Hi,
The following patchset contains Netfilter fixes for net:
1) Flush the cleanup xtables worker to make sure destructors
have completed, from Florian Westphal.
2) iifgroup is matching erroneously, also from Florian.
3) Add selftest for meta interface matching, from Florian Westphal.
4) Move nf_ct_offload_timeout() to header, from Roi Dayan.
5) Call nf_ct_offload_timeout() from flow_offload_add() to
make sure garbage collection does not evict offloaded flow,
from Roi Dayan.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thank you!
----------------------------------------------------------------
The following changes since commit 85496a29224188051b6135eb38da8afd4c584765:
net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (2020-07-30 17:45:13 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 4203b19c27967d9eff6928f6a733f81892ffc592:
netfilter: flowtable: Set offload timeout when adding flow (2020-08-03 12:37:24 +0200)
----------------------------------------------------------------
Florian Westphal (3):
netfilter: nft_compat: make sure xtables destructors have run
netfilter: nft_meta: fix iifgroup matching
selftests: netfilter: add meta iif/oif match test
Roi Dayan (2):
netfilter: conntrack: Move nf_ct_offload_timeout to header file
netfilter: flowtable: Set offload timeout when adding flow
include/net/netfilter/nf_conntrack.h | 12 +++
include/net/netfilter/nf_tables.h | 2 +
net/netfilter/nf_conntrack_core.c | 12 ---
net/netfilter/nf_flow_table_core.c | 2 +
net/netfilter/nf_tables_api.c | 10 ++-
net/netfilter/nft_compat.c | 36 +++++++-
net/netfilter/nft_meta.c | 2 +-
tools/testing/selftests/netfilter/Makefile | 2 +-
tools/testing/selftests/netfilter/nft_meta.sh | 124 ++++++++++++++++++++++++++
9 files changed, 182 insertions(+), 20 deletions(-)
create mode 100755 tools/testing/selftests/netfilter/nft_meta.sh
