[PATCH 00/18] netfilter updates for net-next (upcoming 3.6), batch 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

Hi David,

The following patchset includes Netfilter updates for your net-next tree,
more specifically:

* Updates to clean-up the sysctl namespace support for nf_conntrack
  from Gao Feng and a couple of patches from myself. After these, we
  can prepare follow-up patches to reduce ifdef pollution regarding
  sysctl support in nf_conntrack_proto_*.c files.

* Check for invalid flags set via NFQA_CFG_FLAGS in nfnetlink_queue
  from Krishna Kumar.

* Allow to obtain conntrack statistics via ctnetlink from mysqlf. This
  supersedes /proc/net/stat/nf_conntrack and
  /proc/sys/net/netfilter/nf_conntrack_count.

* Don't crash if we send a message to nfnetlink and there is not defined
  callback to handle such message. Instead, nfnetlink returns -EINVAL from
  Tomasz Bursztyka. This one does not really fix anything now, that's
  why I'm passing this via net-next.

You can pull these changes from:

git://1984.lsi.us.es/nf-next master

Thanks!

Gao feng (13):
  netfilter: nf_conntrack: fix nf_conntrack_l3proto_register
  netfilter: nf_conntrack: prepare l4proto->init_net cleanup
  netfilter: nf_conntrack: add nf_ct_kfree_compat_sysctl_table
  netfilter: nf_conntrack: use l4proto->users as refcount for per-net data
  netfilter: nf_conntrack: fix memory leak if sysctl registration fails
  netfilter: nf_ct_tcp: merge tcpv[4,6]_net_init into tcp_net_init
  netfilter: nf_ct_udp: merge udpv[4,6]_net_init into udp_net_init
  netfilter: nf_ct_udplite: add udplite_kmemdup_sysctl_table function
  netfilter: nf_ct_sctp: merge sctpv[4,6]_net_init into sctp_net_init
  netfilter: nf_ct_generic: add generic_kmemdup_sysctl_table function
  netfilter: nf_ct_dccp: add dccp_kmemdup_sysctl_table function
  netfilter: nf_ct_icmp: add icmp_kmemdup[_compat]_sysctl_table function
  netfilter: nf_ct_icmpv6: add icmpv6_kmemdup_sysctl_table function

Krishna Kumar (1):
  netfilter: nfnetlink_queue: do not allow to set unsupported flag bits

Pablo Neira Ayuso (3):
  netfilter: ctnetlink: add new messages to obtain statistics
  netfilter: nf_conntrack: generalize nf_ct_l4proto_net
  netfilter: nf_ct_tcp: missing per-net support for cttimeout

Tomasz Bursztyka (1):
  netfilter: nfnetlink: check callbacks before using those in nfnetlink_rcv_msg

 include/linux/netfilter/nfnetlink_conntrack.h  |   38 ++++
 include/linux/netfilter/nfnetlink_queue.h      |    1 +
 include/net/netfilter/nf_conntrack_l4proto.h   |   13 +-
 net/ipv4/netfilter/nf_conntrack_proto_icmp.c   |   47 ++++-
 net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |   23 ++-
 net/netfilter/nf_conntrack_netlink.c           |  227 +++++++++++++++++++++++-
 net/netfilter/nf_conntrack_proto.c             |  139 ++++++++-------
 net/netfilter/nf_conntrack_proto_dccp.c        |   56 +++---
 net/netfilter/nf_conntrack_proto_generic.c     |   45 ++++-
 net/netfilter/nf_conntrack_proto_gre.c         |    2 +-
 net/netfilter/nf_conntrack_proto_sctp.c        |   65 +++----
 net/netfilter/nf_conntrack_proto_tcp.c         |   74 +++-----
 net/netfilter/nf_conntrack_proto_udp.c         |   66 +++----
 net/netfilter/nf_conntrack_proto_udplite.c     |   43 +++--
 net/netfilter/nfnetlink.c                      |    4 +-
 net/netfilter/nfnetlink_queue_core.c           |    5 +
 16 files changed, 591 insertions(+), 257 deletions(-)

-- 
1.7.10

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux