redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/netfilter
History
David S. Miller 4cb551a100 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 
Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for your net-next
tree. This includes better integration with the routing subsystem for
nf_tables, explicit notrack support and smaller updates. More
specifically, they are:

1) Add fib lookup expression for nf_tables, from Florian Westphal. This
   new expression provides a native replacement for iptables addrtype
   and rp_filter matches. This is more flexible though, since we can
   populate the kernel flowi representation to inquire fib to
   accomodate new usecases, such as RTBH through skb mark.

2) Introduce rt expression for nf_tables, from Anders K. Pedersen. This
   new expression allow you to access skbuff route metadata, more
   specifically nexthop and classid fields.

3) Add notrack support for nf_tables, to skip conntracking, requested by
   many users already.

4) Add boilerplate code to allow to use nf_log infrastructure from
   nf_tables ingress.

5) Allow to mangle pkttype from nf_tables prerouting chain, to emulate
   the xtables cluster match, from Liping Zhang.

6) Move socket lookup code into generic nf_socket_* infrastructure so
   we can provide a native replacement for the xtables socket match.

7) Make sure nfnetlink_queue data that is updated on every packets is
   placed in a different cache from read-only data, from Florian Westphal.

8) Handle NF_STOLEN from nf_tables core, also from Florian Westphal.

9) Start round robin number generation in nft_numgen from zero,
   instead of n-1, for consistency with xtables statistics match,
   patch from Liping Zhang.

10) Set GFP_NOWARN flag in skbuff netlink allocations in nfnetlink_log,
    given we retry with a smaller allocation on failure, from Calvin Owens.

11) Cleanup xt_multiport to use switch(), from Gao feng.

12) Remove superfluous check in nft_immediate and nft_cmp, from
    Liping Zhang.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
 		2016-11-02 14:57:47 -04:00
..
ipset netfilter: ipset: fix race condition in ipset save, swap and delete 2016-03-28 17:57:45 +02:00
ipvs genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
Kconfig netfilter: nf_tables: introduce routing expression 2016-11-01 20:50:31 +01:00
Makefile netfilter: nf_tables: introduce routing expression 2016-11-01 20:50:31 +01:00
core.c netfilter: fix nf_queue handling 2016-10-20 19:59:59 +02:00
nf_conntrack_acct.c netfilter: Remove uses of seq_<foo> return values 2015-03-18 10:51:35 +01:00
nf_conntrack_amanda.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: conntrack: restart gc immediately if GC_MAX_EVICTS is reached 2016-10-20 19:59:53 +02:00
nf_conntrack_ecache.c netfilter: don't rely on DYING bit to detect when destroy event was sent 2016-08-30 11:43:08 +02:00
nf_conntrack_expect.c netfilter: nf_ct_expect: remove the redundant slash when policy name is empty 2016-08-09 10:38:46 +02:00
nf_conntrack_extend.c netfilter: move nat hlist_head to nf_conn 2016-07-11 11:47:50 +02:00
nf_conntrack_ftp.c netfilter: ftp: Remove the useless code 2016-09-07 10:38:00 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931 2016-07-11 12:32:45 +02:00
nf_conntrack_h323_main.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nf_conntrack_irc.c netfilter: Add helper array register/unregister functions 2016-07-21 02:31:53 +02:00
nf_conntrack_l3proto_generic.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_labels.c netfilter: connlabels: move set helper to xt_connlabel 2016-07-22 17:05:10 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: conntrack: remove packet hotpath stats 2016-09-12 19:59:39 +02:00
nf_conntrack_pptp.c netfilter: conntrack: get rid of conntrack timer 2016-08-30 11:43:09 +02:00
nf_conntrack_proto.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: Only need first 4 bytes to get l4proto ports 2016-08-12 00:41:08 +02:00
nf_conntrack_proto_generic.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_gre.c netfilter: gre: Use consistent GRE and PTTP header structure instead of the ones defined by netfilter 2016-09-07 10:36:52 +02:00
nf_conntrack_proto_sctp.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_tcp.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udp.c netfilter: remove ip_conntrack* sysctl compat code 2016-08-13 13:27:13 +02:00
nf_conntrack_proto_udplite.c netfilter: conntrack: Only need first 4 bytes to get l4proto ports 2016-08-12 00:41:08 +02:00
nf_conntrack_sane.c netfilter: Add helper array register/unregister functions 2016-07-21 02:31:53 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: Fix the wrong ack adjust for the RST packet without ack 2016-09-25 14:54:01 +02:00
nf_conntrack_sip.c netfilter: nf_ct_sip: allow tab character in SIP headers 2016-09-07 13:53:43 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: evict stale entries when user reads /proc/net/nf_conntrack 2016-09-25 14:54:08 +02:00
nf_conntrack_tftp.c netfilter: Add helper array register/unregister functions 2016-07-21 02:31:53 +02:00
nf_conntrack_timeout.c netfilter: cttimeout: add netns support 2015-12-14 12:48:58 +01:00
nf_conntrack_timestamp.c netfilter: nf_ct_timestamp: Fix BUG_ON after netns deletion 2013-12-20 14:58:29 +01:00
nf_dup_netdev.c net: remove skb_sender_cpu_clear() 2016-03-01 17:36:47 -05:00
nf_internals.h netfilter: fix nf_queue handling 2016-10-20 19:59:59 +02:00
nf_log.c netfilter: fix namespace handling in nf_log_proc_dostring 2016-10-04 08:41:06 +02:00
nf_log_common.c netfilter: nf_log: add packet logging for netdev family 2016-11-01 20:50:30 +01:00
nf_log_netdev.c netfilter: nf_log: add packet logging for netdev family 2016-11-01 20:50:30 +01:00
nf_nat_amanda.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-09-23 06:46:57 -04:00
nf_nat_ftp.c
nf_nat_helper.c netfilter: nf_conntrack: make sequence number adjustments usuable without NAT 2013-08-28 00:26:48 +02:00
nf_nat_irc.c netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper 2014-01-06 14:17:17 +01:00
nf_nat_proto_common.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_dccp.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_sctp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_tcp.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_udp.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_udplite.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_proto_unknown.c
nf_nat_redirect.c netfilter: nf_nat_redirect: add missing NULL pointer check 2015-10-27 06:54:56 +01:00
nf_nat_sip.c netfilter: replace strnicmp with strncasecmp 2014-10-14 02:18:24 +02:00
nf_nat_tftp.c
nf_queue.c netfilter: fix nf_queue handling 2016-10-20 19:59:59 +02:00
nf_sockopt.c netfilter: don't use mutex_lock_interruptible() 2014-08-08 16:47:23 +02:00
nf_synproxy_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2015-09-05 21:57:42 -07:00
nf_tables_api.c netfilter: nf_tables: underflow in nft_parse_u32_check() 2016-10-17 17:43:53 +02:00
nf_tables_core.c netfilter: nf_tables: allow expressions to return STOLEN 2016-10-26 16:35:15 +02:00
nf_tables_inet.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nf_tables_netdev.c netfilter: Add the missed return value check of nft_register_chain_type 2016-09-12 19:54:45 +02:00
nf_tables_trace.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-09-25 23:34:19 +02:00
nfnetlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
nfnetlink_acct.c netfilter: nfnetlink: use list_for_each_entry_safe to delete all objects 2016-08-25 13:11:00 +02:00
nfnetlink_cthelper.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
nfnetlink_cttimeout.c netfilter: cttimeout: unlink timeout objs in the unconfirmed ct lists 2016-08-25 13:11:30 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: Use GFP_NOWARN for skb allocation 2016-10-26 16:35:15 +02:00
nfnetlink_queue.c netfilter: nf_queue: place volatile data in own cacheline 2016-11-01 20:50:33 +01:00
nft_bitwise.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nft_byteorder.c netfilter: nf_tables: validate maximum value of u32 netlink attributes 2016-09-23 09:29:02 +02:00
nft_cmp.c netfilter: nf_tables: remove useless U8_MAX validation 2016-11-01 20:50:32 +01:00
nft_compat.c netfilter: nft_compat: fix crash when related match/target module is removed 2016-07-23 12:25:00 +02:00
nft_counter.c libnl: nla_put_be64(): align on a 64-bit area 2016-04-23 20:13:24 -04:00
nft_ct.c netfilter: nft_ct: add notrack support 2016-10-26 16:35:16 +02:00
nft_dup_netdev.c netfilter: nf_tables: add packet duplication to the netdev family 2016-01-03 21:04:23 +01:00
nft_dynset.c netfilter: nft_dynset: fix element timeout for HZ != 1000 2016-10-17 17:29:39 +02:00
nft_exthdr.c netfilter: nft_exthdr: fix error handling in nft_exthdr_init() 2016-10-17 17:43:54 +02:00
nft_fib.c netfilter: nf_tables: add fib expression 2016-11-01 20:50:14 +01:00
nft_fib_inet.c netfilter: nf_tables: add fib expression 2016-11-01 20:50:14 +01:00
nft_fwd_netdev.c netfilter: nf_tables: add forward expression to the netdev family 2016-01-04 17:48:38 +01:00
nft_hash.c netfilter: nft_hash: add missing NFTA_HASH_OFFSET's nla_policy 2016-10-17 17:43:53 +02:00
nft_immediate.c netfilter: nf_tables: remove useless U8_MAX validation 2016-11-01 20:50:32 +01:00
nft_limit.c netfilter: nft_limit: fix divided by zero panic 2016-10-04 08:59:03 +02:00
nft_log.c netfilter: nft_log: complete NFTA_LOG_FLAGS attr support 2016-09-25 23:16:43 +02:00
nft_lookup.c netfilter: nft_lookup: remove superfluous element found check 2016-09-23 09:30:48 +02:00
nft_masq.c netfilter: nft_masq: support port range 2016-03-02 20:05:27 +01:00
nft_meta.c netfilter: nft_meta: permit pkttype mangling in ip/ip6 prerouting 2016-10-26 16:35:16 +02:00
nft_nat.c netfilter: nf_tables: switch registers to 32 bit addressing 2015-04-13 17:17:29 +02:00
nft_numgen.c netfilter: nft_numgen: start round robin from zero 2016-10-26 16:35:16 +02:00
nft_payload.c netfilter: nf_tables: check tprot_set first when we use xt.thoff 2016-09-23 09:30:26 +02:00
nft_queue.c netfilter: nft_queue: add _SREG_QNUM attr to select the queue number 2016-09-23 09:29:50 +02:00
nft_quota.c netfilter: nft_quota: introduce nft_overquota() 2016-09-07 11:02:06 +02:00
nft_range.c netfilter: nf_tables: avoid uninitialized variable warning 2016-10-18 17:35:10 +02:00
nft_redir.c netfilter: nf_tables: add register parsing/dumping helpers 2015-04-13 17:17:28 +02:00
nft_reject.c netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT 2016-08-25 12:55:34 +02:00
nft_reject_inet.c netfilter: nft_reject: restrict to INPUT/FORWARD/OUTPUT 2016-08-25 12:55:34 +02:00
nft_rt.c netfilter: nf_tables: introduce routing expression 2016-11-01 20:50:31 +01:00
nft_set_hash.c netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion 2016-08-26 17:30:20 +02:00
nft_set_rbtree.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2016-09-06 12:45:26 -07:00
x_tables.c netfilter: x_tables: suppress kmemcheck warning 2016-10-19 18:32:24 +02:00
xt_AUDIT.c netfilter: Convert uses of __constant_<foo> to <foo> 2014-03-13 14:13:19 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c netfilter: cttimeout: add netns support 2015-12-14 12:48:58 +01:00
xt_DSCP.c netfilter: fix various sparse warnings 2014-11-13 12:14:42 +01:00
xt_HL.c
xt_HMARK.c net: use reciprocal_scale() helper 2014-08-23 12:21:21 -07:00
xt_IDLETIMER.c netfilter: IDLETIMER: fix race condition when destroy the target 2016-04-29 14:28:48 +02:00
xt_LED.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-08-05 18:46:26 -07:00
xt_LOG.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
xt_NETMAP.c
xt_NFLOG.c netfilter: xt_NFLOG: fix unexpected truncated packet 2016-10-17 17:38:19 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: separate reusable code 2013-12-07 23:20:45 +01:00
xt_RATEEST.c netfilter: Enhance the codes used to get random once 2016-09-23 09:30:36 +02:00
xt_REDIRECT.c netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
xt_SECMARK.c
xt_TCPMSS.c netfilter: xt_TCPMSS: Refactor the codes to decrease one condition check and more readable 2016-09-24 21:13:21 +02:00
xt_TCPOPTSTRIP.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
xt_TEE.c netfilter: Add the missed return value check of register_netdevice_notifier 2016-09-12 19:54:43 +02:00
xt_TPROXY.c netfilter: tproxy: properly refcount tcp listeners 2016-08-18 00:51:13 +02:00
xt_TRACE.c netfilter: xt_TRACE: add explicitly nf_logger_find_get call 2016-06-23 13:26:49 +02:00
xt_addrtype.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
xt_bpf.c net: filter: split 'struct sk_filter' into socket and bpf parts 2014-08-02 15:03:58 -07:00
xt_cgroup.c netfilter: implement xt_cgroup cgroup2 path match 2015-12-14 20:34:55 +01:00
xt_cluster.c net: use reciprocal_scale() helper 2014-08-23 12:21:21 -07:00
xt_comment.c
xt_connbytes.c netfilter: Convert pr_warning to pr_warn 2014-09-10 12:40:10 -07:00
xt_connlabel.c netfilter: connlabels: move set helper to xt_connlabel 2016-07-22 17:05:10 +02:00
xt_connlimit.c netfilter: Enhance the codes used to get random once 2016-09-23 09:30:36 +02:00
xt_connmark.c netfilter: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
xt_conntrack.c netfilter: use_nf_conn_expires helper in more places 2016-08-12 00:43:13 +02:00
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: Add missing ULL suffixes for 64-bit constants 2016-10-17 17:25:23 +02:00
xt_helper.c netfilter: Remove explicit rcu_read_lock in nf_hook_slow 2016-09-24 21:29:53 +02:00
xt_hl.c
xt_ipcomp.c netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias name 2016-10-17 17:38:19 +02:00
xt_iprange.c
xt_ipvs.c ipvs: Pass ipvs into conn_out_get 2015-09-24 09:34:41 +09:00
xt_l2tp.c netfilter: introduce l2tp match extension 2014-01-09 21:36:39 +01:00
xt_length.c
xt_limit.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
xt_mac.c
xt_mark.c netfilter: xt_MARK: Add ARP support 2015-05-14 13:00:27 +02:00
xt_multiport.c netfilter: xt_multiport: Use switch case instead of multiple condition checks 2016-10-26 16:35:15 +02:00
xt_nat.c
xt_nfacct.c netfilter: nfnetlink_acct: report overquota to the right netns 2016-08-18 00:38:23 +02:00
xt_osf.c netfilter: xt_osf: remove unused variable 2016-02-29 13:59:43 +01:00
xt_owner.c netfilter: Allow xt_owner in any user namespace 2016-06-23 13:58:55 +02:00
xt_physdev.c netfilter: physdev: add missed blank 2016-08-12 00:42:14 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c net_sched: add 64bit rate estimators 2013-06-11 02:51:03 -07:00
xt_realm.c
xt_recent.c netfilter: Enhance the codes used to get random once 2016-09-23 09:30:36 +02:00
xt_repldata.h net: netfilter: LLVMLinux: vlais-netfilter 2014-06-07 11:44:39 -07:00
xt_sctp.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
xt_set.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
xt_socket.c netfilter: move socket lookup infrastructure to nf_socket_ipv{4,6}.c 2016-11-01 20:50:31 +01:00
xt_state.c
xt_statistic.c net: replace macros net_random and net_srandom with direct calls to prandom 2014-01-14 15:15:25 -08:00
xt_string.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
xt_tcpmss.c
xt_tcpudp.c netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF 2016-07-03 10:55:07 +02:00
xt_time.c
xt_u32.c