nft_meta_bridge.c
create mode 100644 net/netfilter/ipvs/ip_vs_mh.c
rename net/netfilter/{nf_flow_table.c => nf_flow_table_core.c} (67%)
create mode 100644 net/netfilter/nf_flow_table_ip.c
create mode 100644 net/netfilter/nf_osf.c
next reply other threads:[~2018-05-06 22:46 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-06 22:46 Pablo Neira Ayuso [this message]
2018-05-06 22:46 ` [PATCH 01/51] netfilter: ipvs: Fix space before '[' error Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 02/51] netfilter: ipvs: Keep latest weight of destination Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 03/51] netfilter: ipvs: Add Maglev hashing scheduler Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 04/51] netfilter: ipvs: Add configurations of Maglev hashing Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 05/51] ipvs: fix multiplicative hashing in sh/dh/lblc/lblcr algorithms Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 06/51] netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 07/51] netfilter: nf_flow_table: use IP_CT_DIR_* values for FLOW_OFFLOAD_DIR_* Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 08/51] netfilter: nf_flow_table: clean up flow_offload_alloc Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 09/51] ipv6: make ip6_dst_mtu_forward inline Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 10/51] netfilter: nf_flow_table: cache mtu in struct flow_offload_tuple Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 11/51] netfilter: nf_flow_table: rename nf_flow_table.c to nf_flow_table_core.c Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 12/51] netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 13/51] netfilter: nf_flow_table: move ip header check out of nf_flow_exceeds_mtu Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 14/51] netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 15/51] netfilter: nf_flow_table: relax mixed ipv4/ipv6 flowtable dependencies Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 16/51] netfilter: nf_flow_table: move init code to nf_flow_table_core.c Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 17/51] netfilter: nf_flow_table: fix priv pointer for netdev hook Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 18/51] netfilter: nf_flow_table: track flow tables in nf_flow_table directly Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 19/51] netfilter: nf_flow_table: make flow_offload_dead inline Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 20/51] netfilter: nf_flow_table: add a new flow state for tearing down offloading Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 21/51] netfilter: nf_flow_table: in flow_offload_lookup, skip entries being deleted Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 22/51] netfilter: nf_flow_table: add support for sending flows back to the slow path Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 23/51] netfilter: nf_flow_table: tear down TCP flows if RST or FIN was seen Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 24/51] netfilter: nf_flow_table: add missing condition for TCP state check Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 25/51] netfilter: nf_flow_table: fix offloading connections with SNAT+DNAT Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 26/51] netfilter: nf_tables: simplify lookup functions Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 27/51] netfilter: nf_tables: initial support for extended ACK reporting Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 28/51] netfilter: nf_tables: Simplify set backend selection Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 29/51] netfilter: add NAT support for shifted portmap ranges Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 30/51] netfilter: add __exit mark to helper modules Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 31/51] netfilter: ebtables: add ebt_free_table_info function Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 32/51] netfilter: ebtables: remove EBT_MATCH and EBT_NOMATCH Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 33/51] netfilter: x_tables: remove duplicate ip6t_get_target function call Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 34/51] netfilter: ebtables: add ebt_get_target and ebt_get_target_c Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 35/51] netfilter: xtables: use ipt_get_target_c instead of ipt_get_target Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 36/51] netfilter: nf_tables: support timeouts larger than 23 days Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 37/51] netfilter: nf_tables: always use an upper set size for dynsets Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 38/51] netfilter: merge meta_bridge into nft_meta Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 39/51] netfilter: nf_tables: make meta expression builtin Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 40/51] netfilter: nf_tables: merge rt expression into nft core Pablo Neira Ayuso
2018-05-06 22:46 ` [PATCH 41/51] netfilter: nf_tables: merge exthdr " Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 42/51] ipvs: initialize tbl->entries after allocation Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 43/51] ipvs: initialize tbl->entries in ip_vs_lblc_init_svc() Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 44/51] netfilter: nft_numgen: add map lookups for numgen statements Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 45/51] netfilter: nft_numgen: enable hashing of one element Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 46/51] netfilter: ip6t_srh: extend SRH matching for previous, next and last SID Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 47/51] netfilter: nf_nat: remove unused ct arg from lookup functions Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 48/51] netfilter: nf_tables: Provide NFT_{RT,CT}_MAX for userspace Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 49/51] netfilter: extract Passive OS fingerprint infrastructure from xt_osf Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 50/51] netfilter: ctnetlink: export nf_conntrack_max Pablo Neira Ayuso
2018-05-06 22:47 ` [PATCH 51/51] netfilter: nft_dynset: fix timeout updates on 32bit Pablo Neira Ayuso
2018-05-07 2:00 ` [PATCH 00/51] Netfilter/IPVS updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180506224709.29100-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).