From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net-next 0/6] Netfilter updates for net-next
Date: Wed, 23 Jun 2021 19:02:55 +0200 [thread overview]
Message-ID: <20210623170301.59973-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter updates for net-next:
1) Skip non-SCTP packets in the new SCTP chunk support for nft_exthdr,
from Phil Sutter.
2) Simplify TCP option sanity check for TCP packets, also from Phil.
3) Add a new expression to store when the rule has been used last time.
4) Pass the hook state object to log function, from Florian Westphal.
5) Document the new sysctl knobs to tune the flowtable timeouts,
from Oz Shlomo.
6) Fix snprintf error check in the new nfnetlink_hook infrastructure,
from Dan Carpenter.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thank you!
----------------------------------------------------------------
The following changes since commit c7654495916e109f76a67fd3ae68f8fa70ab4faa:
net: chelsio: cxgb4: use eth_zero_addr() to assign zero address (2021-06-16 00:53:17 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 24610ed80df65a564d6165d15505a950d05f9f5a:
netfilter: nfnetlink_hook: fix check for snprintf() overflow (2021-06-21 22:05:29 +0200)
----------------------------------------------------------------
Dan Carpenter (1):
netfilter: nfnetlink_hook: fix check for snprintf() overflow
Florian Westphal (1):
netfilter: conntrack: pass hook state to log functions
Oz Shlomo (1):
docs: networking: Update connection tracking offload sysctl parameters
Pablo Neira Ayuso (1):
netfilter: nf_tables: add last expression
Phil Sutter (2):
netfilter: nft_exthdr: Search chunks in SCTP packets only
netfilter: nft_extdhr: Drop pointless check of tprot_set
Documentation/networking/nf_conntrack-sysctl.rst | 24 +++++++
include/net/netfilter/nf_conntrack_l4proto.h | 20 +++---
include/net/netfilter/nf_tables_core.h | 1 +
include/uapi/linux/netfilter/nf_tables.h | 15 ++++
net/netfilter/Makefile | 2 +-
net/netfilter/nf_conntrack_proto.c | 16 +++--
net/netfilter/nf_conntrack_proto_dccp.c | 14 ++--
net/netfilter/nf_conntrack_proto_icmp.c | 7 +-
net/netfilter/nf_conntrack_proto_icmpv6.c | 3 +-
net/netfilter/nf_conntrack_proto_sctp.c | 2 +-
net/netfilter/nf_conntrack_proto_tcp.c | 23 ++++---
net/netfilter/nf_conntrack_proto_udp.c | 6 +-
net/netfilter/nf_tables_core.c | 1 +
net/netfilter/nfnetlink_hook.c | 4 +-
net/netfilter/nft_exthdr.c | 7 +-
net/netfilter/nft_last.c | 87 ++++++++++++++++++++++++
16 files changed, 184 insertions(+), 48 deletions(-)
create mode 100644 net/netfilter/nft_last.c
next reply other threads:[~2021-06-23 17:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-23 17:02 Pablo Neira Ayuso [this message]
2021-06-23 17:02 ` [PATCH net-next 1/6] netfilter: nft_exthdr: Search chunks in SCTP packets only Pablo Neira Ayuso
2021-06-23 19:40 ` patchwork-bot+netdevbpf
2021-06-23 17:02 ` [PATCH net-next 2/6] netfilter: nft_extdhr: Drop pointless check of tprot_set Pablo Neira Ayuso
2021-06-23 17:02 ` [PATCH net-next 3/6] netfilter: nf_tables: add last expression Pablo Neira Ayuso
2021-06-23 17:02 ` [PATCH net-next 4/6] netfilter: conntrack: pass hook state to log functions Pablo Neira Ayuso
2021-06-23 17:03 ` [PATCH net-next 5/6] docs: networking: Update connection tracking offload sysctl parameters Pablo Neira Ayuso
2021-06-23 17:03 ` [PATCH net-next 6/6] netfilter: nfnetlink_hook: fix check for snprintf() overflow Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2025-08-20 14:47 [PATCH net-next 0/6] netfilter: updates for net-next Florian Westphal
2022-11-14 10:41 [PATCH net-next 0/6] Netfilter " Pablo Neira Ayuso
2021-06-23 17:02 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210623170301.59973-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).