| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220411102744.282101-1-pablo@netfilter.org>
Date: Mon, 11 Apr 2022 12:27:33 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org
Subject: [PATCH net-next 00/11] Netfilter updates for net-next
Hi,
The following patchset contains Netfilter updates for net-next:
1) Replace unnecessary list_for_each_entry_continue() in nf_tables,
from Jakob Koschel.
2) Add struct nf_conntrack_net_ecache to conntrack event cache and
use it, from Florian Westphal.
3) Refactor ctnetlink_dump_list(), also from Florian.
4) Bump module reference counter on cttimeout object addition/removal,
from Florian.
5) Consolidate nf_log MAC printer, from Phil Sutter.
6) Add basic logging support for unknown ethertype, from Phil Sutter.
7) Consolidate check for sysctl nf_log_all_netns toggle, also from Phil.
8) Replace hardcode value in nft_bitwise, from Jeremy Sowden.
9) Rename BASIC-like goto tags in nft_bitwise to more meaningful names,
also from Jeremy.
10) nft_fib support for reverse path filtering with policy-based routing
on iif. Extend selftests to cover for this new usecase, from Florian.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git
Thanks.
----------------------------------------------------------------
The following changes since commit 2975dbdc3989cd66a4cb5a7c5510de2de8ee4d14:
Merge tag 'net-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2022-03-31 11:23:31 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git HEAD
for you to fetch changes up to 0c7b27616fbd64b3b86c59ad5441f82a1a0c4176:
selftests: netfilter: add fib expression forward test case (2022-04-11 12:10:09 +0200)
----------------------------------------------------------------
Florian Westphal (4):
netfilter: ecache: move to separate structure
netfilter: conntrack: split inner loop of list dumping to own function
netfilter: cttimeout: inc/dec module refcount per object, not per use refcount
selftests: netfilter: add fib expression forward test case
Jakob Koschel (1):
netfilter: nf_tables: replace unnecessary use of list_for_each_entry_continue()
Jeremy Sowden (2):
netfilter: bitwise: replace hard-coded size with `sizeof` expression
netfilter: bitwise: improve error goto labels
Pablo Neira Ayuso (1):
netfilter: nft_fib: reverse path filter for policy-based routing on iif
Phil Sutter (3):
netfilter: nf_log_syslog: Merge MAC header dumpers
netfilter: nf_log_syslog: Don't ignore unknown protocols
netfilter: nf_log_syslog: Consolidate entry checks
include/net/netfilter/nf_conntrack.h | 8 +-
net/ipv4/netfilter/nft_fib_ipv4.c | 4 +
net/ipv6/netfilter/nft_fib_ipv6.c | 4 +
net/netfilter/nf_conntrack_ecache.c | 19 ++--
net/netfilter/nf_conntrack_netlink.c | 68 +++++++++-----
net/netfilter/nf_log_syslog.c | 136 +++++++++++++--------------
net/netfilter/nf_tables_api.c | 6 +-
net/netfilter/nfnetlink_cttimeout.c | 14 +--
net/netfilter/nft_bitwise.c | 13 +--
net/netfilter/nft_fib.c | 4 +
tools/testing/selftests/netfilter/nft_fib.sh | 50 ++++++++++
11 files changed, 199 insertions(+), 127 deletions(-)
Powered by blists - more mailing lists