From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Jakub Kicinski <kuba@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
netfilter-devel <netfilter-devel@vger.kernel.org>
Subject: [PATCH net-next 0/9] Netfilter updates for net-next
Date: Thu, 18 May 2023 12:07:50 +0200 [thread overview]
Message-ID: <20230518100759.84858-1-fw@strlen.de> (raw)
Hello,
[ sorry if you get this twice, wrong mail aliases in v1 ]
this PR contains updates for your *net-next* tree.
nftables updates:
1. Allow key existence checks with maps.
At the moment the kernel requires userspace to pass a destination
register for the associated value, make this optional so userspace
can query if the key exists, just like with normal sets.
2. nftables maintains a counter per set that holds the number of
elements. This counter gets decremented on element removal,
but its only incremented if the set has a upper maximum value.
Increment unconditionally, this will allow us to update the
maximum value later on.
3. At DCCP option maching, from Jeremy Sowden.
4. use struct_size macro, from Christophe JAILLET.
Conntrack:
5. Squash holes in struct nf_conntrack_expect, also Christophe JAILLET.
6. Allow clash resolution for GRE Protocol to avoid a packet drop,
from Faicker Mo.
Flowtable:
Simplify route logic and split large functions into smaller
chunks, from Pablo Neira Ayuso.
The following changes since commit b50a8b0d57ab1ef11492171e98a030f48682eac3:
net: openvswitch: Use struct_size() (2023-05-17 21:25:46 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-2023-05-18
for you to fetch changes up to e05b5362166b18a224c30502e81416e4d622d3e4:
netfilter: flowtable: split IPv6 datapath in helper functions (2023-05-18 08:48:55 +0200)
----------------------------------------------------------------
Christophe JAILLET (2):
netfilter: Reorder fields in 'struct nf_conntrack_expect'
netfilter: nft_set_pipapo: Use struct_size()
Faicker Mo (1):
netfilter: conntrack: allow insertion clash of gre protocol
Florian Westphal (2):
netfilter: nf_tables: relax set/map validation checks
netfilter: nf_tables: always increment set element count
Jeremy Sowden (1):
netfilter: nft_exthdr: add boolean DCCP option matching
Pablo Neira Ayuso (3):
netfilter: flowtable: simplify route logic
netfilter: flowtable: split IPv4 datapath in helper functions
netfilter: flowtable: split IPv6 datapath in helper functions
include/net/netfilter/nf_conntrack_expect.h | 18 +--
include/net/netfilter/nf_flow_table.h | 4 +-
include/uapi/linux/netfilter/nf_tables.h | 2 +
net/netfilter/nf_conntrack_proto_gre.c | 1 +
net/netfilter/nf_flow_table_core.c | 24 +--
net/netfilter/nf_flow_table_ip.c | 231 ++++++++++++++++++----------
net/netfilter/nf_tables_api.c | 11 +-
net/netfilter/nft_exthdr.c | 106 +++++++++++++
net/netfilter/nft_flow_offload.c | 12 +-
net/netfilter/nft_lookup.c | 23 ++-
net/netfilter/nft_set_pipapo.c | 6 +-
11 files changed, 303 insertions(+), 135 deletions(-)
next reply other threads:[~2023-05-18 10:08 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-18 10:07 Florian Westphal [this message]
2023-05-18 10:07 ` [PATCH net-next 1/9] netfilter: nf_tables: relax set/map validation checks Florian Westphal
2023-05-18 22:50 ` patchwork-bot+netdevbpf
2023-05-18 10:07 ` [PATCH net-next 2/9] netfilter: nf_tables: always increment set element count Florian Westphal
2023-05-18 10:07 ` [PATCH net-next 3/9] netfilter: nft_exthdr: add boolean DCCP option matching Florian Westphal
2023-05-18 21:04 ` Jakub Kicinski
2023-05-19 10:53 ` Florian Westphal
2023-05-19 15:21 ` Jakub Kicinski
2023-05-19 15:25 ` Florian Westphal
2023-05-18 10:07 ` [PATCH net-next 4/9] netfilter: Reorder fields in 'struct nf_conntrack_expect' Florian Westphal
2023-05-18 10:07 ` [PATCH net-next 5/9] netfilter: nft_set_pipapo: Use struct_size() Florian Westphal
2023-05-18 10:07 ` [PATCH net-next 6/9] netfilter: conntrack: allow insertion clash of gre protocol Florian Westphal
2023-05-18 10:07 ` [PATCH net-next 7/9] netfilter: flowtable: simplify route logic Florian Westphal
2023-05-18 10:07 ` [PATCH net-next 8/9] netfilter: flowtable: split IPv4 datapath in helper functions Florian Westphal
2023-05-18 10:07 ` [PATCH net-next 9/9] netfilter: flowtable: split IPv6 " Florian Westphal
-- strict thread matches above, loose matches on Subject: below --
2024-08-22 22:19 [PATCH net-next 0/9] Netfilter updates for net-next Pablo Neira Ayuso
2023-05-18 9:46 Florian Westphal
2023-03-08 19:30 Florian Westphal
2023-01-18 12:31 Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230518100759.84858-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).