Hi,
The following patchset contains Netfilter updates for net-next
to extend ctnetlink and the flowtable infrastructure:
1) Extend ctnetlink kernel side netlink dump filtering capabilities,
from Romain Bellan.
2) Generalise the flowtable hook parser to take a hook list.
3) Pass a hook list to the flowtable hook registration/unregistration.
4) Add a helper function to release the flowtable hook list.
5) Update the flowtable event notifier to pass a flowtable hook list.
6) Allow users to add new devices to an existing flowtables.
7) Allow users to remove devices to an existing flowtables.
8) Allow for registering a flowtable with no initial devices.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thank you!
----------------------------------------------------------------
The following changes since commit 626a83238e6a63d88a5b5291febe797b244b5f18:
net: dsa: felix: accept VLAN config regardless of bridge VLAN awareness state (2020-05-27 11:39:58 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 5b6743fb2c2a1fcb31c8b227558f537095dbece4:
netfilter: nf_tables: skip flowtable hooknum and priority on device updates (2020-05-27 22:20:35 +0200)
----------------------------------------------------------------
Pablo Neira Ayuso (8):
netfilter: nf_tables: generalise flowtable hook parsing
netfilter: nf_tables: pass hook list to nft_{un,}register_flowtable_net_hooks()
netfilter: nf_tables: add nft_flowtable_hooks_destroy()
netfilter: nf_tables: pass hook list to flowtable event notifier
netfilter: nf_tables: add devices to existing flowtable
netfilter: nf_tables: delete devices from flowtable
netfilter: nf_tables: allow to register flowtable with no devices
netfilter: nf_tables: skip flowtable hooknum and priority on device updates
Romain Bellan (1):
netfilter: ctnetlink: add kernel side filtering for dump
include/net/netfilter/nf_conntrack_l4proto.h | 6 +-
include/net/netfilter/nf_tables.h | 7 +
include/uapi/linux/netfilter/nfnetlink_conntrack.h | 9 +
net/netfilter/nf_conntrack_core.c | 19 +-
net/netfilter/nf_conntrack_netlink.c | 334 ++++++++++++++++++---
net/netfilter/nf_conntrack_proto_icmp.c | 40 ++-
net/netfilter/nf_conntrack_proto_icmpv6.c | 42 ++-
net/netfilter/nf_internals.h | 17 ++
net/netfilter/nf_tables_api.c | 333 ++++++++++++++++----
9 files changed, 670 insertions(+), 137 deletions(-)
