Commit c273a20c authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 

Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

1) Remove indirection and use nf_ct_get() instead from nfnetlink_log
   and nfnetlink_queue, from Florian Westphal.

2) Add weighted random twos choice least-connection scheduling for IPVS,
   from Darby Payne.

3) Add a __hash placeholder in the flow tuple structure to identify
   the field to be included in the rhashtable key hash calculation.

4) Add a new nft_parse_register_load() and nft_parse_register_store()
   to consolidate register load and store in the core.

5) Statify nft_parse_register() since it has no more module clients.

6) Remove redundant assignment in nft_cmp, from Colin Ian King.

* git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next:
  netfilter: nftables: remove redundant assignment of variable err
  netfilter: nftables: statify nft_parse_register()
  netfilter: nftables: add nft_parse_register_store() and use it
  netfilter: nftables: add nft_parse_register_load() and use it
  netfilter: flowtable: add hash offset field to tuple
  ipvs: add weighted random twos choice algorithm
  netfilter: ctnetlink: remove get_ct indirection
====================

Link: https://lore.kernel.org/r/20210206015005.23037-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 7274c414 626899a0

include/linux/netfilter.h

+0 −2
Original line number Diff line number Diff line
@@ -463,8 +463,6 @@ extern struct nf_ct_hook __rcu *nf_ct_hook; 
struct nlattr;



struct nfnl_ct_hook {

	struct nf_conn *(*get_ct)(const struct sk_buff *skb,

				  enum ip_conntrack_info *ctinfo);

	size_t (*build_size)(const struct nf_conn *ct);

	int (*build)(struct sk_buff *skb, struct nf_conn *ct,

		     enum ip_conntrack_info ctinfo,

include/net/netfilter/nf_flow_table.h

+4 −0
Original line number Diff line number Diff line
@@ -107,6 +107,10 @@ struct flow_offload_tuple { 


	u8				l3proto;

	u8				l4proto;



	/* All members above are keys for lookups, see flow_offload_hash(). */

	struct { }			__hash;



	u8				dir;



	u16				mtu;

include/net/netfilter/nf_tables.h

+5 −6
Original line number Diff line number Diff line
@@ -200,12 +200,11 @@ static inline enum nft_registers nft_type_to_reg(enum nft_data_types type) 
}



int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest);

unsigned int nft_parse_register(const struct nlattr *attr);

int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg);



int nft_validate_register_load(enum nft_registers reg, unsigned int len);

int nft_validate_register_store(const struct nft_ctx *ctx,

				enum nft_registers reg,

int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len);

int nft_parse_register_store(const struct nft_ctx *ctx,

			     const struct nlattr *attr, u8 *dreg,

			     const struct nft_data *data,

			     enum nft_data_types type, unsigned int len);

include/net/netfilter/nf_tables_core.h

+6 −6
Original line number Diff line number Diff line
@@ -26,21 +26,21 @@ void nf_tables_core_module_exit(void); 
struct nft_bitwise_fast_expr {

	u32			mask;

	u32			xor;

	enum nft_registers	sreg:8;

	enum nft_registers	dreg:8;

	u8			sreg;

	u8			dreg;

};



struct nft_cmp_fast_expr {

	u32			data;

	u32			mask;

	enum nft_registers	sreg:8;

	u8			sreg;

	u8			len;

	bool			inv;

};



struct nft_immediate_expr {

	struct nft_data		data;

	enum nft_registers	dreg:8;

	u8			dreg;

	u8			dlen;

};
@@ -60,14 +60,14 @@ struct nft_payload { 
	enum nft_payload_bases	base:8;

	u8			offset;

	u8			len;

	enum nft_registers	dreg:8;

	u8			dreg;

};



struct nft_payload_set {

	enum nft_payload_bases	base:8;

	u8			offset;

	u8			len;

	enum nft_registers	sreg:8;

	u8			sreg;

	u8			csum_type;

	u8			csum_offset;

	u8			csum_flags;

include/net/netfilter/nft_fib.h

+1 −1
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
#include <net/netfilter/nf_tables.h>



struct nft_fib {

	enum nft_registers	dreg:8;

	u8			dreg;

	u8			result;

	u32			flags;

};