Hi Pablo,
Please consider to pull the next patches for nf-next:
- Introduction of new commands and thus protocol version 7. The
new commands makes possible to eliminate the getsockopt interface
of ipset and use solely netlink to communicate with the kernel.
Due to the strict attribute checking both in user/kernel space,
a new protocol number was introduced. Both the kernel/userspace is
fully backward compatible.
- Make invalid MAC address checks consisten, from Stefano Brivio.
The patch depends on the next one.
- Allow matching on destination MAC address for mac and ipmac sets,
also from Stefano Brivio.
Best regards,
Jozsef
The following changes since commit af510ebd8913bee016492832f532ed919b51c09c:
Revert "netfilter: xt_quota: fix the behavior of xt_quota module" (2018-10-19 14:00:34 +0200)
are available in the git repository at:
git://blackhole.kfki.hu/nf-next 23c42a403a9cfdbad6
for you to fetch changes up to 23c42a403a9cfdbad6004a556c927be7dd61a8ee:
netfilter: ipset: Introduction of new commands and protocol version 7 (2018-10-27 15:49:09 +0200)
----------------------------------------------------------------
Jozsef Kadlecsik (1):
netfilter: ipset: Introduction of new commands and protocol version 7
Stefano Brivio (2):
netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
netfilter: ipset: Make invalid MAC address checks consistent
include/linux/netfilter/ipset/ip_set.h | 2 +-
include/uapi/linux/netfilter/ipset/ip_set.h | 19 ++--
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 13 ++-
net/netfilter/ipset/ip_set_core.c | 164 +++++++++++++++++++++++++---
net/netfilter/ipset/ip_set_hash_ipmac.c | 27 ++---
net/netfilter/ipset/ip_set_hash_mac.c | 10 +-
6 files changed, 187 insertions(+), 48 deletions(-)
