mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-21 00:10:09 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
David S. Miller fb83eb93c6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 
Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for your net-next
tree, they are:

1) Remove obsolete nf_log tracing from nf_tables, from Florian Westphal.

2) Add support for map lookups to numgen, random and hash expressions,
   from Laura Garcia.

3) Allow to register nat hooks for iptables and nftables at the same
   time. Patchset from Florian Westpha.

4) Timeout support for rbtree sets.

5) ip6_rpfilter works needs interface for link-local addresses, from
   Vincent Bernat.

6) Add nf_ct_hook and nf_nat_hook structures and use them.

7) Do not drop packets on packets raceing to insert conntrack entries
   into hashes, this is particularly a problem in nfqueue setups.

8) Address fallout from xt_osf separation to nf_osf, patches
   from Florian Westphal and Fernando Mancera.

9) Remove reference to struct nft_af_info, which doesn't exist anymore.
   From Taehee Yoo.

This batch comes with is a conflict between 25fd386e0b ("netfilter:
core: add missing __rcu annotation") in your tree and 2c205dd398
("netfilter: add struct nf_nat_hook and use it") coming in this batch.
This conflict can be solved by leaving the __rcu tag on
__netfilter_net_init() - added by 25fd386e0b - and remove all code
related to nf_nat_decode_session_hook - which is gone after
2c205dd398, as described by:

diff --cc net/netfilter/core.c
index e0ae4aae96f5,206fb2c4c319..168af54db975
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@@ -611,7 -580,13 +611,8 @@@ const struct nf_conntrack_zone nf_ct_zo
  EXPORT_SYMBOL_GPL(nf_ct_zone_dflt);
  #endif /* CONFIG_NF_CONNTRACK */

- static void __net_init __netfilter_net_init(struct nf_hook_entries **e, int max)
 -#ifdef CONFIG_NF_NAT_NEEDED
 -void (*nf_nat_decode_session_hook)(struct sk_buff *, struct flowi *);
 -EXPORT_SYMBOL(nf_nat_decode_session_hook);
 -#endif
 -
+ static void __net_init
+ __netfilter_net_init(struct nf_hook_entries __rcu **e, int max)
  {
  	int h;

I can also merge your net-next tree into nf-next, solve the conflict and
resend the pull request if you prefer so.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-23 16:37:11 -04:00
..
ipset Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
ipvs Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-21 16:01:54 -04:00
core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-23 16:37:11 -04:00
Kconfig netfilter: make NF_OSF non-visible symbol 2018-05-23 09:14:06 +02:00
Makefile netfilter: extract Passive OS fingerprint infrastructure from xt_osf 2018-05-07 00:02:11 +02:00
nf_conncount.c netfilter: conncount: Support count only use case 2018-03-20 13:27:18 +01:00
nf_conntrack_acct.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_amanda.c netfilter: use nf_conntrack_helpers_register when possible 2017-06-19 19:13:21 +02:00
nf_conntrack_broadcast.c netfilter: nf_conntrack_broadcast: remove useless parameter 2018-03-05 23:15:43 +01:00
nf_conntrack_core.c netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks 2018-05-23 09:26:08 +02:00
nf_conntrack_ecache.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_expect.c netfilter: nf_conntrack_sip: allow duplicate SDP expectations 2018-04-09 17:05:27 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Remove unwanted comments. 2018-01-08 18:01:05 +01:00
nf_conntrack_h323_main.c netfilter: move route indirection to struct nf_ipv6_ops 2018-01-08 18:01:26 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: expect: add and use nf_ct_expect_iterate helpers 2017-07-31 19:09:38 +02:00
nf_conntrack_irc.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_l3proto_generic.c netfilter: conntrack: place print_tuple in procfs part 2017-08-24 18:52:32 +02:00
nf_conntrack_labels.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c netfilter: add struct nf_nat_hook and use it 2018-05-23 09:26:07 +02:00
nf_conntrack_pptp.c netfilter: Remove duplicated rcu_read_lock. 2017-07-24 13:24:46 +02:00
nf_conntrack_proto.c netfilter: conntrack: constify list of builtin trackers 2018-01-08 16:47:14 +01:00
nf_conntrack_proto_dccp.c netfilter: conntrack: l4 protocol trackers can be const 2018-01-08 18:00:54 +01:00
nf_conntrack_proto_generic.c netfilter: conntrack: timeouts can be const 2018-01-08 18:01:02 +01:00
nf_conntrack_proto_gre.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_conntrack_proto_sctp.c netfilter: conntrack: timeouts can be const 2018-01-08 18:01:02 +01:00
nf_conntrack_proto_tcp.c netfilter: Fix handling simultaneous open in TCP conntrack 2018-04-27 00:39:29 +02:00
nf_conntrack_proto_udp.c netfilter: conntrack: timeouts can be const 2018-01-08 18:01:02 +01:00
nf_conntrack_sane.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_seqadj.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_sip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-06 21:51:37 -04:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_conntrack_tftp.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_timeout.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_timestamp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_dup_netdev.c netfilter: dup: resolve warnings about missing prototypes 2017-05-29 11:32:36 +02:00
nf_flow_table_core.c netfilter: nf_flow_table: fix offloading connections with SNAT+DNAT 2018-04-24 10:29:07 +02:00
nf_flow_table_inet.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c netfilter: nf_flow_table: add missing condition for TCP state check 2018-04-24 10:29:04 +02:00
nf_internals.h netfilter: core: export raw versions of add/delete hook functions 2018-05-23 09:14:05 +02:00
nf_log.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_log_common.c
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_nat_amanda.c netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_core.c netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks 2018-05-23 09:26:08 +02:00
nf_nat_ftp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_helper.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_irc.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_proto_common.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_dccp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_sctp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_tcp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_udp.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_proto_unknown.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_redirect.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_sip.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_tftp.c
nf_osf.c netfilter: extract Passive OS fingerprint infrastructure from xt_osf 2018-05-07 00:02:11 +02:00
nf_queue.c netfilter: remove duplicated include 2018-01-10 15:32:15 +01:00
nf_sockopt.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_synproxy_core.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_tables_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-23 16:37:11 -04:00
nf_tables_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-23 16:37:11 -04:00
nf_tables_trace.c netfilter: nf_tables: Allow chain name of up to 255 chars 2017-07-31 20:41:57 +02:00
nfnetlink.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nfnetlink_acct.c netfilter: prefer nla_strlcpy for dealing with NLA_STRING attributes 2018-05-08 14:15:31 +02:00
nfnetlink_cthelper.c netfilter: prefer nla_strlcpy for dealing with NLA_STRING attributes 2018-05-08 14:15:31 +02:00
nfnetlink_cttimeout.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nfnetlink_log.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
nfnetlink_queue.c netfilter: nfnetlink_queue: resolve clash for unconfirmed conntracks 2018-05-23 09:26:08 +02:00
nft_bitwise.c netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
nft_byteorder.c
nft_chain_filter.c netfilter: nf_tables: build-in filter chain type 2018-03-30 11:29:19 +02:00
nft_cmp.c netfilter: mark expected switch fall-throughs 2018-01-08 18:01:01 +01:00
nft_compat.c netfilter: nft_compat: fix handling of large matchinfo size 2018-05-09 10:09:27 +02:00
nft_counter.c netfilter: nf_tables: add select_ops for stateful objects 2017-09-04 13:25:09 +02:00
nft_ct.c netfilter: nft_ct: add NFT_CT_{SRC,DST}_{IP,IP6} 2018-03-20 13:27:19 +01:00
nft_dup_netdev.c
nft_dynset.c netfilter: nft_dynset: fix timeout updates on 32bit 2018-05-07 00:05:22 +02:00
nft_exthdr.c netfilter: nf_tables: merge exthdr expression into nft core 2018-04-27 00:00:56 +02:00
nft_fib.c
nft_fib_inet.c
nft_fib_netdev.c netfilter: nf_tables: add fib expression to the netdev family 2017-07-31 19:01:40 +02:00
nft_flow_offload.c netfilter: nf_tables: simplify lookup functions 2018-04-24 10:29:09 +02:00
nft_fwd_netdev.c
nft_hash.c netfilter: nft_hash: add map lookups for hashing operations 2018-05-17 14:00:52 +02:00
nft_immediate.c netfilter: nf_tables: bogus EBUSY in chain deletions 2018-05-09 10:09:30 +02:00
nft_limit.c netfilter: nft_limit: add stateful object type 2017-09-04 13:25:16 +02:00
nft_log.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_lookup.c netfilter: nf_tables: rename to nft_set_lookup_global() 2018-03-30 11:29:20 +02:00
nft_masq.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_meta.c netfilter: nf_tables: make meta expression builtin 2018-04-27 00:00:46 +02:00
nft_nat.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nft_numgen.c netfilter: nft_numgen: add map lookups for numgen random operations 2018-05-17 14:00:41 +02:00
nft_objref.c netfilter: nf_tables: simplify lookup functions 2018-04-24 10:29:09 +02:00
nft_payload.c netfilter: fix a few (harmless) sparse warnings 2017-08-28 17:42:56 +02:00
nft_queue.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_quota.c netfilter: nf_tables: add select_ops for stateful objects 2017-09-04 13:25:09 +02:00
nft_range.c netfilter: nf_tables: revisit chain/object refcounting from elements 2017-05-15 12:51:41 +02:00
nft_redir.c netfilter: nf_tables: add single table list for all families 2018-01-10 15:32:08 +01:00
nft_reject.c
nft_reject_inet.c
nft_rt.c netfilter: nf_tables: merge rt expression into nft core 2018-04-27 00:00:55 +02:00
nft_set_bitmap.c netfilter: nf_tables: Simplify set backend selection 2018-04-24 10:29:11 +02:00
nft_set_hash.c netfilter: nf_tables: Simplify set backend selection 2018-04-24 10:29:11 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: add timeout support 2018-05-23 09:14:06 +02:00
utils.c netfilter: move reroute indirection to struct nf_ipv6_ops 2018-01-08 18:10:53 +01:00
x_tables.c netfilter: x_tables: check name length in find_match/target, too 2018-04-27 00:40:11 +02:00
xt_addrtype.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_AUDIT.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CHECKSUM.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: get rid of xt_cluster_ipv6_is_multicast 2018-03-05 23:15:43 +01:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlimit.c netfilter: Refactor nf_conncount 2018-03-20 13:27:17 +01:00
xt_connmark.c netfilter: xt_connmark: do not cast xt_connmark_tginfo1 to xt_connmark_tginfo2 2018-04-19 16:19:28 +02:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: xt_CT: use pr ratelimiting 2018-02-14 21:05:34 +01:00
xt_dccp.c
xt_devgroup.c
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_LOG.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_nfacct.c netfilter: nfnetlink_acct: remove useless parameter 2018-03-05 23:15:43 +01:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_osf.c netfilter: extract Passive OS fingerprint infrastructure from xt_osf 2018-05-07 00:02:11 +02:00
xt_owner.c
xt_physdev.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_pkttype.c
xt_policy.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_quota.c
xt_RATEEST.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_realm.c
xt_recent.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_repldata.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_sctp.c sctp: remove the typedef sctp_chunkhdr_t 2017-07-01 09:08:41 -07:00
xt_SECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_set.c netfilter: xt_set: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_socket.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c netfilter: x_tables: fix pointer leaks to userspace 2018-01-31 14:59:24 +01:00
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c netfilter: Rework xt_TEE netdevice notifier 2018-03-30 10:59:23 -04:00
xt_time.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
xt_TPROXY.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TRACE.c
xt_u32.c