summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tipc: remove node subscription infrastructureYing Xue2014-11-269-179/+56
| | | | | | | | | | | | | | | The node subscribe infrastructure represents a virtual base class, so its users, such as struct tipc_port and struct publication, can derive its implemented functionalities. However, after the removal of struct tipc_port, struct publication is left as its only single user now. So defining an abstract infrastructure for one user becomes no longer reasonable. If corresponding new functions associated with the infrastructure are moved to name_table.c file, the node subscription infrastructure can be removed as well. Signed-off-by: Ying Xue <ying.xue@windriver.com> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: Remove unnecessary testzhuyj2014-11-261-4/+2
| | | | | | | | | | | | | | | | The "init_net" test in function addrconf_exit_net is introduced in commit 44a6bd29 [Create ipv6 devconf-s for namespaces] to avoid freeing init_net. In commit c900a800 [ipv6: fix bad free of addrconf_init_net], function addrconf_init_net will allocate memory for every net regardless of init_net. In this case, it is unnecessary to make "init_net" test. CC: Hong Zhiguo <honkiko@gmail.com> CC: Octavian Purdila <opurdila@ixiacom.com> CC: Pavel Emelyanov <xemul@openvz.org> CC: Cong Wang <cwang@twopensource.com> Suggested-by: David S. Miller <davem@davemloft.net> Signed-off-by: Zhu Yanjun <Yanjun.Zhu@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'remcsum_adjust'David S. Miller2014-11-262-67/+33
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tom Herbert says: ==================== gue: Generalize remote checksum offload The remote checksum offload is generalized by creating a common function (remcsum_adjust) that does the work of modifying the checksum in remote checksum offload. This function can be called from normal or GRO path. GUE was modified to use this function. Remote checksum offload is described in https://tools.ietf.org/html/draft-herbert-remotecsumoffload-01 Tested by running 200 TCP_STREAM connections over GUE, did not see any problems with remote checksum offload enabled. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
| * gue: Call remcsum_adjustTom Herbert2014-11-261-67/+17
| | | | | | | | | | | | | | | | | | Change remote checksum offload to call remcsum_adjust. This also eliminates the optimization to skip an IP header as part of the adjustment (really does not seem to be much of a win). Signed-off-by: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * net: Add remcsum_adjust as common function for remote checksum offloadTom Herbert2014-11-261-0/+16
|/ | | | | | | | | | | | | | | | | This function does the work to update a checksum field as part of remote checksum offload. remcsum_adjust does the following: 1) Subtract out the calculated checksum from the beginning of the packet (ptr arg) to the start offset. 2) Adjust the checksum field indicated by offset based on the modified checksum value from above step. 3) Return the difference in the old checksum field value and the new one. The caller will use this to update skb->csum and NAPI csum. Signed-off-by: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* pkt_sched: fq: increase max delay from 125 ms to one secondEric Dumazet2014-11-261-5/+4
| | | | | | | | | | | | | | FQ/pacing has a clamp of delay of 125 ms, to avoid some possible harm. It turns out this delay is too small to allow pacing low rates : Some ISP setup very aggressive policers as low as 16kbit. Now TCP stack has spurious rtx prevention, it seems safe to increase this fixed parameter, without adding a qdisc attribute. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'for-davem' of ↵David S. Miller2014-11-2668-466/+343
|\ | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs More work from Al Viro to move away from modifying iovecs by using iov_iter instead. Signed-off-by: David S. Miller <davem@davemloft.net>
| * rds: switch rds_message_copy_from_user() to iov_iterAl Viro2014-11-243-33/+16
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * rds: switch ->inc_copy_to_user() to passing iov_iterAl Viro2014-11-249-120/+47
| | | | | | | | | | | | instances get considerably simpler from that... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * [atm] switch vcc_sendmsg() to copy_from_iter()Al Viro2014-11-241-11/+6
| | | | | | | | | | | | | | | | | | ... and make it handle multi-segment iovecs - deals with that "fix this later" issue for free. A bit of shame, really - it had been there since 2.3.15pre3 when the whole thing went into the tree, practically a historical artefact by now... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * vmci_transport: switch ->enqeue_dgram, ->enqueue_stream and ->dequeue_stream ↵Al Viro2014-11-243-13/+13
| | | | | | | | | | | | to msghdr Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * tipc_msg_build(): pass msghdr instead of its ->msg_iovAl Viro2014-11-243-9/+8
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * tipc_sendmsg(): pass msghdr instead of its ->msg_iovAl Viro2014-11-241-4/+4
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * switch sctp_user_addto_chunk() and sctp_datamsg_from_user() to passing iov_iterAl Viro2014-11-244-17/+19
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * switch AF_PACKET and AF_UNIX to skb_copy_datagram_from_iter()Al Viro2014-11-244-95/+18
| | | | | | | | | | | | ... and kill skb_copy_datagram_iovec() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * kill zerocopy_sg_from_iovec()Al Viro2014-11-242-65/+2
| | | | | | | | | | | | no users left Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * {macvtap,tun}_get_user(): switch to iov_iterAl Viro2014-11-242-43/+45
| | | | | | | | | | | | allows to switch macvtap and tun from ->aio_write() to ->write_iter() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * new helpers: skb_copy_datagram_from_iter() and zerocopy_sg_from_iter()Al Viro2014-11-242-0/+119
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * switch macvtap to ->read_iter()Al Viro2014-11-241-34/+27
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * switch drivers/net/tun.c to ->read_iter()Al Viro2014-11-241-25/+15
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * new helper: memcpy_to_msg()Al Viro2014-11-249-9/+13
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * switch ipxrtr_route_packet() from iovec to msghdrAl Viro2014-11-243-5/+4
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * new helper: memcpy_from_msg()Al Viro2014-11-2436-57/+57
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| * new helper: skb_copy_and_csum_datagram_msg()Al Viro2014-11-244-5/+9
| | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* | net: Hyper-V: Deletion of an unnecessary check before the function call "vfree"Markus Elfring2014-11-251-3/+1
| | | | | | | | | | | | | | | | | | | | | | The vfree() function performs also input parameter validation. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | cxgb4/cxgb4vf/csiostor: Add T4/T5 PCI ID TableHariprasad Shenai2014-11-255-263/+210
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new file t4_pci_id_tbl.h that contains T4/T5 PCI ID Table so that for all drivers that uses T4/T5 PCI functions changes can be done in one place. checkpatch.pl script reports following error, which if tried to fix ends up in compilation error. ERROR: Macros with complex values should be enclosed in parentheses +#define CH_PCI_DEVICE_ID_TABLE_DEFINE_END \ + { 0, } \ + } WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? new file mode 100644 ERROR: Macros with complex values should be enclosed in parentheses +#define CH_PCI_ID_TABLE_FENTRY(devid) \ + CH_PCI_ID_TABLE_ENTRY((devid) | \ + ((CH_PCI_DEVICE_ID_FUNCTION) << 8)), \ + CH_PCI_ID_TABLE_ENTRY((devid) | \ + ((CH_PCI_DEVICE_ID_FUNCTION2) << 8)) ERROR: Macros with complex values should be enclosed in parentheses +#define CH_PCI_DEVICE_ID_TABLE_DEFINE_END { 0, } } ERROR: Macros with complex values should be enclosed in parentheses +#define CH_PCI_DEVICE_ID_TABLE_DEFINE_END { 0, } } Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | net/smsc911x: Add minimal runtime PM supportGeert Uytterhoeven2014-11-241-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add minimal runtime PM support (enable on probe, disable on remove), to ensure proper operation with a parent device that uses runtime PM. This is needed on systems where the external bus controller module of the SoC is contained in a PM domain and/or has a gateable functional clock. In such cases, before accessing any device connected to the external bus, the PM domain must be powered up, and/or the functional clock must be enabled, which is typically handled through runtime PM by the bus controller driver. An example of this is the kzm9g development board, where an smsc9220 Ethernet controller is connected to the Bus State Controller (BSC) of a Renesas sh73a0 SoC. Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: David S. Miller <davem@davemloft.net>
* | tipc: add tipc_netlink.h to uapi KbuildRichard Alpe2014-11-241-0/+1
| | | | | | | | | | | | | | | | | | tipc_netlink.h is the user-space header for the new netlink api. It was accidentally left out of the uapi Kbuild list when the api was added. Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | rhashtable: Check for count mismatch while iterating in selftestThomas Graf2014-11-241-7/+20
| | | | | | | | | | | | | | | | | | | | Verify whether both the lock and RCU protected iterators see all test entries before and after expanding and shrinking has been performed. Also verify whether the number of entries in the hashtable remains stable during expansion and shrinking. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
* | tc_vlan: fix type of tcfv_push_vidJiri Pirko2014-11-241-1/+1
| | | | | | | | | | | | | | | | Should be u16. So fix it to kill the sparse warning. Fixes: c7e2b9689ef8136 "sched: introduce vlan action" Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David S. Miller <davem@davemloft.net>
* | tipc: fix sparse warnings in new nl apiRichard Alpe2014-11-246-21/+29
| | | | | | | | | | | | | | | | Fix sparse warnings about non-static declaration of static functions in the new tipc netlink API. Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller2014-11-2438-156/+636
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pablo Neira Ayuso says: ==================== netfilter/ipvs updates for net-next The following patchset contains Netfilter updates for your net-next tree, this includes the NAT redirection support for nf_tables, the cgroup support for nft meta and conntrack zone support for the connlimit match. Coming after those, a bunch of sparse warning fixes, missing netns bits and cleanups. More specifically, they are: 1) Prepare IPv4 and IPv6 NAT redirect code to use it from nf_tables, patches from Arturo Borrero. 2) Introduce the nf_tables redir expression, from Arturo Borrero. 3) Remove an unnecessary assignment in ip_vs_xmit/__ip_vs_get_out_rt(). Patch from Alex Gartrell. 4) Add nft_log_dereference() macro to the nf_log infrastructure, patch from Marcelo Leitner. 5) Add some extra validation when registering logger families, also from Marcelo. 6) Some spelling cleanups from stephen hemminger. 7) Fix sparse warning in nf_logger_find_get(). 8) Add cgroup support to nf_tables meta, patch from Ana Rey. 9) A Kconfig fix for the new redir expression and fix sparse warnings in the new redir expression. 10) Fix several sparse warnings in the netfilter tree, from Florian Westphal. 11) Reduce verbosity when OOM in nfnetlink_log. User can basically do nothing when this situation occurs. 12) Add conntrack zone support to xt_connlimit, again from Florian. 13) Add netnamespace support to the h323 conntrack helper, contributed by Vasily Averin. 14) Remove unnecessary nul-pointer checks before free_percpu() and module_put(), from Markus Elfring. 15) Use pr_fmt in nfnetlink_log, again patch from Marcelo Leitner. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
| * | netfilter: nfnetlink_log: Make use of pr_fmt where applicableMarcelo Leitner2014-11-201-3/+6
| | | | | | | | | | | | | | | Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: Deletion of unnecessary checks before two function callsMarkus Elfring2014-11-205-10/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The functions free_percpu() and module_put() test whether their argument is NULL and then return immediately. Thus the test around the call is not needed. This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Acked-by: Julian Anastasov <ja@ssi.bg> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: nf_conntrack_h323: lookup route from proper net namespaceVasily Averin2014-11-171-6/+8
| | | | | | | | | | | | | | | Signed-off-by: Vasily Averin <vvs@parallels.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: xt_connlimit: honor conntrack zone if availableFlorian Westphal2014-11-171-11/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently all the conntrack lookups are done using default zone. In case the skb has a ct attached (e.g. template) we should use this zone for lookups instead. This makes connlimit work with connections assigned to other zones. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: nfnetlink_log: remove unnecessary error messagesPablo Neira Ayuso2014-11-131-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case of OOM, there's nothing userspace can do. If there's no room to put the payload in __build_packet_message(), jump to nla_put_failure which already performs the corresponding error reporting. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: fix various sparse warningsFlorian Westphal2014-11-138-16/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | net/bridge/br_netfilter.c:870:6: symbol 'br_netfilter_enable' was not declared. Should it be static? no; add include net/ipv4/netfilter/nft_reject_ipv4.c:22:6: symbol 'nft_reject_ipv4_eval' was not declared. Should it be static? yes net/ipv6/netfilter/nf_reject_ipv6.c:16:6: symbol 'nf_send_reset6' was not declared. Should it be static? no; add include net/ipv6/netfilter/nft_reject_ipv6.c:22:6: symbol 'nft_reject_ipv6_eval' was not declared. Should it be static? yes net/netfilter/core.c:33:32: symbol 'nf_ipv6_ops' was not declared. Should it be static? no; add include net/netfilter/xt_DSCP.c:40:57: cast truncates bits from constant value (ffffff03 becomes 3) net/netfilter/xt_DSCP.c:57:59: cast truncates bits from constant value (ffffff03 becomes 3) add __force, 3 is what we want. net/ipv4/netfilter/nf_log_arp.c:77:6: symbol 'nf_log_arp_packet' was not declared. Should it be static? yes net/ipv4/netfilter/nf_reject_ipv4.c:17:6: symbol 'nf_send_reset' was not declared. Should it be static? no; add include Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: nft_redir: fix sparse warningsPablo Neira Ayuso2014-11-121-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | >> net/netfilter/nft_redir.c:39:26: sparse: incorrect type in assignment (different base types) net/netfilter/nft_redir.c:39:26: expected unsigned int [unsigned] [usertype] nla_be32 net/netfilter/nft_redir.c:39:26: got restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:40:40: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:46:34: sparse: incorrect type in assignment (different base types) net/netfilter/nft_redir.c:46:34: expected unsigned int [unsigned] [usertype] nla_be32 net/netfilter/nft_redir.c:46:34: got restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 >> net/netfilter/nft_redir.c:47:48: sparse: cast to restricted __be32 Fixes: e9105f1 ("netfilter: nf_tables: add new expression nft_redir") Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: fix unmet dependencies in NETFILTER_XT_TARGET_REDIRECTPablo Neira Ayuso2014-11-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | warning: (NETFILTER_XT_TARGET_REDIRECT) selects NF_NAT_REDIRECT_IPV4 which has unmet direct dependencies (NET && INET && NETFILTER && NF_NAT_IPV4) warning: (NETFILTER_XT_TARGET_REDIRECT) selects NF_NAT_REDIRECT_IPV6 which has unmet direct dependencies (NET && INET && IPV6 && NETFILTER && NF_NAT_IPV6) Fixes: 8b13edd ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables") Fixes: 9de920e ("netfilter: refactor NAT redirect IPv6 code to use it from nf_tables") Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: nft_meta: add cgroup supportAna Rey2014-11-092-0/+9
| | | | | | | | | | | | | | | | | | | | | This allows you to filter traffic by process control group (cgroup). Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: nf_log: fix sparse warning in nf_logger_find_get()Pablo Neira Ayuso2014-11-041-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | net/netfilter/nf_log.c:157:16: warning: incorrect type in assignment (different address spaces) net/netfilter/nf_log.c:157:16: expected struct nf_logger *logger net/netfilter/nf_log.c:157:16: got struct nf_logger [noderef] <asn:4>*<noident> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | netfilter: fix spelling errorsstephen hemminger2014-10-302-2/+2
| | | | | | | | | | | | | | | Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | Merge branch 'ipvs-next'Pablo Neira Ayuso2014-10-301-1/+0
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Simon Horman says: ==================== The single patch in this series fixes some minor fallout from adding support IPv6 real servers in IPv4 virtual-services and vice versa. It should not have any run-time affect other than perhaps saving a few cycles. ==================== Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| | * | ipvs: remove unnecessary assignment in __ip_vs_get_out_rtAlex Gartrell2014-10-281-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is a precondition of the function that daddr be equal to dest->addr.ip if dest is non-NULL, so this additional assignment is just confusing for stupid engineers like me. Signed-off-by: Alex Gartrell <agartrell@fb.com> Signed-off-by: Simon Horman <horms@verge.net.au>
| * | | netfilter: log: protect nf_log_register against double registeringMarcelo Leitner2014-10-304-6/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, despite the comment right before the function, nf_log_register allows registering two loggers on with the same type and end up overwriting the previous register. Not a real issue today as current tree doesn't have two loggers for the same type but it's better to get this protected. Also make sure that all of its callers do error checking. Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | | netfilter: nf_log: Introduce nft_log_dereference() macroMarcelo Leitner2014-10-301-12/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Wrap up a common call pattern in an easier to handle call. Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | | netfilter: nf_tables: add new expression nft_redirArturo Borrero2014-10-2711-0/+319
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new expression provides NAT in the redirect flavour, which is to redirect packets to local machine. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | | netfilter: refactor NAT redirect IPv6 code to use it from nf_tablesArturo Borrero2014-10-276-38/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch refactors the IPv6 code so it can be usable both from xt and nf_tables. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | | netfilter: refactor NAT redirect IPv4 to use it from nf_tablesArturo Borrero2014-10-276-42/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch refactors the IPv4 code so it can be usable both from xt and nf_tables. A similar patch follows-up to handle IPv6. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 14:04:46 +0100