Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 72c39a0a authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 



Pablo Neira Ayuso says:

====================
This is another batch containing Netfilter/IPVS updates for your net-next
tree, they are:

* Six patches to make the ipt_CLUSTERIP target support netnamespace,
  from Gao feng.

* Two cleanups for the nf_conntrack_acct infrastructure, introducing
  a new structure to encapsulate conntrack counters, from Holger
  Eitzenberger.

* Fix missing verdict in SCTP support for IPVS, from Daniel Borkmann.

* Skip checksum recalculation in SCTP support for IPVS, also from
  Daniel Borkmann.

* Fix behavioural change in xt_socket after IP early demux, from
  Florian Westphal.

* Fix bogus large memory allocation in the bitmap port set type in ipset,
  from Jozsef Kadlecsik.

* Fix possible compilation issues in the hash netnet set type in ipset,
  also from Jozsef Kadlecsik.

* Define constants to identify netlink callback data in ipset dumps,
  again from Jozsef Kadlecsik.

* Use sock_gen_put() in xt_socket to replace xt_socket_put_sk,
  from Eric Dumazet.

* Improvements for the SH scheduler in IPVS, from Alexander Frolkin.

* Remove extra delay due to unneeded rcu barrier in IPVS net namespace
  cleanup path, from Julian Anastasov.

* Save some cycles in ip6t_REJECT by skipping checksum validation in
  packets leaving from our stack, from Stanislav Fomichev.

* Fix IPVS_CMD_ATTR_MAX definition in IPVS, larger that required, from
  Julian Anastasov.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 6fcf018a 4542fa47

include/linux/netfilter/ipset/ip_set.h

+10 −0
Original line number Diff line number Diff line
@@ -316,6 +316,16 @@ ip_set_init_counter(struct ip_set_counter *counter, 
		atomic64_set(&(counter)->packets, (long long)(ext->packets));

}



/* Netlink CB args */

enum {

	IPSET_CB_NET = 0,

	IPSET_CB_DUMP,

	IPSET_CB_INDEX,

	IPSET_CB_ARG0,

	IPSET_CB_ARG1,

	IPSET_CB_ARG2,

};



/* register and unregister set references */

extern ip_set_id_t ip_set_get_byname(struct net *net,

				     const char *name, struct ip_set **set);

include/net/ip_vs.h

+6 −0
Original line number Diff line number Diff line
@@ -1442,6 +1442,12 @@ static inline void ip_vs_dest_put(struct ip_vs_dest *dest) 
	atomic_dec(&dest->refcnt);

}



static inline void ip_vs_dest_put_and_free(struct ip_vs_dest *dest)

{

	if (atomic_dec_return(&dest->refcnt) < 0)

		kfree(dest);

}



/*

 *      IPVS sync daemon data and function prototypes

 *      (from ip_vs_sync.c)

include/net/netfilter/nf_conntrack_acct.h

+7 −3
Original line number Diff line number Diff line
@@ -19,17 +19,21 @@ struct nf_conn_counter { 
	atomic64_t bytes;

};



struct nf_conn_acct {

	struct nf_conn_counter counter[IP_CT_DIR_MAX];

};



static inline

struct nf_conn_counter *nf_conn_acct_find(const struct nf_conn *ct)

struct nf_conn_acct *nf_conn_acct_find(const struct nf_conn *ct)

{

	return nf_ct_ext_find(ct, NF_CT_EXT_ACCT);

}



static inline

struct nf_conn_counter *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)

struct nf_conn_acct *nf_ct_acct_ext_add(struct nf_conn *ct, gfp_t gfp)

{

	struct net *net = nf_ct_net(ct);

	struct nf_conn_counter *acct;

	struct nf_conn_acct *acct;



	if (!net->ct.sysctl_acct)

		return NULL;

include/net/netfilter/nf_conntrack_extend.h

+1 −1
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ enum nf_ct_ext_id { 
#define NF_CT_EXT_HELPER_TYPE struct nf_conn_help

#define NF_CT_EXT_NAT_TYPE struct nf_conn_nat

#define NF_CT_EXT_SEQADJ_TYPE struct nf_conn_seqadj

#define NF_CT_EXT_ACCT_TYPE struct nf_conn_counter

#define NF_CT_EXT_ACCT_TYPE struct nf_conn_acct

#define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache

#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone

#define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp

include/uapi/linux/ip_vs.h

+1 −1
Original line number Diff line number Diff line
@@ -334,7 +334,7 @@ enum { 
	__IPVS_CMD_ATTR_MAX,

};



#define IPVS_CMD_ATTR_MAX (__IPVS_SVC_ATTR_MAX - 1)

#define IPVS_CMD_ATTR_MAX (__IPVS_CMD_ATTR_MAX - 1)



/*

 * Attributes used to describe a service