Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says: ==================== Netfilter/IPVS updates for net-next The following patchset contains Netfilter updates for your net-next tree, they are: 1) Remove useless debug message when deleting IPVS service, from Yannick Brosseau. 2) Get rid of compilation warning when CONFIG_PROC_FS is unset in several spots of the IPVS code, from Arnd Bergmann. 3) Add prandom_u32 support to nft_meta, from Florian Westphal. 4) Remove unused variable in xt_osf, from Sudip Mukherjee. 5) Don't calculate IP checksum twice from netfilter ipv4 defrag hook since fixing af_packet defragmentation issues, from Joe Stringer. 6) On-demand hook registration for iptables from netns. Instead of registering the hooks for every available netns whenever we need one of the support tables, we register this on the specific netns that needs it, patchset from Florian Westphal. 7) Add missing port range selection to nf_tables masquerading support. BTW, just for the record, there is a typo in the description of 5f6c253ebe93b0 ("netfilter: bridge: register hooks only when bridge interface is added") that refers to the cluster match as deprecated, but it is actually the CLUSTERIP target (which registers hooks inconditionally) the one that is scheduled for removal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2016-03-08 14:25:20 -0500
committer: David S. Miller <davem@davemloft.net> 2016-03-08 14:25:20 -0500
commit: 4c38cd61aef20fce34c669caa901634ca5f88bf8 (patch)
tree: 67df223fbeb6b8ec4639f1237db947c647015809 /include/uapi
parent: d24ad3fc0e454b4354acc10149ecceda445d6a75 (diff)
parent: 8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index be41ffc128b8..eeffde196f80 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -681,6 +681,7 @@ enum nft_exthdr_attributes {
 * @NFT_META_IIFGROUP: packet input interface group
 * @NFT_META_OIFGROUP: packet output interface group
 * @NFT_META_CGROUP: socket control group (skb->sk->sk_classid)
+ * @NFT_META_PRANDOM: a 32bit pseudo-random number
 */
 enum nft_meta_keys {
        NFT_META_LEN,
@@ -707,6 +708,7 @@ enum nft_meta_keys {
        NFT_META_IIFGROUP,
        NFT_META_OIFGROUP,
        NFT_META_CGROUP,
+        NFT_META_PRANDOM,
 };
 /**
@@ -949,10 +951,14 @@ enum nft_nat_attributes {
 * enum nft_masq_attributes - nf_tables masquerade expression attributes
 *
 * @NFTA_MASQ_FLAGS: NAT flags (see NF_NAT_RANGE_* in linux/netfilter/nf_nat.h) (NLA_U32)
+ * @NFTA_MASQ_REG_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers)
+ * @NFTA_MASQ_REG_PROTO_MAX: source register of proto range end (NLA_U32: nft_registers)
 */
 enum nft_masq_attributes {
        NFTA_MASQ_UNSPEC,
        NFTA_MASQ_FLAGS,
+        NFTA_MASQ_REG_PROTO_MIN,
+        NFTA_MASQ_REG_PROTO_MAX,
        __NFTA_MASQ_MAX
 };
 #define NFTA_MASQ_MAX           (__NFTA_MASQ_MAX - 1)
author	David S. Miller <davem@davemloft.net>	2016-03-08 14:25:20 -0500
committer	David S. Miller <davem@davemloft.net>	2016-03-08 14:25:20 -0500
commit	4c38cd61aef20fce34c669caa901634ca5f88bf8 (patch)
tree	67df223fbeb6b8ec4639f1237db947c647015809 /include/uapi
parent	d24ad3fc0e454b4354acc10149ecceda445d6a75 (diff)
parent	8a6bf5da1aefdafd60b73d9122c7af9fd2d7bb9c (diff)