1. 06 Jul, 2016 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · ae3e4562
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter updates for net-next
      
      The following patchset contains Netfilter updates for net-next,
      they are:
      
      1) Don't use userspace datatypes in bridge netfilter code, from
         Tobin Harding.
      
      2) Iterate only once over the expectation table when removing the
         helper module, instead of once per-netns, from Florian Westphal.
      
      3) Extra sanitization in xt_hook_ops_alloc() to return error in case
         we ever pass zero hooks, xt_hook_ops_alloc():
      
      4) Handle NFPROTO_INET from the logging core infrastructure, from
         Liping Zhang.
      
      5) Autoload loggers when TRACE target is used from rules, this doesn't
         change the behaviour in case the user already selected nfnetlink_log
         as preferred way to print tracing logs, also from Liping Zhang.
      
      6) Conntrack slabs with SLAB_HWCACHE_ALIGN to allow rearranging fields
         by cache lines, increases the size of entries in 11% per entry.
         From Florian Westphal.
      
      7) Skip zone comparison if CONFIG_NF_CONNTRACK_ZONES=n, from Florian.
      
      8) Remove useless defensive check in nf_logger_find_get() from Shivani
         Bhardwaj.
      
      9) Remove zone extension as place it in the conntrack object, this is
         always include in the hashing and we expect more intensive use of
         zones since containers are in place. Also from Florian Westphal.
      
      10) Owner match now works from any namespace, from Eric Bierdeman.
      
      11) Make sure we only reply with TCP reset to TCP traffic from
          nf_reject_ipv4, patch from Liping Zhang.
      
      12) Introduce --nflog-size to indicate amount of network packet bytes
          that are copied to userspace via log message, from Vishwanath Pai.
          This obsoletes --nflog-range that has never worked, it was designed
          to achieve this but it has never worked.
      
      13) Introduce generic macros for nf_tables object generation masks.
      
      14) Use generation mask in table, chain and set objects in nf_tables.
          This allows fixes interferences with ongoing preparation phase of
          the commit protocol and object listings going on at the same time.
          This update is introduced in three patches, one per object.
      
      15) Check if the object is active in the next generation for element
          deactivation in the rbtree implementation, given that deactivation
          happens from the commit phase path we have to observe the future
          status of the object.
      
      16) Support for deletion of just added elements in the hash set type.
      
      17) Allow to resize hashtable from /proc entry, not only from the
          obscure /sys entry that maps to the module parameter, from Florian
          Westphal.
      
      18) Get rid of NFT_BASECHAIN_DISABLED, this code is not exercised
          anymore since we tear down the ruleset whenever the netdevice
          goes away.
      
      19) Support for matching inverted set lookups, from Arturo Borrero.
      
      20) Simplify the iptables_mangle_hook() by removing a superfluous
          extra branch.
      
      21) Introduce ether_addr_equal_masked() and use it from the netfilter
          codebase, from Joe Perches.
      
      22) Remove references to "Use netfilter MARK value as routing key"
          from the Netfilter Kconfig description given that this toggle
          doesn't exists already for 10 years, from Moritz Sichert.
      
      23) Introduce generic NF_INVF() and use it from the xtables codebase,
          from Joe Perches.
      
      24) Setting logger to NONE via /proc was not working unless explicit
          nul-termination was included in the string. This fixes seems to
          leave the former behaviour there, so we don't break backward.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ae3e4562
  2. 05 Jul, 2016 39 commits