From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/18] Netfilter updates for net-next
Date: Mon, 18 Nov 2019 22:48:56 +0100 [thread overview]
Message-ID: <20191118214914.142794-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter updates for net-next:
1) Wildcard support for the net,iface set from Kristian Evensen.
2) Offload support for matching on the input interface.
3) Simplify matching on vlan header fields.
4) Add nft_payload_rebuild_vlan_hdr() function to rebuild the vlan
header from the vlan sk_buff metadata.
5) Pass extack to nft_flow_cls_offload_setup().
6) Add C-VLAN matching support.
7) Use time64_t in xt_time to fix y2038 overflow, from Arnd Bergmann.
8) Use time_t in nft_meta to fix y2038 overflow, also from Arnd.
9) Add flow_action_entry_next() helper function to flowtable offload
infrastructure.
10) Add IPv6 support to the flowtable offload infrastructure.
11) Support for input interface matching from postrouting,
from Phil Sutter.
12) Missing check for ndo callback in flowtable offload, from wenxu.
13) Remove conntrack parameter from flow_offload_fill_dir(), from wenxu.
14) Do not pass flow_rule object for rule removal, cookie is sufficient
to achieve this.
15) Release flow_rule object in case of error from the offload commit
path.
16) Undo offload ruleset updates if transaction fails.
17) Check for error when binding flowtable callbacks, from wenxu.
18) Always unbind flowtable callbacks when unregistering hooks.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks.
----------------------------------------------------------------
The following changes since commit 90bc72b13c08eedf73b7c0bd94ef23c467800c4a:
Merge branch 'ARM-Enable-GENET-support-for-RPi-4' (2019-11-12 20:08:00 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to ff4bf2f42a40e7dff28379f085b64df322c70b45:
netfilter: nf_tables: add nft_unregister_flowtable_hook() (2019-11-15 23:44:54 +0100)
----------------------------------------------------------------
Arnd Bergmann (2):
netfilter: xt_time: use time64_t
netfilter: nft_meta: use 64-bit time arithmetic
Kristian Evensen (1):
netfilter: ipset: Add wildcard support to net,iface
Pablo Neira Ayuso (12):
netfilter: nft_meta: offload support for interface index
netfilter: nft_payload: simplify vlan header handling
netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr()
netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup()
netfilter: nft_payload: add C-VLAN support
Merge branch 'master' of git://blackhole.kfki.hu/nf-next
netfilter: nf_flow_table_offload: add flow_action_entry_next() and use it
netfilter: nf_flow_table_offload: add IPv6 support
netfilter: nf_tables_offload: remove reference to flow rule from deletion path
netfilter: nf_tables_offload: release flow_rule on error from commit path
netfilter: nf_tables_offload: undo updates if transaction fails
netfilter: nf_tables: add nft_unregister_flowtable_hook()
Phil Sutter (1):
netfilter: Support iif matches in POSTROUTING
wenxu (3):
netfilter: nf_flow_table_offload: Fix check ndo_setup_tc when setup_block
netfilter: nf_flow_table: remove unnecessary parameter in flow_offload_fill_dir
netfilter: nf_tables: check if bind callback fails and unbind if hook registration fails
include/net/netfilter/nf_flow_table.h | 9 +-
include/net/netfilter/nf_tables_offload.h | 1 +
include/uapi/linux/netfilter/ipset/ip_set.h | 2 +
net/ipv4/ip_output.c | 4 +-
net/ipv4/netfilter/nf_flow_table_ipv4.c | 2 +-
net/ipv4/xfrm4_output.c | 2 +-
net/ipv6/ip6_output.c | 4 +-
net/ipv6/netfilter/nf_flow_table_ipv6.c | 2 +-
net/ipv6/xfrm6_output.c | 2 +-
net/netfilter/ipset/ip_set_hash_netiface.c | 23 +++-
net/netfilter/nf_flow_table_core.c | 8 +-
net/netfilter/nf_flow_table_inet.c | 25 +++-
net/netfilter/nf_flow_table_offload.c | 179 +++++++++++++++++++++-------
net/netfilter/nf_tables_api.c | 49 ++++++--
net/netfilter/nf_tables_offload.c | 95 +++++++++++++--
net/netfilter/nft_meta.c | 14 ++-
net/netfilter/nft_payload.c | 56 +++++----
net/netfilter/xt_time.c | 19 +--
18 files changed, 370 insertions(+), 126 deletions(-)
next reply other threads:[~2019-11-18 21:49 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-18 21:48 Pablo Neira Ayuso [this message]
2019-11-18 21:48 ` [PATCH 01/18] netfilter: ipset: Add wildcard support to net,iface Pablo Neira Ayuso
2019-11-18 21:48 ` [PATCH 02/18] netfilter: nft_meta: offload support for interface index Pablo Neira Ayuso
2019-11-18 21:48 ` [PATCH 03/18] netfilter: nft_payload: simplify vlan header handling Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 04/18] netfilter: nf_tables: add nft_payload_rebuild_vlan_hdr() Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 05/18] netfilter: nf_tables_offload: pass extack to nft_flow_cls_offload_setup() Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 06/18] netfilter: nft_payload: add C-VLAN support Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 07/18] netfilter: xt_time: use time64_t Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 08/18] netfilter: nft_meta: use 64-bit time arithmetic Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 09/18] netfilter: nf_flow_table_offload: add flow_action_entry_next() and use it Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 10/18] netfilter: nf_flow_table_offload: add IPv6 support Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 11/18] netfilter: Support iif matches in POSTROUTING Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 12/18] netfilter: nf_flow_table_offload: Fix check ndo_setup_tc when setup_block Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 13/18] netfilter: nf_flow_table: remove unnecessary parameter in flow_offload_fill_dir Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 14/18] netfilter: nf_tables_offload: remove reference to flow rule from deletion path Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 15/18] netfilter: nf_tables_offload: release flow_rule on error from commit path Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 16/18] netfilter: nf_tables_offload: undo updates if transaction fails Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 17/18] netfilter: nf_tables: check if bind callback fails and unbind if hook registration fails Pablo Neira Ayuso
2019-11-18 21:49 ` [PATCH 18/18] netfilter: nf_tables: add nft_unregister_flowtable_hook() Pablo Neira Ayuso
2019-11-19 0:47 ` [PATCH 00/18] Netfilter updates for net-next David Miller
-- strict thread matches above, loose matches on Subject: below --
2018-05-23 18:42 Pablo Neira Ayuso
2018-05-23 20:37 ` David Miller
2015-08-04 10:02 Pablo Neira Ayuso
2015-08-05 7:00 ` David Miller
2014-07-18 11:00 Pablo Neira Ayuso
2014-07-21 4:41 ` David Miller
2014-07-22 8:02 ` David Miller
2013-04-27 18:58 [PATCH 00/18] netfilter " Pablo Neira Ayuso
2013-04-29 15:37 ` David Miller
2013-04-29 17:50 ` Pablo Neira Ayuso
2013-04-29 17:54 ` David Miller
2013-04-29 20:27 ` Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191118214914.142794-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).