From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net-next 0/8] Netfilter updates for net-next
Date: Wed, 4 Nov 2020 15:11:41 +0100 [thread overview]
Message-ID: <20201104141149.30082-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter updates for net-next:
1) Move existing bridge packet reject infra to nf_reject_{ipv4,ipv6}.c
from Jose M. Guisado.
2) Consolidate nft_reject_inet initialization and dump, also from Jose.
3) Add the netdev reject action, from Jose.
4) Allow to combine the exist flag and the destroy command in ipset,
from Joszef Kadlecsik.
5) Expose bucket size parameter for hashtables, also from Jozsef.
6) Expose the init value for reproducible ipset listings, from Jozsef.
7) Use __printf attribute in nft_request_module, from Andrew Lunn.
8) Allow to use reject from the inet ingress chain.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks.
----------------------------------------------------------------
The following changes since commit 37d38ece9b898ea183db9e5a6582651e6ed64c9a:
net/mac8390: discard unnecessary breaks (2020-10-29 19:03:46 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 117ca1f8920cf4087bf82f44bd2a51b49d6aae63:
netfilter: nft_reject_inet: allow to use reject from inet ingress (2020-11-01 12:52:17 +0100)
----------------------------------------------------------------
Andrew Lunn (1):
netfilter: nftables: Add __printf() attribute
Jose M. Guisado Gomez (3):
netfilter: nf_reject: add reject skbuff creation helpers
netfilter: nft_reject: unify reject init and dump into nft_reject
netfilter: nft_reject: add reject verdict support for netdev
Jozsef Kadlecsik (3):
netfilter: ipset: Support the -exist flag with the destroy command
netfilter: ipset: Add bucketsize parameter to all hash types
netfilter: ipset: Expose the initval hash parameter to userspace
Pablo Neira Ayuso (1):
netfilter: nft_reject_inet: allow to use reject from inet ingress
include/linux/netfilter/ipset/ip_set.h | 5 +
include/net/netfilter/ipv4/nf_reject.h | 10 ++
include/net/netfilter/ipv6/nf_reject.h | 9 +
include/uapi/linux/netfilter/ipset/ip_set.h | 6 +-
net/bridge/netfilter/Kconfig | 2 +-
net/bridge/netfilter/nft_reject_bridge.c | 255 +--------------------------
net/ipv4/netfilter/nf_reject_ipv4.c | 128 +++++++++++++-
net/ipv6/netfilter/nf_reject_ipv6.c | 139 ++++++++++++++-
net/netfilter/Kconfig | 10 ++
net/netfilter/Makefile | 1 +
net/netfilter/ipset/ip_set_core.c | 6 +-
net/netfilter/ipset/ip_set_hash_gen.h | 45 +++--
net/netfilter/ipset/ip_set_hash_ip.c | 7 +-
net/netfilter/ipset/ip_set_hash_ipmac.c | 6 +-
net/netfilter/ipset/ip_set_hash_ipmark.c | 7 +-
net/netfilter/ipset/ip_set_hash_ipport.c | 7 +-
net/netfilter/ipset/ip_set_hash_ipportip.c | 7 +-
net/netfilter/ipset/ip_set_hash_ipportnet.c | 7 +-
net/netfilter/ipset/ip_set_hash_mac.c | 6 +-
net/netfilter/ipset/ip_set_hash_net.c | 7 +-
net/netfilter/ipset/ip_set_hash_netiface.c | 7 +-
net/netfilter/ipset/ip_set_hash_netnet.c | 7 +-
net/netfilter/ipset/ip_set_hash_netport.c | 7 +-
net/netfilter/ipset/ip_set_hash_netportnet.c | 7 +-
net/netfilter/nf_tables_api.c | 3 +-
net/netfilter/nft_reject.c | 12 +-
net/netfilter/nft_reject_inet.c | 68 ++-----
net/netfilter/nft_reject_netdev.c | 189 ++++++++++++++++++++
28 files changed, 615 insertions(+), 355 deletions(-)
create mode 100644 net/netfilter/nft_reject_netdev.c
next reply other threads:[~2020-11-04 14:12 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-04 14:11 Pablo Neira Ayuso [this message]
2020-11-04 14:11 ` [PATCH net-next 1/8] netfilter: nf_reject: add reject skbuff creation helpers Pablo Neira Ayuso
2020-11-04 14:11 ` [PATCH net-next 2/8] netfilter: nft_reject: unify reject init and dump into nft_reject Pablo Neira Ayuso
2020-11-04 14:11 ` [PATCH net-next 3/8] netfilter: nft_reject: add reject verdict support for netdev Pablo Neira Ayuso
2020-11-04 14:11 ` [PATCH net-next 4/8] netfilter: ipset: Support the -exist flag with the destroy command Pablo Neira Ayuso
2020-11-04 14:11 ` [PATCH net-next 5/8] netfilter: ipset: Add bucketsize parameter to all hash types Pablo Neira Ayuso
2020-11-04 14:11 ` [PATCH net-next 6/8] netfilter: ipset: Expose the initval hash parameter to userspace Pablo Neira Ayuso
2020-11-04 14:11 ` [PATCH net-next 7/8] netfilter: nftables: Add __printf() attribute Pablo Neira Ayuso
2020-11-04 14:11 ` [PATCH net-next 8/8] netfilter: nft_reject_inet: allow to use reject from inet ingress Pablo Neira Ayuso
2020-11-05 2:18 ` [PATCH net-next 0/8] Netfilter updates for net-next Jakub Kicinski
-- strict thread matches above, loose matches on Subject: below --
2021-08-30 9:38 Pablo Neira Ayuso
2023-12-22 11:57 Pablo Neira Ayuso
2025-09-01 8:08 [PATCH net-next 0/8] netfilter: " Florian Westphal
2025-09-02 10:53 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201104141149.30082-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).