forked from Minki/linux
0bc4c07046
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next. Briefly speaking, cleanups and minor fixes for ipset from Jozsef Kadlecsik and Serget Popovich, more incremental updates to make br_netfilter a better place from Florian Westphal, ARP support to the x_tables mark match / target from and context Zhang Chunyu and the addition of context to know that the x_tables runs through nft_compat. More specifically, they are: 1) Fix sparse warning in ipset/ip_set_hash_ipmark.c when fetching the IPSET_ATTR_MARK netlink attribute, from Jozsef Kadlecsik. 2) Rename STREQ macro to STRNCMP in ipset, also from Jozsef. 3) Use skb->network_header to calculate the transport offset in ip_set_get_ip{4,6}_port(). From Alexander Drozdov. 4) Reduce memory consumption per element due to size miscalculation, this patch and follow up patches from Sergey Popovich. 5) Expand nomatch field from 1 bit to 8 bits to allow to simplify mtype_data_reset_flags(), also from Sergey. 6) Small clean for ipset macro trickery. 7) Fix error reporting when both ip_set_get_hostipaddr4() and ip_set_get_extensions() from per-set uadt functions. 8) Simplify IPSET_ATTR_PORT netlink attribute validation. 9) Introduce HOST_MASK instead of hardcoded 32 in ipset. 10) Return true/false instead of 0/1 in functions that return boolean in the ipset code. 11) Validate maximum length of the IPSET_ATTR_COMMENT netlink attribute. 12) Allow to dereference from ext_*() ipset macros. 13) Get rid of incorrect definitions of HKEY_DATALEN. 14) Include linux/netfilter/ipset/ip_set.h in the x_tables set match. 15) Reduce nf_bridge_info size in br_netfilter, from Florian Westphal. 16) Release nf_bridge_info after POSTROUTING since this is only needed from the physdev match, also from Florian. 17) Reduce size of ipset code by deinlining ip_set_put_extensions(), from Denys Vlasenko. 18) Oneliner to add ARP support to the x_tables mark match/target, from Zhang Chunyu. 19) Add context to know if the x_tables extension runs from nft_compat, to address minor problems with three existing extensions. 20) Correct return value in several seqfile *_show() functions in the netfilter tree, from Joe Perches. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
arp_tables.c | ||
arpt_mangle.c | ||
arptable_filter.c | ||
ip_tables.c | ||
ipt_ah.c | ||
ipt_CLUSTERIP.c | ||
ipt_ECN.c | ||
ipt_MASQUERADE.c | ||
ipt_REJECT.c | ||
ipt_rpfilter.c | ||
ipt_SYNPROXY.c | ||
iptable_filter.c | ||
iptable_mangle.c | ||
iptable_nat.c | ||
iptable_raw.c | ||
iptable_security.c | ||
Kconfig | ||
Makefile | ||
nf_conntrack_l3proto_ipv4_compat.c | ||
nf_conntrack_l3proto_ipv4.c | ||
nf_conntrack_proto_icmp.c | ||
nf_defrag_ipv4.c | ||
nf_log_arp.c | ||
nf_log_ipv4.c | ||
nf_nat_h323.c | ||
nf_nat_l3proto_ipv4.c | ||
nf_nat_masquerade_ipv4.c | ||
nf_nat_pptp.c | ||
nf_nat_proto_gre.c | ||
nf_nat_proto_icmp.c | ||
nf_nat_snmp_basic.c | ||
nf_reject_ipv4.c | ||
nf_tables_arp.c | ||
nf_tables_ipv4.c | ||
nft_chain_nat_ipv4.c | ||
nft_chain_route_ipv4.c | ||
nft_masq_ipv4.c | ||
nft_redir_ipv4.c | ||
nft_reject_ipv4.c |