mirror of
https://github.com/torvalds/linux
synced 2024-09-06 01:40:28 +00:00
c85e41bfe7
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmZA578ACgkQ1V2XiooU IOS18g//Zyuv+23GcUM7+FEXrlMN658xJyWiYvKjOaZZx5ZiV0QdZc4cbfPFD44p qZBMmVC/WVoC89SLdwH1W47KoJU0xsK3/OdqGHHeNJ69111wIQMpOLfAetS2K0mb F+Ue2vyWg1GQDICGsCdenHX7ihtVvnJJkomxc+3ObxtLCNsb2Dsr6JM5hMVP5Bil 4UZnPsrgfWy3A8O92burlPVE1sTWDFfFUGIf8geJc4QadwkgufkzxMhXNO7xHlpG EZ99s8FPyD3R6tRPjf4gwdjr7JjinrdrYjZDuS4d3Uv8pKlUqcx8PgXG51/unr/y qlynLXtEc1QU6SO2jENosHAG2/LQG2zsYEiiLFCP+a1JOtOxevZQKx8MyAFW8xDX +RQhcBpTBocIyJ/tCDoM9lp69iYTR196Ct48v6pSGMNhZcddT4K4BkUL47GEs8T3 IA5x8h5gV2Q9ECMgqSaycdUsfLNgE/6fWx0ROs/wo3tMsgWrXCSJi8RFtN1sNbIO rfuNnQiETIFBkQxBi7um8jadxdfIHm65cjgZBCyVbNNml3JwjYvXLxCXt2G7LxC4 Sg4nZvIbqWIifoMc1aQKypvFZjzzsWtFmYCuEUVLrnpj2SFTyh5CNzNo3MlHf7LG sRb/XubdY6e0spLzd5VDjwH5qOT3poWAccatRr5BVUarxXCD5Vs= =RD9p -----END PGP SIGNATURE----- Merge tag 'nf-next-24-05-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next: Patch #1 skips transaction if object type provides no .update interface. Patch #2 skips NETDEV_CHANGENAME which is unused. Patch #3 enables conntrack to handle Multicast Router Advertisements and Multicast Router Solicitations from the Multicast Router Discovery protocol (RFC4286) as untracked opposed to invalid packets. From Linus Luessing. Patch #4 updates DCCP conntracker to mark invalid as invalid, instead of dropping them, from Jason Xing. Patch #5 uses NF_DROP instead of -NF_DROP since NF_DROP is 0, also from Jason. Patch #6 removes reference in netfilter's sysctl documentation on pickup entries which were already removed by Florian Westphal. Patch #7 removes check for IPS_OFFLOAD flag to disable early drop which allows to evict entries from the conntrack table, also from Florian. Patches #8 to #16 updates nf_tables pipapo set backend to allocate the datastructure copy on-demand from preparation phase, to better deal with OOM situations where .commit step is too late to fail. Series from Florian Westphal. Patch #17 adds a selftest with packetdrill to cover conntrack TCP state transitions, also from Florian. Patch #18 use GFP_KERNEL to clone elements from control plane to avoid quick atomic reserves exhaustion with large sets, reporter refers to million entries magnitude. * tag 'nf-next-24-05-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next: netfilter: nf_tables: allow clone callbacks to sleep selftests: netfilter: add packetdrill based conntrack tests netfilter: nft_set_pipapo: remove dirty flag netfilter: nft_set_pipapo: move cloning of match info to insert/removal path netfilter: nft_set_pipapo: prepare pipapo_get helper for on-demand clone netfilter: nft_set_pipapo: merge deactivate helper into caller netfilter: nft_set_pipapo: prepare walk function for on-demand clone netfilter: nft_set_pipapo: prepare destroy function for on-demand clone netfilter: nft_set_pipapo: make pipapo_clone helper return NULL netfilter: nft_set_pipapo: move prove_locking helper around netfilter: conntrack: remove flowtable early-drop test netfilter: conntrack: documentation: remove reference to non-existent sysctl netfilter: use NF_DROP instead of -NF_DROP netfilter: conntrack: dccp: try not to drop skb in conntrack netfilter: conntrack: fix ct-state for ICMPv6 Multicast Router Discovery netfilter: nf_tables: remove NETDEV_CHANGENAME from netdev chain event handler netfilter: nf_tables: skip transaction if update object is not implemented ==================== Link: https://lore.kernel.org/r/20240512161436.168973-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
---|---|---|
.. | ||
ipset | ||
ipvs | ||
core.c | ||
Kconfig | ||
Makefile | ||
nf_bpf_link.c | ||
nf_conncount.c | ||
nf_conntrack_acct.c | ||
nf_conntrack_amanda.c | ||
nf_conntrack_bpf.c | ||
nf_conntrack_broadcast.c | ||
nf_conntrack_core.c | ||
nf_conntrack_ecache.c | ||
nf_conntrack_expect.c | ||
nf_conntrack_extend.c | ||
nf_conntrack_ftp.c | ||
nf_conntrack_h323_asn1.c | ||
nf_conntrack_h323_main.c | ||
nf_conntrack_h323_types.c | ||
nf_conntrack_helper.c | ||
nf_conntrack_irc.c | ||
nf_conntrack_labels.c | ||
nf_conntrack_netbios_ns.c | ||
nf_conntrack_netlink.c | ||
nf_conntrack_ovs.c | ||
nf_conntrack_pptp.c | ||
nf_conntrack_proto.c | ||
nf_conntrack_proto_dccp.c | ||
nf_conntrack_proto_generic.c | ||
nf_conntrack_proto_gre.c | ||
nf_conntrack_proto_icmp.c | ||
nf_conntrack_proto_icmpv6.c | ||
nf_conntrack_proto_sctp.c | ||
nf_conntrack_proto_tcp.c | ||
nf_conntrack_proto_udp.c | ||
nf_conntrack_sane.c | ||
nf_conntrack_seqadj.c | ||
nf_conntrack_sip.c | ||
nf_conntrack_snmp.c | ||
nf_conntrack_standalone.c | ||
nf_conntrack_tftp.c | ||
nf_conntrack_timeout.c | ||
nf_conntrack_timestamp.c | ||
nf_dup_netdev.c | ||
nf_flow_table_core.c | ||
nf_flow_table_inet.c | ||
nf_flow_table_ip.c | ||
nf_flow_table_offload.c | ||
nf_flow_table_procfs.c | ||
nf_hooks_lwtunnel.c | ||
nf_internals.h | ||
nf_log.c | ||
nf_log_syslog.c | ||
nf_nat_amanda.c | ||
nf_nat_bpf.c | ||
nf_nat_core.c | ||
nf_nat_ftp.c | ||
nf_nat_helper.c | ||
nf_nat_irc.c | ||
nf_nat_masquerade.c | ||
nf_nat_ovs.c | ||
nf_nat_proto.c | ||
nf_nat_redirect.c | ||
nf_nat_sip.c | ||
nf_nat_tftp.c | ||
nf_queue.c | ||
nf_sockopt.c | ||
nf_synproxy_core.c | ||
nf_tables_api.c | ||
nf_tables_core.c | ||
nf_tables_offload.c | ||
nf_tables_trace.c | ||
nfnetlink.c | ||
nfnetlink_acct.c | ||
nfnetlink_cthelper.c | ||
nfnetlink_cttimeout.c | ||
nfnetlink_hook.c | ||
nfnetlink_log.c | ||
nfnetlink_osf.c | ||
nfnetlink_queue.c | ||
nft_bitwise.c | ||
nft_byteorder.c | ||
nft_chain_filter.c | ||
nft_chain_nat.c | ||
nft_chain_route.c | ||
nft_cmp.c | ||
nft_compat.c | ||
nft_connlimit.c | ||
nft_counter.c | ||
nft_ct.c | ||
nft_ct_fast.c | ||
nft_dup_netdev.c | ||
nft_dynset.c | ||
nft_exthdr.c | ||
nft_fib.c | ||
nft_fib_inet.c | ||
nft_fib_netdev.c | ||
nft_flow_offload.c | ||
nft_fwd_netdev.c | ||
nft_hash.c | ||
nft_immediate.c | ||
nft_inner.c | ||
nft_last.c | ||
nft_limit.c | ||
nft_log.c | ||
nft_lookup.c | ||
nft_masq.c | ||
nft_meta.c | ||
nft_nat.c | ||
nft_numgen.c | ||
nft_objref.c | ||
nft_osf.c | ||
nft_payload.c | ||
nft_queue.c | ||
nft_quota.c | ||
nft_range.c | ||
nft_redir.c | ||
nft_reject.c | ||
nft_reject_inet.c | ||
nft_reject_netdev.c | ||
nft_rt.c | ||
nft_set_bitmap.c | ||
nft_set_hash.c | ||
nft_set_pipapo.c | ||
nft_set_pipapo.h | ||
nft_set_pipapo_avx2.c | ||
nft_set_pipapo_avx2.h | ||
nft_set_rbtree.c | ||
nft_socket.c | ||
nft_synproxy.c | ||
nft_tproxy.c | ||
nft_tunnel.c | ||
nft_xfrm.c | ||
utils.c | ||
x_tables.c | ||
xt_addrtype.c | ||
xt_AUDIT.c | ||
xt_bpf.c | ||
xt_cgroup.c | ||
xt_CHECKSUM.c | ||
xt_CLASSIFY.c | ||
xt_cluster.c | ||
xt_comment.c | ||
xt_connbytes.c | ||
xt_connlabel.c | ||
xt_connlimit.c | ||
xt_connmark.c | ||
xt_CONNSECMARK.c | ||
xt_conntrack.c | ||
xt_cpu.c | ||
xt_CT.c | ||
xt_dccp.c | ||
xt_devgroup.c | ||
xt_dscp.c | ||
xt_DSCP.c | ||
xt_ecn.c | ||
xt_esp.c | ||
xt_hashlimit.c | ||
xt_helper.c | ||
xt_hl.c | ||
xt_HL.c | ||
xt_HMARK.c | ||
xt_IDLETIMER.c | ||
xt_ipcomp.c | ||
xt_iprange.c | ||
xt_ipvs.c | ||
xt_l2tp.c | ||
xt_LED.c | ||
xt_length.c | ||
xt_limit.c | ||
xt_LOG.c | ||
xt_mac.c | ||
xt_mark.c | ||
xt_MASQUERADE.c | ||
xt_multiport.c | ||
xt_nat.c | ||
xt_NETMAP.c | ||
xt_nfacct.c | ||
xt_NFLOG.c | ||
xt_NFQUEUE.c | ||
xt_osf.c | ||
xt_owner.c | ||
xt_physdev.c | ||
xt_pkttype.c | ||
xt_policy.c | ||
xt_quota.c | ||
xt_RATEEST.c | ||
xt_rateest.c | ||
xt_realm.c | ||
xt_recent.c | ||
xt_REDIRECT.c | ||
xt_repldata.h | ||
xt_sctp.c | ||
xt_SECMARK.c | ||
xt_set.c | ||
xt_socket.c | ||
xt_state.c | ||
xt_statistic.c | ||
xt_string.c | ||
xt_TCPMSS.c | ||
xt_tcpmss.c | ||
xt_TCPOPTSTRIP.c | ||
xt_tcpudp.c | ||
xt_TEE.c | ||
xt_time.c | ||
xt_TPROXY.c | ||
xt_TRACE.c | ||
xt_u32.c |