| Message ID | 20201212230513.3465-1-pablo@netfilter.org (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Netdev Maintainers |
| Headers | show |
On Sun, 13 Dec 2020 00:05:03 +0100 Pablo Neira Ayuso wrote: > 1) Missing dependencies in NFT_BRIDGE_REJECT, from Randy Dunlap. > > 2) Use atomic_inc_return() instead of atomic_add_return() in IPVS, > from Yejune Deng. > > 3) Simplify check for overquota in xt_nfacct, from Kaixu Xia. > > 4) Move nfnl_acct_list away from struct net, from Miao Wang. > > 5) Pass actual sk in reject actions, from Jan Engelhardt. > > 6) Add timeout and protoinfo to ctnetlink destroy events, > from Florian Westphal. > > 7) Four patches to generalize set infrastructure to support > for multiple expressions per set element. Pulled, thanks!
Hi Jakub, David, The following patchset contains Netfilter updates for net-next: 1) Missing dependencies in NFT_BRIDGE_REJECT, from Randy Dunlap. 2) Use atomic_inc_return() instead of atomic_add_return() in IPVS, from Yejune Deng. 3) Simplify check for overquota in xt_nfacct, from Kaixu Xia. 4) Move nfnl_acct_list away from struct net, from Miao Wang. 5) Pass actual sk in reject actions, from Jan Engelhardt. 6) Add timeout and protoinfo to ctnetlink destroy events, from Florian Westphal. 7) Four patches to generalize set infrastructure to support for multiple expressions per set element. Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git Thanks! ---------------------------------------------------------------- The following changes since commit f9e425e99b0756c1479042afe761073779df2a30: octeontx2-af: Add support for RSS hashing based on Transport protocol field (2020-11-21 16:05:22 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD for you to fetch changes up to 48b0ae046ee96eac999839f6d26c624b8c93ed66: netfilter: nftables: netlink support for several set element expressions (2020-12-12 19:20:52 +0100) ---------------------------------------------------------------- Florian Westphal (1): netfilter: ctnetlink: add timeout and protoinfo to destroy events Jan Engelhardt (1): netfilter: use actual socket sk for REJECT action Kaixu Xia (1): netfilter: Remove unnecessary conversion to bool Pablo Neira Ayuso (4): netfilter: nftables: generalize set expressions support netfilter: nftables: move nft_expr before nft_set netfilter: nftables: generalize set extension to support for several expressions netfilter: nftables: netlink support for several set element expressions Randy Dunlap (1): netfilter: nft_reject_bridge: fix build errors due to code movement Wang Shanker (1): netfilter: nfnl_acct: remove data from struct net Yejune Deng (1): ipvs: replace atomic_add_return() include/net/net_namespace.h | 3 - include/net/netfilter/ipv4/nf_reject.h | 4 +- include/net/netfilter/ipv6/nf_reject.h | 5 +- include/net/netfilter/nf_conntrack_l4proto.h | 2 +- include/net/netfilter/nf_tables.h | 95 ++++++---- include/uapi/linux/netfilter/nf_tables.h | 6 + net/bridge/netfilter/Kconfig | 2 + net/ipv4/netfilter/ipt_REJECT.c | 3 +- net/ipv4/netfilter/nf_reject_ipv4.c | 6 +- net/ipv4/netfilter/nft_reject_ipv4.c | 3 +- net/ipv6/netfilter/ip6t_REJECT.c | 2 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/netfilter/nft_reject_ipv6.c | 3 +- net/netfilter/ipvs/ip_vs_core.c | 2 +- net/netfilter/ipvs/ip_vs_sync.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 31 ++-- net/netfilter/nf_conntrack_proto_dccp.c | 13 +- net/netfilter/nf_conntrack_proto_sctp.c | 13 +- net/netfilter/nf_conntrack_proto_tcp.c | 13 +- net/netfilter/nf_tables_api.c | 250 ++++++++++++++++++++++----- net/netfilter/nfnetlink_acct.c | 38 +++- net/netfilter/nft_dynset.c | 156 ++++++++++++++--- net/netfilter/nft_reject_inet.c | 6 +- net/netfilter/nft_set_hash.c | 27 ++- net/netfilter/xt_nfacct.c | 2 +- 25 files changed, 534 insertions(+), 160 deletions(-)