2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-21 19:53:59 +08:00
linux-next/net/ipv4/netfilter
David S. Miller 0aac383353 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:

====================
nf-next pull request

The following patchset contains Netfilter/IPVS updates for your
net-next tree. Regarding nf_tables, most updates focus on consolidating
the NAT infrastructure and adding support for masquerading. More
specifically, they are:

1) use __u8 instead of u_int8_t in arptables header, from
   Mike Frysinger.

2) Add support to match by skb->pkttype to the meta expression, from
   Ana Rey.

3) Add support to match by cpu to the meta expression, also from
   Ana Rey.

4) A smatch warning about IPSET_ATTR_MARKMASK validation, patch from
   Vytas Dauksa.

5) Fix netnet and netportnet hash types the range support for IPv4,
   from Sergey Popovich.

6) Fix missing-field-initializer warnings resolved, from Mark Rustad.

7) Dan Carperter reported possible integer overflows in ipset, from
   Jozsef Kadlecsick.

8) Filter out accounting objects in nfacct by type, so you can
   selectively reset quotas, from Alexey Perevalov.

9) Move specific NAT IPv4 functions to the core so x_tables and
   nf_tables can share the same NAT IPv4 engine.

10) Use the new NAT IPv4 functions from nft_chain_nat_ipv4.

11) Move specific NAT IPv6 functions to the core so x_tables and
    nf_tables can share the same NAT IPv4 engine.

12) Use the new NAT IPv6 functions from nft_chain_nat_ipv6.

13) Refactor code to add nft_delrule(), which can be reused in the
    enhancement of the NFT_MSG_DELTABLE to remove a table and its
    content, from Arturo Borrero.

14) Add a helper function to unregister chain hooks, from
    Arturo Borrero.

15) A cleanup to rename to nft_delrule_by_chain for consistency with
    the new nft_*() functions, also from Arturo.

16) Add support to match devgroup to the meta expression, from Ana Rey.

17) Reduce stack usage for IPVS socket option, from Julian Anastasov.

18) Remove unnecessary textsearch state initialization in xt_string,
    from Bojan Prtvar.

19) Add several helper functions to nf_tables, more work to prepare
    the enhancement of NFT_MSG_DELTABLE, again from Arturo Borrero.

20) Enhance NFT_MSG_DELTABLE to delete a table and its content, from
    Arturo Borrero.

21) Support NAT flags in the nat expression to indicate the flavour,
    eg. random fully, from Arturo.

22) Add missing audit code to ebtables when replacing tables, from
    Nicolas Dichtel.

23) Generalize the IPv4 masquerading code to allow its re-use from
    nf_tables, from Arturo.

24) Generalize the IPv6 masquerading code, also from Arturo.

25) Add the new masq expression to support IPv4/IPv6 masquerading
    from nf_tables, also from Arturo.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-09-10 12:46:32 -07:00
..
arp_tables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip_tables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_CLUSTERIP.c net: use reciprocal_scale() helper 2014-08-23 12:21:21 -07:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ipt_REJECT.c netfilter: REJECT: separate reusable code 2013-12-30 15:04:41 +01:00
ipt_rpfilter.c ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2014-04-16 15:05:11 -04:00
ipt_SYNPROXY.c netfilter: SYNPROXY target: restrict to INPUT/FORWARD 2013-12-11 11:30:25 +01:00
iptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_mangle.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_nat.c netfilter: nat: move specific NAT IPv4 to core 2014-09-02 17:14:10 +02:00
iptable_raw.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_security.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
Kconfig Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-09-10 12:46:32 -07:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2014-09-10 12:46:32 -07:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: remove exceptional & on function name 2014-07-25 14:50:58 +02:00
nf_conntrack_proto_icmp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_defrag_ipv4.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_log_arp.c netfilter: add generic ARP packet logger 2014-06-27 13:20:38 +02:00
nf_log_ipv4.c netfilter: log: nf_log_packet() as real unified interface 2014-06-27 13:20:13 +02:00
nf_nat_h323.c netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report() 2014-02-05 17:46:05 +01:00
nf_nat_l3proto_ipv4.c netfilter: nat: move specific NAT IPv4 to core 2014-09-02 17:14:10 +02:00
nf_nat_masquerade_ipv4.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
nf_nat_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_gre.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_icmp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_snmp_basic.c netfilter: nf_nat_snmp_basic: fix duplicates in if/else branches 2014-02-14 11:37:36 +01:00
nf_tables_arp.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nf_tables_ipv4.c netfilter: nf_tables: fix error path in the init functions 2014-01-09 23:25:48 +01:00
nft_chain_nat_ipv4.c netfilter: nft_chain_nat_ipv4: use generic IPv4 NAT code from core 2014-09-02 17:14:11 +02:00
nft_chain_route_ipv4.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nft_masq_ipv4.c netfilter: nf_tables: add new nft_masq expression 2014-09-09 16:31:30 +02:00
nft_reject_ipv4.c netfilter: nf_tables: add reject module for NFPROTO_INET 2014-02-06 09:44:18 +01:00