Commit b87584cb authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

1) Fix sparse warning in the new nft_inner expression, reported
   by Jakub Kicinski.

2) Incorrect vlan header check in nft_inner, from Peng Wu.

3) Two patches to pass reset boolean to expression dump operation,
   in preparation for allowing to reset stateful expressions in rules.
   This adds a new NFT_MSG_GETRULE_RESET command. From Phil Sutter.

4) Inconsistent indentation in nft_fib, from Jiapeng Chong.

5) Speed up siphash calculation in conntrack, from Florian Westphal.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next:
  netfilter: conntrack: use siphash_4u64
  netfilter: rpfilter/fib: clean up some inconsistent indenting
  netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET
  netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters
  netfilter: nft_inner: fix return value check in nft_inner_parse_l2l3()
  netfilter: nft_payload: use __be16 to store gre version
====================

Link: https://lore.kernel.org/r/20221115095922.139954-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 1ec6360d d2c806ab

include/net/netfilter/nf_tables.h

+3 −2
Original line number Diff line number Diff line
@@ -383,7 +383,7 @@ int nft_expr_inner_parse(const struct nft_ctx *ctx, const struct nlattr *nla, 
int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src);

void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr);

int nft_expr_dump(struct sk_buff *skb, unsigned int attr,

		  const struct nft_expr *expr);

		  const struct nft_expr *expr, bool reset);

bool nft_expr_reduce_bitwise(struct nft_regs_track *track,

			     const struct nft_expr *expr);
@@ -927,7 +927,8 @@ struct nft_expr_ops { 
	void				(*destroy_clone)(const struct nft_ctx *ctx,

							 const struct nft_expr *expr);

	int				(*dump)(struct sk_buff *skb,

						const struct nft_expr *expr);

						const struct nft_expr *expr,

						bool reset);

	int				(*validate)(const struct nft_ctx *ctx,

						    const struct nft_expr *expr,

						    const struct nft_data **data);

include/net/netfilter/nft_fib.h

+1 −1
Original line number Diff line number Diff line
@@ -18,7 +18,7 @@ nft_fib_is_loopback(const struct sk_buff *skb, const struct net_device *in) 
	return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK;

}



int nft_fib_dump(struct sk_buff *skb, const struct nft_expr *expr);

int nft_fib_dump(struct sk_buff *skb, const struct nft_expr *expr, bool reset);

int nft_fib_init(const struct nft_ctx *ctx, const struct nft_expr *expr,

		 const struct nlattr * const tb[]);

int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,

include/net/netfilter/nft_meta.h

+2 −2
Original line number Diff line number Diff line
@@ -24,10 +24,10 @@ int nft_meta_set_init(const struct nft_ctx *ctx, 
		      const struct nlattr * const tb[]);



int nft_meta_get_dump(struct sk_buff *skb,

		      const struct nft_expr *expr);

		      const struct nft_expr *expr, bool reset);



int nft_meta_set_dump(struct sk_buff *skb,

		      const struct nft_expr *expr);

		      const struct nft_expr *expr, bool reset);



void nft_meta_get_eval(const struct nft_expr *expr,

		       struct nft_regs *regs,

include/net/netfilter/nft_reject.h

+2 −1
Original line number Diff line number Diff line
@@ -22,7 +22,8 @@ int nft_reject_init(const struct nft_ctx *ctx, 
		    const struct nft_expr *expr,

		    const struct nlattr * const tb[]);



int nft_reject_dump(struct sk_buff *skb, const struct nft_expr *expr);

int nft_reject_dump(struct sk_buff *skb,

		    const struct nft_expr *expr, bool reset);



int nft_reject_icmp_code(u8 code);

int nft_reject_icmpv6_code(u8 code);

include/uapi/linux/netfilter/nf_tables.h

+2 −0
Original line number Diff line number Diff line
@@ -97,6 +97,7 @@ enum nft_verdicts { 
 * @NFT_MSG_NEWFLOWTABLE: add new flow table (enum nft_flowtable_attributes)

 * @NFT_MSG_GETFLOWTABLE: get flow table (enum nft_flowtable_attributes)

 * @NFT_MSG_DELFLOWTABLE: delete flow table (enum nft_flowtable_attributes)

 * @NFT_MSG_GETRULE_RESET: get rules and reset stateful expressions (enum nft_obj_attributes)

 */

enum nf_tables_msg_types {

	NFT_MSG_NEWTABLE,
@@ -124,6 +125,7 @@ enum nf_tables_msg_types { 
	NFT_MSG_NEWFLOWTABLE,

	NFT_MSG_GETFLOWTABLE,

	NFT_MSG_DELFLOWTABLE,

	NFT_MSG_GETRULE_RESET,

	NFT_MSG_MAX,

};