1. 21 Jan, 2018 2 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · cbcbeedb
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS updates for net-next
      
      The following patchset contains Netfilter/IPVS updates for your net-next
      tree. Basically, a new extension for ip6tables, simplification work of
      nf_tables that saves us 500 LoC, allow raw table registration before
      defragmentation, conversion of the SNMP helper to use the ASN.1 code
      generator, unique 64-bit handle for all nf_tables objects and fixes to
      address fallout from previous nf-next batch.  More specifically, they
      are:
      
      1) Seven patches to remove family abstraction layer (struct nft_af_info)
         in nf_tables, this simplifies our codebase and it saves us 64 bytes per
         net namespace.
      
      2) Add IPv6 segment routing header matching for ip6tables, from Ahmed
         Abdelsalam.
      
      3) Allow to register iptable_raw table before defragmentation, some
         people do not want to waste cycles on defragmenting traffic that is
         going to be dropped, hence add a new module parameter to enable this
         behaviour in iptables and ip6tables. From Subash Abhinov
         Kasiviswanathan. This patch needed a couple of follow up patches to
         get things tidy from Arnd Bergmann.
      
      4) SNMP helper uses the ASN.1 code generator, from Taehee Yoo. Several
         patches for this helper to prepare this change are also part of this
         patch series.
      
      5) Add 64-bit handles to uniquely objects in nf_tables, from Harsha
         Sharma.
      
      6) Remove log message that several netfilter subsystems print at
         boot/load time.
      
      7) Restore x_tables module autoloading, that got broken in a previous
         patch to allow singleton NAT hook callback registration per hook
         spot, from Florian Westphal. Moreover, return EBUSY to report that
         the singleton NAT hook slot is already in instead.
      
      8) Several fixes for the new nf_tables flowtable representation,
         including incorrect error check after nf_tables_flowtable_lookup(),
         missing Kconfig dependencies that lead to build breakage and missing
         initialization of priority and hooknum in flowtable object.
      
      9) Missing NETFILTER_FAMILY_ARP dependency in Kconfig for the clusterip
         target. This is due to recent updates in the core to shrink the hook
         array size and compile it out if no specific family is enabled via
         .config file. Patch from Florian Westphal.
      
      10) Remove duplicated include header files, from Wei Yongjun.
      
      11) Sparse warning fix for the NFPROTO_INET handling from the core
          due to missing static function definition, also from Wei Yongjun.
      
      12) Restore ICMPv6 Parameter Problem error reporting when
          defragmentation fails, from Subash Abhinov Kasiviswanathan.
      
      13) Remove obsolete owner field initialization from struct
          file_operations, patch from Alexey Dobriyan.
      
      14) Use boolean datatype where needed in the Netfilter codebase, from
          Gustavo A. R. Silva.
      
      15) Remove double semicolon in dynset nf_tables expression, from
          Luis de Bethencourt.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cbcbeedb
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · ea9722e2
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      pull-request: bpf-next 2018-01-19
      
      The following pull-request contains BPF updates for your *net-next* tree.
      
      The main changes are:
      
      1) bpf array map HW offload, from Jakub.
      
      2) support for bpf_get_next_key() for LPM map, from Yonghong.
      
      3) test_verifier now runs loaded programs, from Alexei.
      
      4) xdp cpumap monitoring, from Jesper.
      
      5) variety of tests, cleanups and small x64 JIT optimization, from Daniel.
      
      6) user space can now retrieve HW JITed program, from Jiong.
      
      Note there is a minor conflict between Russell's arm32 JIT fixes
      and removal of bpf_jit_enable variable by Daniel which should
      be resolved by keeping Russell's comment and removing that variable.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ea9722e2
  2. 20 Jan, 2018 12 commits
  3. 19 Jan, 2018 26 commits