linux/include
David S. Miller 751fcac19a Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables
Pablo Neira Ayuso says:

====================
nf_tables updates for net-next

The following patchset contains the following nf_tables updates,
mostly updates from Patrick McHardy, they are:

* Add the "inet" table and filter chain type for this new netfilter
  family: NFPROTO_INET. This special table/chain allows IPv4 and IPv6
  rules, this should help to simplify the burden in the administration
  of dual stack firewalls. This also includes several patches to prepare
  the infrastructure for this new table and a new meta extension to
  match the layer 3 and 4 protocol numbers, from Patrick McHardy.

* Load both IPv4 and IPv6 conntrack modules in nft_ct if the rule is used
  in NFPROTO_INET, as we don't certainly know which one would be used,
  also from Patrick McHardy.

* Do not allow to delete a table that contains sets, otherwise these
  sets become orphan, from Patrick McHardy.

* Hold a reference to the corresponding nf_tables family module when
  creating a table of that family type, to avoid the module deletion
  when in use, from Patrick McHardy.

* Update chain counters before setting the chain policy to ensure that
  we don't leave the chain in inconsistent state in case of errors (aka.
  restore chain atomicity). This also fixes a possible leak if it fails
  to allocate the chain counters if no counters are passed to be restored,
  from Patrick McHardy.

* Don't check for overflows in the table counter if we are just renaming
  a chain, from Patrick McHardy.

* Replay the netlink request after dropping the nfnl lock to load the
  module that supports provides a chain type, from Patrick.

* Fix chain type module references, from Patrick.

* Several cleanups, function renames, constification and code
  refactorizations also from Patrick McHardy.

* Add support to set the connmark, this can be used to set it based on
  the meta mark (similar feature to -j CONNMARK --restore), from
  Kristian Evensen.

* A couple of fixes to the recently added meta/set support and nft_reject,
  and fix missing chain type unregistration if we fail to register our
  the family table/filter chain type, from myself.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-01-09 21:36:01 -05:00
..
acpi Merge branch 'acpica' 2013-11-27 01:03:27 +01:00
asm-generic Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-01-06 17:37:45 -05:00
clocksource
crypto crypto: scatterwalk - Use sg_chain_ptr on chain entries 2013-12-09 19:58:52 +08:00
drm Merge branch 'ttm-fixes-3.13' of git://people.freedesktop.org/~thomash/linux into drm-fixes 2013-11-21 18:46:56 +10:00
dt-bindings For the 3.13 merge window we have a couple of new drivers for the AMS 2013-11-15 16:37:40 -08:00
keys
kvm
linux net: skbuff: const-ify casts in skb_queue_* functions 2014-01-07 18:34:00 -05:00
math-emu
media [media] videobuf2: Add support for file access mode flags for DMABUF exporting 2013-12-09 14:50:50 -02:00
memory
misc
net netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
pcmcia
ras
rdma IB/core: const'ify inbuf in struct ib_udata 2013-12-16 10:38:28 -08:00
rxrpc
scsi [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers 2013-11-29 08:48:39 +04:00
sound ALSA: memalloc.h - fix wrong truncation of dma_addr_t 2013-12-10 15:30:46 +01:00
target target/file: Update hw_max_sectors based on current block_size 2013-12-19 00:18:54 -08:00
trace Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-12-02 10:13:09 -08:00
uapi netfilter: nft_ct: Add support to set the connmark 2014-01-09 19:07:44 +01:00
video fbdev changes for 3.13 2013-11-14 14:44:20 +09:00
xen Bug-fixes: 2013-12-20 09:34:54 -08:00
Kbuild