1. 02 Nov, 2016 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 4cb551a1
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains Netfilter updates for your net-next
      tree. This includes better integration with the routing subsystem for
      nf_tables, explicit notrack support and smaller updates. More
      specifically, they are:
      
      1) Add fib lookup expression for nf_tables, from Florian Westphal. This
         new expression provides a native replacement for iptables addrtype
         and rp_filter matches. This is more flexible though, since we can
         populate the kernel flowi representation to inquire fib to
         accomodate new usecases, such as RTBH through skb mark.
      
      2) Introduce rt expression for nf_tables, from Anders K. Pedersen. This
         new expression allow you to access skbuff route metadata, more
         specifically nexthop and classid fields.
      
      3) Add notrack support for nf_tables, to skip conntracking, requested by
         many users already.
      
      4) Add boilerplate code to allow to use nf_log infrastructure from
         nf_tables ingress.
      
      5) Allow to mangle pkttype from nf_tables prerouting chain, to emulate
         the xtables cluster match, from Liping Zhang.
      
      6) Move socket lookup code into generic nf_socket_* infrastructure so
         we can provide a native replacement for the xtables socket match.
      
      7) Make sure nfnetlink_queue data that is updated on every packets is
         placed in a different cache from read-only data, from Florian Westphal.
      
      8) Handle NF_STOLEN from nf_tables core, also from Florian Westphal.
      
      9) Start round robin number generation in nft_numgen from zero,
         instead of n-1, for consistency with xtables statistics match,
         patch from Liping Zhang.
      
      10) Set GFP_NOWARN flag in skbuff netlink allocations in nfnetlink_log,
          given we retry with a smaller allocation on failure, from Calvin Owens.
      
      11) Cleanup xt_multiport to use switch(), from Gao feng.
      
      12) Remove superfluous check in nft_immediate and nft_cmp, from
          Liping Zhang.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4cb551a1
  2. 01 Nov, 2016 39 commits