mbox

[0/3] ipset patches for nf-next

Message ID 1540656462-928-1-git-send-email-kadlec@blackhole.kfki.hu
State Accepted
Delegated to: Pablo Neira
Headers show

Pull-request

git://blackhole.kfki.hu/nf-next 23c42a403a9cfdbad6

Message

Jozsef Kadlecsik Oct. 27, 2018, 4:07 p.m. UTC 
Hi Pablo,

Please consider to pull the next patches for nf-next:

- Introduction of new commands and thus protocol version 7. The
  new commands makes possible to eliminate the getsockopt interface
  of ipset and use solely netlink to communicate with the kernel.
  Due to the strict attribute checking both in user/kernel space,
  a new protocol number was introduced. Both the kernel/userspace is
  fully backward compatible.
- Make invalid MAC address checks consisten, from Stefano Brivio.
  The patch depends on the next one.
- Allow matching on destination MAC address for mac and ipmac sets,
  also from Stefano Brivio.

Best regards,
Jozsef

The following changes since commit af510ebd8913bee016492832f532ed919b51c09c:

  Revert "netfilter: xt_quota: fix the behavior of xt_quota module" (2018-10-19 14:00:34 +0200)

are available in the git repository at:

  git://blackhole.kfki.hu/nf-next 23c42a403a9cfdbad6

for you to fetch changes up to 23c42a403a9cfdbad6004a556c927be7dd61a8ee:

  netfilter: ipset: Introduction of new commands and protocol version 7 (2018-10-27 15:49:09 +0200)

----------------------------------------------------------------
Jozsef Kadlecsik (1):
      netfilter: ipset: Introduction of new commands and protocol version 7

Stefano Brivio (2):
      netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
      netfilter: ipset: Make invalid MAC address checks consistent

 include/linux/netfilter/ipset/ip_set.h      |   2 +-
 include/uapi/linux/netfilter/ipset/ip_set.h |  19 ++--
 net/netfilter/ipset/ip_set_bitmap_ipmac.c   |  13 ++-
 net/netfilter/ipset/ip_set_core.c           | 164 +++++++++++++++++++++++++---
 net/netfilter/ipset/ip_set_hash_ipmac.c     |  27 ++---
 net/netfilter/ipset/ip_set_hash_mac.c       |  10 +-
 6 files changed, 187 insertions(+), 48 deletions(-)

Comments

Pablo Neira Ayuso Nov. 12, 2018, 9:19 a.m. UTC | #1 
On Sat, Oct 27, 2018 at 06:07:39PM +0200, Jozsef Kadlecsik wrote:
> Hi Pablo,
> 
> Please consider to pull the next patches for nf-next:
> 
> - Introduction of new commands and thus protocol version 7. The
>   new commands makes possible to eliminate the getsockopt interface
>   of ipset and use solely netlink to communicate with the kernel.
>   Due to the strict attribute checking both in user/kernel space,
>   a new protocol number was introduced. Both the kernel/userspace is
>   fully backward compatible.
> - Make invalid MAC address checks consisten, from Stefano Brivio.
>   The patch depends on the next one.
> - Allow matching on destination MAC address for mac and ipmac sets,
>   also from Stefano Brivio.

Pulled, thanks Jozsef.