Commit 5106efe6 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 



Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following batch contains Netfilter/IPVS updates for your net-next tree:

1) Simplify log infrastructure modularity: Merge ipv4, ipv6, bridge,
   netdev and ARP families to nf_log_syslog.c. Add module softdeps.
   This fixes a rare deadlock condition that might occur when log
   module autoload is required. From Florian Westphal.

2) Moves part of netfilter related pernet data from struct net to
   net_generic() infrastructure. All of these users can be modules,
   so if they are not loaded there is no need to waste space. Size
   reduction is 7 cachelines on x86_64, also from Florian.

2) Update nftables audit support to report events once per table,
   to get it aligned with iptables. From Richard Guy Briggs.

3) Check for stale routes from the flowtable garbage collector path.
   This is fixing IPv6 which breaks due missing check for the dst_cookie.

4) Add a nfnl_fill_hdr() function to simplify netlink + nfnetlink
   headers setup.

5) Remove documentation on several statified functions.

6) Remove printk on netns creation for the FTP IPVS tracker,
   from Florian Westphal.

7) Remove unnecessary nf_tables_destroy_list_lock spinlock
   initialization, from Yang Yingliang.

7) Remove a duplicated forward declaration in ipset,
   from Wan Jiabing.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents a460513e db3685b4

include/linux/netfilter/ipset/ip_set.h

+0 −2
Original line number Diff line number Diff line
@@ -124,8 +124,6 @@ struct ip_set_ext { 
	bool target;

};



struct ip_set;



#define ext_timeout(e, s)	\

((unsigned long *)(((void *)(e)) + (s)->offset[IPSET_EXT_ID_TIMEOUT]))

#define ext_counter(e, s)	\

include/linux/netfilter/nfnetlink.h

+29 −0
Original line number Diff line number Diff line
@@ -51,12 +51,41 @@ int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 portid, 
		   unsigned int group, int echo, gfp_t flags);

int nfnetlink_set_err(struct net *net, u32 portid, u32 group, int error);

int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u32 portid);

void nfnetlink_broadcast(struct net *net, struct sk_buff *skb, __u32 portid,

			 __u32 group, gfp_t allocation);



static inline u16 nfnl_msg_type(u8 subsys, u8 msg_type)

{

	return subsys << 8 | msg_type;

}



static inline void nfnl_fill_hdr(struct nlmsghdr *nlh, u8 family, u8 version,

				 __be16 res_id)

{

	struct nfgenmsg *nfmsg;



	nfmsg = nlmsg_data(nlh);

	nfmsg->nfgen_family = family;

	nfmsg->version = version;

	nfmsg->res_id = res_id;

}



static inline struct nlmsghdr *nfnl_msg_put(struct sk_buff *skb, u32 portid,

					    u32 seq, int type, int flags,

					    u8 family, u8 version,

					    __be16 res_id)

{

	struct nlmsghdr *nlh;



	nlh = nlmsg_put(skb, portid, seq, type, sizeof(struct nfgenmsg), flags);

	if (!nlh)

		return NULL;



	nfnl_fill_hdr(nlh, family, version, res_id);



	return nlh;

}



void nfnl_lock(__u8 subsys_id);

void nfnl_unlock(__u8 subsys_id);

#ifdef CONFIG_PROVE_LOCKING

include/net/net_namespace.h

+0 −9
Original line number Diff line number Diff line
@@ -142,15 +142,6 @@ struct net { 
#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)

	struct netns_nftables	nft;

#endif

#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)

	struct netns_nf_frag	nf_frag;

	struct ctl_table_header *nf_frag_frags_hdr;

#endif

	struct sock		*nfnl;

	struct sock		*nfnl_stash;

#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)

	struct list_head	nfct_timeout_list;

#endif

#endif

#ifdef CONFIG_WEXT_CORE

	struct sk_buff_head	wext_nlevents;

include/net/netfilter/ipv6/nf_defrag_ipv6.h

+6 −0
Original line number Diff line number Diff line
@@ -13,4 +13,10 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user); 


struct inet_frags_ctl;



struct nft_ct_frag6_pernet {

	struct ctl_table_header *nf_frag_frags_hdr;

	struct fqdir	*fqdir;

	unsigned int users;

};



#endif /* _NF_DEFRAG_IPV6_H */

include/net/netfilter/nf_conntrack.h

+7 −0
Original line number Diff line number Diff line
@@ -47,6 +47,13 @@ struct nf_conntrack_net { 
	unsigned int users4;

	unsigned int users6;

	unsigned int users_bridge;

#ifdef CONFIG_SYSCTL

	struct ctl_table_header	*sysctl_header;

#endif

#ifdef CONFIG_NF_CONNTRACK_EVENTS

	struct delayed_work ecache_dwork;

	struct netns_ct *ct_net;

#endif

};



#include <linux/types.h>