1. 16 Mar, 2016 9 commits
  2. 15 Mar, 2016 2 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 1cdba550
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS/OVS updates for net-next
      
      The following patchset contains Netfilter/IPVS fixes and OVS NAT
      support, more specifically this batch is composed of:
      
      1) Fix a crash in ipset when performing a parallel flush/dump with
         set:list type, from Jozsef Kadlecsik.
      
      2) Make sure NFACCT_FILTER_* netlink attributes are in place before
         accessing them, from Phil Turnbull.
      
      3) Check return error code from ip_vs_fill_iph_skb_off() in IPVS SIP
         helper, from Arnd Bergmann.
      
      4) Add workaround to IPVS to reschedule existing connections to new
         destination server by dropping the packet and wait for retransmission
         of TCP syn packet, from Julian Anastasov.
      
      5) Allow connection rescheduling in IPVS when in CLOSE state, also
         from Julian.
      
      6) Fix wrong offset of SIP Call-ID in IPVS helper, from Marco Angaroni.
      
      7) Validate IPSET_ATTR_ETHER netlink attribute length, from Jozsef.
      
      8) Check match/targetinfo netlink attribute size in nft_compat,
         patch from Florian Westphal.
      
      9) Check for integer overflow on 32-bit systems in x_tables, from
         Florian Westphal.
      
      Several patches from Jarno Rajahalme to prepare the introduction of
      NAT support to OVS based on the Netfilter infrastructure:
      
      10) Schedule IP_CT_NEW_REPLY definition for removal in
          nf_conntrack_common.h.
      
      11) Simplify checksumming recalculation in nf_nat.
      
      12) Add comments to the openvswitch conntrack code, from Jarno.
      
      13) Update the CT state key only after successful nf_conntrack_in()
          invocation.
      
      14) Find existing conntrack entry after upcall.
      
      15) Handle NF_REPEAT case due to templates in nf_conntrack_in().
      
      16) Call the conntrack helper functions once the conntrack has been
          confirmed.
      
      17) And finally, add the NAT interface to OVS.
      
      The batch closes with:
      
      18) Cleanup to use spin_unlock_wait() instead of
          spin_lock()/spin_unlock(), from Nicholas Mc Guire.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1cdba550
    • Nicholas Mc Guire's avatar
      netfilter: nf_conntrack: consolidate lock/unlock into unlock_wait · e39365be
      Nicholas Mc Guire authored
      The spin_lock()/spin_unlock() is synchronizing on the
      nf_conntrack_locks_all_lock which is equivalent to
      spin_unlock_wait() but the later should be more efficient.
      Signed-off-by: default avatarNicholas Mc Guire <hofrat@osadl.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      e39365be
  3. 14 Mar, 2016 29 commits