From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
pabeni@redhat.com, edumazet@google.com, fw@strlen.de
Subject: [PATCH net-next 0/9] Netfilter updates for net-net
Date: Mon, 14 Oct 2024 13:14:11 +0200 [thread overview]
Message-ID: <20241014111420.29127-1-pablo@netfilter.org> (raw)
Hi,
The following series contains Netfilter updates for net-next:
1) Fix sparse warning in nf_tables related to use of percpu counters,
from Uros Bizjak.
2) use strscpy_pad in nft_meta_bridge, from Justin Stitt.
3) A series from patch #3 to patch #7 to reduce memory footprint of set
element transactions, Florian Westphal says:
When doing a flush on a set or mass adding/removing elements from a
set, each element needs to allocate 96 bytes to hold the transactional
state.
In such cases, virtually all the information in struct nft_trans_elem
is the same.
Change nft_trans_elem to a flex-array, i.e. a single nft_trans_elem
can hold multiple set element pointers.
The number of elements that can be stored in one nft_trans_elem is limited
by the slab allocator, this series limits the compaction to at most 62
elements as it caps the reallocation to 2048 bytes of memory.
4) Document legacy toggles for xtables packet classifiers, from
Bruno Leitao.
5) Use kfree_rcu() instead of call_rcu() + kmem_cache_free(), from Julia Lawall.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-24-10-14
Thanks.
----------------------------------------------------------------
The following changes since commit f66ebf37d69cc700ca884c6a18c2258caf8b151b:
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2024-10-03 10:05:55 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-24-10-14
for you to fetch changes up to 9539446cc659e390942b46df871f8abdd4750999:
netfilter: replace call_rcu by kfree_rcu for simple kmem_cache_free callback (2024-10-14 12:30:20 +0200)
----------------------------------------------------------------
netfilter pull request 24-10-14
----------------------------------------------------------------
Breno Leitao (1):
netfilter: Make legacy configs user selectable
Florian Westphal (5):
netfilter: nf_tables: prefer nft_trans_elem_alloc helper
netfilter: nf_tables: add nft_trans_commit_list_add_elem helper
netfilter: nf_tables: prepare for multiple elements in nft_trans_elem structure
netfilter: nf_tables: switch trans_elem to real flex array
netfilter: nf_tables: allocate element update information dynamically
Julia Lawall (1):
netfilter: replace call_rcu by kfree_rcu for simple kmem_cache_free callback
Justin Stitt (1):
netfilter: nf_tables: replace deprecated strncpy with strscpy_pad
Uros Bizjak (1):
netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c
include/net/netfilter/nf_tables.h | 25 +--
net/bridge/netfilter/Kconfig | 8 +-
net/bridge/netfilter/nft_meta_bridge.c | 2 +-
net/ipv4/netfilter/Kconfig | 16 +-
net/ipv6/netfilter/Kconfig | 9 +-
net/netfilter/nf_conncount.c | 10 +-
net/netfilter/nf_conntrack_expect.c | 10 +-
net/netfilter/nf_tables_api.c | 370 +++++++++++++++++++++++++--------
net/netfilter/xt_hashlimit.c | 9 +-
9 files changed, 330 insertions(+), 129 deletions(-)
next reply other threads:[~2024-10-14 11:14 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-14 11:14 Pablo Neira Ayuso [this message]
2024-10-14 11:14 ` [PATCH net-next 1/9] netfilter: nf_tables: Fix percpu address space issues in nf_tables_api.c Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 2/9] netfilter: nf_tables: replace deprecated strncpy with strscpy_pad Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 3/9] netfilter: nf_tables: prefer nft_trans_elem_alloc helper Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 4/9] netfilter: nf_tables: add nft_trans_commit_list_add_elem helper Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 5/9] netfilter: nf_tables: prepare for multiple elements in nft_trans_elem structure Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 6/9] netfilter: nf_tables: switch trans_elem to real flex array Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 7/9] netfilter: nf_tables: allocate element update information dynamically Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 8/9] netfilter: Make legacy configs user selectable Pablo Neira Ayuso
2024-10-14 11:14 ` [PATCH net-next 9/9] netfilter: replace call_rcu by kfree_rcu for simple kmem_cache_free callback Pablo Neira Ayuso
2024-10-14 20:10 ` [PATCH net-next 0/9] Netfilter updates for net-net Jakub Kicinski
2024-10-14 21:09 ` Florian Westphal
2024-10-14 22:00 ` Pablo Neira Ayuso
2024-10-14 22:20 ` Florian Westphal
2024-10-14 22:25 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241014111420.29127-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).