Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 343917b4 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 



Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

The following patchset contains Netfilter/IPVS updates for your net-next tree:

1) Introduce a hashtable to speed up object lookups, from Florian Westphal.

2) Make direct calls to built-in extension, also from Florian.

3) Call helper before confirming the conntrack as it used to be originally,
   from Florian.

4) Call request_module() to autoload br_netfilter when physdev is used
   to relax the dependency, also from Florian.

5) Allow to insert rules at a given position ID that is internal to the
   batch, from Phil Sutter.

6) Several patches to replace conntrack indirections by direct calls,
   and to reduce modularization, from Florian. This also includes
   several follow up patches to deal with minor fallout from this
   rework.

7) Use RCU from conntrack gre helper, from Florian.

8) GRE conntrack module becomes built-in into nf_conntrack, from Florian.

9) Replace nf_ct_invert_tuplepr() by calls to nf_ct_invert_tuple(),
   from Florian.

10) Unify sysctl handling at the core of nf_conntrack, from Florian.

11) Provide modparam to register conntrack hooks.

12) Allow to match on the interface kind string, from wenxu.

13) Remove several exported symbols, not required anymore now after
    a bit of de-modulatization work has been done, from Florian.

14) Remove built-in map support in the hash extension, this can be
    done with the existing userspace infrastructure, from laura.

15) Remove indirection to calculate checksums in IPVS, from Matteo Croce.

16) Use call wrappers for indirection in IPVS, also from Matteo.

17) Remove superfluous __percpu parameter in nft_counter, patch from
    Luc Van Oostenryck.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents bb7c778b 83f52928

include/linux/netfilter/nf_conntrack_proto_gre.h

+4 −13
Original line number Diff line number Diff line
@@ -19,27 +19,18 @@ struct nf_conn; 
struct nf_ct_gre_keymap {

	struct list_head list;

	struct nf_conntrack_tuple tuple;

};



enum grep_conntrack {

	GRE_CT_UNREPLIED,

	GRE_CT_REPLIED,

	GRE_CT_MAX

};



struct netns_proto_gre {

	struct nf_proto_net	nf;

	rwlock_t		keymap_lock;

	struct list_head	keymap_list;

	unsigned int		gre_timeouts[GRE_CT_MAX];

	struct rcu_head rcu;

};



/* add new tuple->key_reply pair to keymap */

int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir,

			 struct nf_conntrack_tuple *t);



void nf_ct_gre_keymap_flush(struct net *net);

/* delete keymap entries */

void nf_ct_gre_keymap_destroy(struct nf_conn *ct);



bool gre_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,

		      struct net *net, struct nf_conntrack_tuple *tuple);

#endif /* __KERNEL__ */

#endif /* _CONNTRACK_PROTO_GRE_H */

include/linux/netfilter_ipv4.h

+0 −6
Original line number Diff line number Diff line
@@ -25,7 +25,6 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, 
		       unsigned int dataoff, u_int8_t protocol);

int nf_ip_route(struct net *net, struct dst_entry **dst, struct flowi *fl,

		bool strict);

int nf_ip_reroute(struct sk_buff *skb, const struct nf_queue_entry *entry);

#else

static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,

				     unsigned int dataoff, u_int8_t protocol)
@@ -37,11 +36,6 @@ static inline int nf_ip_route(struct net *net, struct dst_entry **dst, 
{

	return -EOPNOTSUPP;

}

static inline int nf_ip_reroute(struct sk_buff *skb,

				const struct nf_queue_entry *entry)

{

	return -EOPNOTSUPP;

}

#endif /* CONFIG_INET */



#endif /*__LINUX_IP_NETFILTER_H*/

include/net/ip_vs.h

+0 −3
Original line number Diff line number Diff line
@@ -453,9 +453,6 @@ struct ip_vs_protocol { 
	int (*dnat_handler)(struct sk_buff *skb, struct ip_vs_protocol *pp,

			    struct ip_vs_conn *cp, struct ip_vs_iphdr *iph);



	int (*csum_check)(int af, struct sk_buff *skb,

			  struct ip_vs_protocol *pp);



	const char *(*state_name)(int state);



	void (*state_transition)(struct ip_vs_conn *cp, int direction,

include/net/netfilter/br_netfilter.h

+0 −1
Original line number Diff line number Diff line
@@ -43,7 +43,6 @@ static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) 
}



struct net_device *setup_pre_routing(struct sk_buff *skb);

void br_netfilter_enable(void);



#if IS_ENABLED(CONFIG_IPV6)

int br_validate_ipv6(struct net *net, struct sk_buff *skb);

include/net/netfilter/ipv4/nf_conntrack_ipv4.h

+3 −0
Original line number Diff line number Diff line
@@ -22,5 +22,8 @@ extern const struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp; 
#ifdef CONFIG_NF_CT_PROTO_UDPLITE

extern const struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite;

#endif

#ifdef CONFIG_NF_CT_PROTO_GRE

extern const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre;

#endif



#endif /*_NF_CONNTRACK_IPV4_H*/