Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net (v2) The following patchset contains Netfilter fixes for net: 1) Move back the defrag users fields to the global netns_nf area. Kernel fails to boot if conntrack is builtin and kernel is booted with: nf_conntrack.enable_hooks=1. From Florian Westphal. 2) Rule event notification is missing relevant context such as the position handle and the NLM_F_APPEND flag. 3) Rule replacement is expanded to add + delete using the existing rule handle, reverse order of this operation so it makes sense from rule notification standpoint. 4) Propagate to userspace the NLM_F_CREATE and NLM_F_EXCL flags from the rule notification path. Patches #2, #3 and #4 are used by 'nft monitor' and 'iptables-monitor' userspace utilities which are not correctly representing the following operations through netlink notifications: - rule insertions - rule addition/insertion from position handle - create table/chain/set/map/flowtable/... ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
No related branches found
No related tags found
Showing
- include/net/netfilter/ipv6/nf_defrag_ipv6.h 0 additions, 1 deletioninclude/net/netfilter/ipv6/nf_defrag_ipv6.h
- include/net/netfilter/nf_tables.h 1 addition, 1 deletioninclude/net/netfilter/nf_tables.h
- include/net/netns/netfilter.h 6 additions, 0 deletionsinclude/net/netns/netfilter.h
- net/ipv4/netfilter/nf_defrag_ipv4.c 9 additions, 21 deletionsnet/ipv4/netfilter/nf_defrag_ipv4.c
- net/ipv6/netfilter/nf_conntrack_reasm.c 1 addition, 1 deletionnet/ipv6/netfilter/nf_conntrack_reasm.c
- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c 9 additions, 16 deletionsnet/ipv6/netfilter/nf_defrag_ipv6_hooks.c
- net/netfilter/nf_tables_api.c 64 additions, 27 deletionsnet/netfilter/nf_tables_api.c
- net/netfilter/nft_quota.c 1 addition, 1 deletionnet/netfilter/nft_quota.c
Loading
Please register or sign in to comment