Commit 7adaf56e authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 



Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

The following patchset contains Netfilter/IPVS for net-next:

1) Add new run_estimation toggle to IPVS to stop the estimation_timer
   logic, from Dust Li.

2) Relax superfluous dynset check on NFT_SET_TIMEOUT.

3) Add egress hook, from Lukas Wunner.

4) Nowadays, almost all hook functions in x_table land just call the hook
   evaluation loop. Remove remaining hook wrappers from iptables and IPVS.
   From Florian Westphal.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents c87350ce ffdd33dd

Documentation/networking/ipvs-sysctl.rst

+11 −0
Original line number Diff line number Diff line
@@ -300,3 +300,14 @@ sync_version - INTEGER 


	Kernels with this sync_version entry are able to receive messages

	of both version 1 and version 2 of the synchronisation protocol.



run_estimation - BOOLEAN

	0 - disabled

	not 0 - enabled (default)



	If disabled, the estimation will be stop, and you can't see

	any update on speed estimation data.



	You can always re-enable estimation by setting this value to 1.

	But be careful, the first estimation after re-enable is not

	accurate.

drivers/net/ifb.c

+3 −0
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ 
#include <linux/init.h>

#include <linux/interrupt.h>

#include <linux/moduleparam.h>

#include <linux/netfilter_netdev.h>

#include <net/pkt_sched.h>

#include <net/net_namespace.h>
@@ -75,8 +76,10 @@ static void ifb_ri_tasklet(struct tasklet_struct *t) 
	}



	while ((skb = __skb_dequeue(&txp->tq)) != NULL) {

		/* Skip tc and netfilter to prevent redirection loop. */

		skb->redirected = 0;

		skb->tc_skip_classify = 1;

		nf_skip_egress(skb, true);



		u64_stats_update_begin(&txp->tsync);

		txp->tx_packets++;

include/linux/netdevice.h

+4 −0
Original line number Diff line number Diff line
@@ -1861,6 +1861,7 @@ enum netdev_ml_priv_type { 
 *	@xps_maps:	XXX: need comments on this one

 *	@miniq_egress:		clsact qdisc specific data for

 *				egress processing

 *	@nf_hooks_egress:	netfilter hooks executed for egress packets

 *	@qdisc_hash:		qdisc hash table

 *	@watchdog_timeo:	Represents the timeout that is used by

 *				the watchdog (see dev_watchdog())
@@ -2160,6 +2161,9 @@ struct net_device { 
#ifdef CONFIG_NET_CLS_ACT

	struct mini_Qdisc __rcu	*miniq_egress;

#endif

#ifdef CONFIG_NETFILTER_EGRESS

	struct nf_hook_entries __rcu *nf_hooks_egress;

#endif



#ifdef CONFIG_NET_SCHED

	DECLARE_HASHTABLE	(qdisc_hash, 4);

include/linux/netfilter_arp/arp_tables.h

+2 −3
Original line number Diff line number Diff line
@@ -54,9 +54,8 @@ int arpt_register_table(struct net *net, const struct xt_table *table, 
			const struct nf_hook_ops *ops);

void arpt_unregister_table(struct net *net, const char *name);

void arpt_unregister_table_pre_exit(struct net *net, const char *name);

extern unsigned int arpt_do_table(struct sk_buff *skb,

				  const struct nf_hook_state *state,

				  struct xt_table *table);

extern unsigned int arpt_do_table(void *priv, struct sk_buff *skb,

				  const struct nf_hook_state *state);



#ifdef CONFIG_NETFILTER_XTABLES_COMPAT

#include <net/compat.h>

include/linux/netfilter_bridge/ebtables.h

+2 −3
Original line number Diff line number Diff line
@@ -112,9 +112,8 @@ extern int ebt_register_table(struct net *net, 
			      const struct nf_hook_ops *ops);

extern void ebt_unregister_table(struct net *net, const char *tablename);

void ebt_unregister_table_pre_exit(struct net *net, const char *tablename);

extern unsigned int ebt_do_table(struct sk_buff *skb,

				 const struct nf_hook_state *state,

				 struct ebt_table *table);

extern unsigned int ebt_do_table(void *priv, struct sk_buff *skb,

				 const struct nf_hook_state *state);



/* True if the hook mask denotes that the rule is in a base chain,

 * used in the check() functions */