Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next
Pablo Neira Ayuso says:
====================
Netfilter updates for net-next
The following patchset contains Netfilter updates for net-next.
This patchset contains updates for the nf_tables register tracking
infrastructure, disable bogus warning when attaching ct helpers,
one namespace pollution fix and few cleanups for the flowtable.
1) Revisit conntrack gc routine to reduce chances of overruning
the netlink buffer from the event path. From Florian Westphal.
2) Disable warning on explicit ct helper assignment, from Phil Sutter.
3) Read-only expressions do not update registers, mark them as
NFT_REDUCE_READONLY. Add helper functions to update the register
tracking information. This patch re-enables the register tracking
infrastructure.
4) Cancel register tracking in case an expression fully/partially
clobbers existing data.
5) Add register tracking support for remaining expressions: ct,
lookup, meta, numgen, osf, hash, immediate, socket, xfrm, tunnel,
fib, exthdr.
6) Rename init and exit functions for the conntrack h323 helper,
from Randy Dunlap.
7) Remove redundant field in struct flow_offload_work.
8) Update nf_flow_table_iterate() to pass flowtable to callback.
====================
Signed-off-by: 
David S. Miller <davem@davemloft.net>
Showing
- include/net/netfilter/nf_conntrack_helper.h 1 addition, 0 deletionsinclude/net/netfilter/nf_conntrack_helper.h
- include/net/netfilter/nf_tables.h 22 additions, 0 deletionsinclude/net/netfilter/nf_tables.h
- include/net/netfilter/nft_fib.h 3 additions, 0 deletionsinclude/net/netfilter/nft_fib.h
- include/net/netfilter/nft_meta.h 3 additions, 0 deletionsinclude/net/netfilter/nft_meta.h
- net/bridge/netfilter/nft_meta_bridge.c 3 additions, 2 deletionsnet/bridge/netfilter/nft_meta_bridge.c
- net/bridge/netfilter/nft_reject_bridge.c 1 addition, 0 deletionsnet/bridge/netfilter/nft_reject_bridge.c
- net/ipv4/netfilter/nf_nat_h323.c 4 additions, 4 deletionsnet/ipv4/netfilter/nf_nat_h323.c
- net/ipv4/netfilter/nft_dup_ipv4.c 1 addition, 0 deletionsnet/ipv4/netfilter/nft_dup_ipv4.c
- net/ipv4/netfilter/nft_fib_ipv4.c 2 additions, 0 deletionsnet/ipv4/netfilter/nft_fib_ipv4.c
- net/ipv4/netfilter/nft_reject_ipv4.c 1 addition, 0 deletionsnet/ipv4/netfilter/nft_reject_ipv4.c
- net/ipv6/netfilter/nft_dup_ipv6.c 1 addition, 0 deletionsnet/ipv6/netfilter/nft_dup_ipv6.c
- net/ipv6/netfilter/nft_fib_ipv6.c 2 additions, 0 deletionsnet/ipv6/netfilter/nft_fib_ipv6.c
- net/ipv6/netfilter/nft_reject_ipv6.c 1 addition, 0 deletionsnet/ipv6/netfilter/nft_reject_ipv6.c
- net/netfilter/nf_conntrack_core.c 68 additions, 17 deletionsnet/netfilter/nf_conntrack_core.c
- net/netfilter/nf_conntrack_helper.c 6 additions, 0 deletionsnet/netfilter/nf_conntrack_helper.c
- net/netfilter/nf_flow_table_core.c 10 additions, 10 deletionsnet/netfilter/nf_flow_table_core.c
- net/netfilter/nf_flow_table_offload.c 6 additions, 5 deletionsnet/netfilter/nf_flow_table_offload.c
- net/netfilter/nf_tables_api.c 62 additions, 1 deletionnet/netfilter/nf_tables_api.c
- net/netfilter/nft_bitwise.c 16 additions, 8 deletionsnet/netfilter/nft_bitwise.c
- net/netfilter/nft_byteorder.c 1 addition, 2 deletionsnet/netfilter/nft_byteorder.c
Please register or sign in to comment