| Message ID | 20201104141149.30082-1-pablo@netfilter.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
On Wed, 4 Nov 2020 15:11:41 +0100 Pablo Neira Ayuso wrote: > 1) Move existing bridge packet reject infra to nf_reject_{ipv4,ipv6}.c > from Jose M. Guisado. > > 2) Consolidate nft_reject_inet initialization and dump, also from Jose. > > 3) Add the netdev reject action, from Jose. > > 4) Allow to combine the exist flag and the destroy command in ipset, > from Joszef Kadlecsik. > > 5) Expose bucket size parameter for hashtables, also from Jozsef. > > 6) Expose the init value for reproducible ipset listings, from Jozsef. > > 7) Use __printf attribute in nft_request_module, from Andrew Lunn. > > 8) Allow to use reject from the inet ingress chain. Pulled, thanks!
Hi, The following patchset contains Netfilter updates for net-next: 1) Move existing bridge packet reject infra to nf_reject_{ipv4,ipv6}.c from Jose M. Guisado. 2) Consolidate nft_reject_inet initialization and dump, also from Jose. 3) Add the netdev reject action, from Jose. 4) Allow to combine the exist flag and the destroy command in ipset, from Joszef Kadlecsik. 5) Expose bucket size parameter for hashtables, also from Jozsef. 6) Expose the init value for reproducible ipset listings, from Jozsef. 7) Use __printf attribute in nft_request_module, from Andrew Lunn. 8) Allow to use reject from the inet ingress chain. Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git Thanks. ---------------------------------------------------------------- The following changes since commit 37d38ece9b898ea183db9e5a6582651e6ed64c9a: net/mac8390: discard unnecessary breaks (2020-10-29 19:03:46 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD for you to fetch changes up to 117ca1f8920cf4087bf82f44bd2a51b49d6aae63: netfilter: nft_reject_inet: allow to use reject from inet ingress (2020-11-01 12:52:17 +0100) ---------------------------------------------------------------- Andrew Lunn (1): netfilter: nftables: Add __printf() attribute Jose M. Guisado Gomez (3): netfilter: nf_reject: add reject skbuff creation helpers netfilter: nft_reject: unify reject init and dump into nft_reject netfilter: nft_reject: add reject verdict support for netdev Jozsef Kadlecsik (3): netfilter: ipset: Support the -exist flag with the destroy command netfilter: ipset: Add bucketsize parameter to all hash types netfilter: ipset: Expose the initval hash parameter to userspace Pablo Neira Ayuso (1): netfilter: nft_reject_inet: allow to use reject from inet ingress include/linux/netfilter/ipset/ip_set.h | 5 + include/net/netfilter/ipv4/nf_reject.h | 10 ++ include/net/netfilter/ipv6/nf_reject.h | 9 + include/uapi/linux/netfilter/ipset/ip_set.h | 6 +- net/bridge/netfilter/Kconfig | 2 +- net/bridge/netfilter/nft_reject_bridge.c | 255 +-------------------------- net/ipv4/netfilter/nf_reject_ipv4.c | 128 +++++++++++++- net/ipv6/netfilter/nf_reject_ipv6.c | 139 ++++++++++++++- net/netfilter/Kconfig | 10 ++ net/netfilter/Makefile | 1 + net/netfilter/ipset/ip_set_core.c | 6 +- net/netfilter/ipset/ip_set_hash_gen.h | 45 +++-- net/netfilter/ipset/ip_set_hash_ip.c | 7 +- net/netfilter/ipset/ip_set_hash_ipmac.c | 6 +- net/netfilter/ipset/ip_set_hash_ipmark.c | 7 +- net/netfilter/ipset/ip_set_hash_ipport.c | 7 +- net/netfilter/ipset/ip_set_hash_ipportip.c | 7 +- net/netfilter/ipset/ip_set_hash_ipportnet.c | 7 +- net/netfilter/ipset/ip_set_hash_mac.c | 6 +- net/netfilter/ipset/ip_set_hash_net.c | 7 +- net/netfilter/ipset/ip_set_hash_netiface.c | 7 +- net/netfilter/ipset/ip_set_hash_netnet.c | 7 +- net/netfilter/ipset/ip_set_hash_netport.c | 7 +- net/netfilter/ipset/ip_set_hash_netportnet.c | 7 +- net/netfilter/nf_tables_api.c | 3 +- net/netfilter/nft_reject.c | 12 +- net/netfilter/nft_reject_inet.c | 68 ++----- net/netfilter/nft_reject_netdev.c | 189 ++++++++++++++++++++ 28 files changed, 615 insertions(+), 355 deletions(-) create mode 100644 net/netfilter/nft_reject_netdev.c