mirror of
https://github.com/torvalds/linux.git
synced 2024-11-17 17:41:44 +00:00
d639feaaf3
Pablo Neira Ayuso says: ==================== The following patchset contains Netfilter updates for your net-next tree, mostly ipset improvements and enhancements features, they are: * Don't call ip_nest_end needlessly in the error path from me, suggested by Pablo Neira Ayuso, from Jozsef Kadlecsik. * Fixed sparse warnings about shadowed variable and missing rcu annotation and fix of "may be used uninitialized" warnings, also from Jozsef. * Renamed simple macro names to avoid namespace issues, reported by David Laight, again from Jozsef. * Use fix sized type for timeout in the extension part, and cosmetic ordering of matches and targets separatedly in xt_set.c, from Jozsef. * Support package fragments for IPv4 protos without ports from Anders K. Pedersen. For example this allows a hash:ip,port ipset containing the entry 192.168.0.1,gre:0 to match all package fragments for PPTP VPN tunnels to/from the host. Without this patch only the first package fragment (with fragment offset 0) was matched. * Introduced a new operation to get both setname and family, from Jozsef. ip[6]tables set match and SET target need to know the family of the set in order to reject adding rules which refer to a set with a non-mathcing family. Currently such rules are silently accepted and then ignored instead of generating an error message to the user. * Reworked extensions support in ipset types from Jozsef. The approach of defining structures with all variations is not manageable as the number of extensions grows. Therefore a blob for the extensions is introduced, somewhat similar to conntrack. The support of extensions which need a per data destroy function is added as well. * When an element timed out in a list:set type of set, the garbage collector skipped the checking of the next element. So the purging was delayed to the next run of the gc, fixed by Jozsef. * A small Kconfig fix: NETFILTER_NETLINK cannot be selected and ipset requires it. * hash:net,net type from Oliver Smith. The type provides the ability to store pairs of subnets in a set. * Comment for ipset entries from Oliver Smith. This makes possible to annotate entries in a set with comments, for example: ipset n foo hash:net,net comment ipset a foo 10.0.0.0/21,192.168.1.0/24 comment "office nets A and B" * Fix of hash types resizing with comment extension from Jozsef. * Fix of new extensions for list:set type when an element is added into a slot from where another element was pushed away from Jozsef. * Introduction of a common function for the listing of the element extensions from Jozsef. * Net namespace support for ipset from Vitaly Lavrov. * hash:net,port,net type from Oliver Smith, which makes possible to store the triples of two subnets and a protocol, port pair in a set. * Get xt_TCPMSS working with net namespace, by Gao feng. * Use the proper net netnamespace to allocate skbs, also by Gao feng. * A couple of cleanups for the conntrack SIP helper, by Holger Eitzenberger. * Extend cttimeout to allow setting default conntrack timeouts via nfnetlink, so we can get rid of all our sysctl/proc interfaces in the future for timeout tuning, from me. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| ipset | ||
| ipvs | ||
| core.c | ||
| Kconfig | ||
| Makefile | ||
| nf_conntrack_acct.c | ||
| nf_conntrack_amanda.c | ||
| nf_conntrack_broadcast.c | ||
| nf_conntrack_core.c | ||
| nf_conntrack_ecache.c | ||
| nf_conntrack_expect.c | ||
| nf_conntrack_extend.c | ||
| nf_conntrack_ftp.c | ||
| nf_conntrack_h323_asn1.c | ||
| nf_conntrack_h323_main.c | ||
| nf_conntrack_h323_types.c | ||
| nf_conntrack_helper.c | ||
| nf_conntrack_irc.c | ||
| nf_conntrack_l3proto_generic.c | ||
| nf_conntrack_labels.c | ||
| nf_conntrack_netbios_ns.c | ||
| nf_conntrack_netlink.c | ||
| nf_conntrack_pptp.c | ||
| nf_conntrack_proto_dccp.c | ||
| nf_conntrack_proto_generic.c | ||
| nf_conntrack_proto_gre.c | ||
| nf_conntrack_proto_sctp.c | ||
| nf_conntrack_proto_tcp.c | ||
| nf_conntrack_proto_udp.c | ||
| nf_conntrack_proto_udplite.c | ||
| nf_conntrack_proto.c | ||
| nf_conntrack_sane.c | ||
| nf_conntrack_seqadj.c | ||
| nf_conntrack_sip.c | ||
| nf_conntrack_snmp.c | ||
| nf_conntrack_standalone.c | ||
| nf_conntrack_tftp.c | ||
| nf_conntrack_timeout.c | ||
| nf_conntrack_timestamp.c | ||
| nf_internals.h | ||
| nf_log.c | ||
| nf_nat_amanda.c | ||
| nf_nat_core.c | ||
| nf_nat_ftp.c | ||
| nf_nat_helper.c | ||
| nf_nat_irc.c | ||
| nf_nat_proto_common.c | ||
| nf_nat_proto_dccp.c | ||
| nf_nat_proto_sctp.c | ||
| nf_nat_proto_tcp.c | ||
| nf_nat_proto_udp.c | ||
| nf_nat_proto_udplite.c | ||
| nf_nat_proto_unknown.c | ||
| nf_nat_sip.c | ||
| nf_nat_tftp.c | ||
| nf_queue.c | ||
| nf_sockopt.c | ||
| nf_synproxy_core.c | ||
| nfnetlink_acct.c | ||
| nfnetlink_cthelper.c | ||
| nfnetlink_cttimeout.c | ||
| nfnetlink_log.c | ||
| nfnetlink_queue_core.c | ||
| nfnetlink_queue_ct.c | ||
| nfnetlink.c | ||
| x_tables.c | ||
| xt_addrtype.c | ||
| xt_AUDIT.c | ||
| xt_bpf.c | ||
| xt_CHECKSUM.c | ||
| xt_CLASSIFY.c | ||
| xt_cluster.c | ||
| xt_comment.c | ||
| xt_connbytes.c | ||
| xt_connlabel.c | ||
| xt_connlimit.c | ||
| xt_connmark.c | ||
| xt_CONNSECMARK.c | ||
| xt_conntrack.c | ||
| xt_cpu.c | ||
| xt_CT.c | ||
| xt_dccp.c | ||
| xt_devgroup.c | ||
| xt_dscp.c | ||
| xt_DSCP.c | ||
| xt_ecn.c | ||
| xt_esp.c | ||
| xt_hashlimit.c | ||
| xt_helper.c | ||
| xt_hl.c | ||
| xt_HL.c | ||
| xt_HMARK.c | ||
| xt_IDLETIMER.c | ||
| xt_iprange.c | ||
| xt_ipvs.c | ||
| xt_LED.c | ||
| xt_length.c | ||
| xt_limit.c | ||
| xt_LOG.c | ||
| xt_mac.c | ||
| xt_mark.c | ||
| xt_multiport.c | ||
| xt_nat.c | ||
| xt_NETMAP.c | ||
| xt_nfacct.c | ||
| xt_NFLOG.c | ||
| xt_NFQUEUE.c | ||
| xt_osf.c | ||
| xt_owner.c | ||
| xt_physdev.c | ||
| xt_pkttype.c | ||
| xt_policy.c | ||
| xt_quota.c | ||
| xt_rateest.c | ||
| xt_RATEEST.c | ||
| xt_realm.c | ||
| xt_recent.c | ||
| xt_REDIRECT.c | ||
| xt_repldata.h | ||
| xt_sctp.c | ||
| xt_SECMARK.c | ||
| xt_set.c | ||
| xt_socket.c | ||
| xt_state.c | ||
| xt_statistic.c | ||
| xt_string.c | ||
| xt_tcpmss.c | ||
| xt_TCPMSS.c | ||
| xt_TCPOPTSTRIP.c | ||
| xt_tcpudp.c | ||
| xt_TEE.c | ||
| xt_time.c | ||
| xt_TPROXY.c | ||
| xt_TRACE.c | ||
| xt_u32.c | ||