2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-18 18:23:53 +08:00
linux-next/net/ipv6/netfilter
David S. Miller 9dc20a6496 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for net-next, they are:

1) A couple of cleanups for the netfilter core hook from Eric Biederman.

2) Net namespace hook registration, also from Eric. This adds a dependency with
   the rtnl_lock. This should be fine by now but we have to keep an eye on this
   because if we ever get the per-subsys nfnl_lock before rtnl we have may
   problems in the future. But we have room to remove this in the future by
   propagating the complexity to the clients, by registering hooks for the init
   netns functions.

3) Update nf_tables to use the new net namespace hook infrastructure, also from
   Eric.

4) Three patches to refine and to address problems from the new net namespace
   hook infrastructure.

5) Switch to alternate jumpstack in xtables iff the packet is reentering. This
   only applies to a very special case, the TEE target, but Eric Dumazet
   reports that this is slowing down things for everyone else. So let's only
   switch to the alternate jumpstack if the tee target is in used through a
   static key. This batch also comes with offline precalculation of the
   jumpstack based on the callchain depth. From Florian Westphal.

6) Minimal SCTP multihoming support for our conntrack helper, from Michal
   Kubecek.

7) Reduce nf_bridge_info per skbuff scratchpad area to 32 bytes, from Florian
   Westphal.

8) Fix several checkpatch errors in bridge netfilter, from Bernhard Thaler.

9) Get rid of useless debug message in ip6t_REJECT, from Subash Abhinov.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-08-04 23:57:45 -07:00
..
ip6_tables.c netfilter: xtables: remove __pure annotation 2015-07-15 18:18:07 +02:00
ip6t_ah.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_eui64.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_frag.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_hbh.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_ipv6header.c netfilter: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
ip6t_MASQUERADE.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ip6t_mh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_NPT.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-07 18:37:01 -04:00
ip6t_REJECT.c netfilter: ip6t_REJECT: Remove debug messages from reject_tg6() 2015-08-04 11:12:51 +02:00
ip6t_rpfilter.c net: ipv6: more places need LOOPBACK_IFINDEX for flowi6_iif 2014-04-28 14:47:03 -04:00
ip6t_rt.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_SYNPROXY.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
ip6table_filter.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_mangle.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_nat.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_raw.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
ip6table_security.c netfilter: Pass nf_hook_state through ip6t_do_table(). 2015-04-04 12:52:06 -04:00
Kconfig netfilter: Kconfig: get rid of parens around depends on 2015-06-15 17:26:37 +02:00
Makefile netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
nf_conntrack_l3proto_ipv6.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
nf_conntrack_proto_icmpv6.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_reasm.c inet: frag: change *_frag_mem_limit functions to take netns_frags as argument 2015-07-26 21:00:14 -07:00
nf_defrag_ipv6_hooks.c netfilter: bridge: reduce nf_bridge_info to 32 bytes again 2015-07-30 13:37:42 +02:00
nf_log_ipv6.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_nat_l3proto_ipv6.c netfilter: Pass nf_hook_state through nf_nat_ipv6_{in,out,fn,local_fn}(). 2015-04-04 12:48:08 -04:00
nf_nat_masquerade_ipv6.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
nf_nat_proto_icmpv6.c netfilter: nf_nat_proto_icmpv6:: fix wrong comparison in icmpv6_manip_pkt 2013-09-13 11:58:48 +02:00
nf_reject_ipv6.c netfilter: bridge: add helpers for fetching physin/outdev 2015-04-08 16:49:08 +02:00
nf_tables_ipv6.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_nat_ipv6.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_route_ipv6.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_masq_ipv6.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00
nft_redir_ipv6.c netfilter: nf_tables: switch registers to 32 bit addressing 2015-04-13 17:17:29 +02:00
nft_reject_ipv6.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00