Hi,
The following patchset contains Netfilter/IPVS updates for net-next:
1) Inspect the reply packets coming from DR/TUN and refresh connection
state and timeout, from longguang yue and Julian Anastasov.
2) Series to add support for the inet ingress chain type in nf_tables.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thank you.
----------------------------------------------------------------
The following changes since commit bc081a693a56061f68f736c5d596134ee3c87689:
Merge branch 'Offload-tc-vlan-mangle-to-mscc_ocelot-switch' (2020-10-11
11:19:25 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 793d5d61242695142460ce74f124281e0681fbc7:
netfilter: flowtable: reduce calls to pskb_may_pull() (2020-10-12 01:58:10
+0200)
----------------------------------------------------------------
Pablo Neira Ayuso (5):
netfilter: add nf_static_key_{inc,dec}
netfilter: add nf_ingress_hook() helper function
netfilter: add inet ingress support
netfilter: nf_tables: add inet ingress support
netfilter: flowtable: reduce calls to pskb_may_pull()
longguang.yue (1):
ipvs: inspect reply packets from DR/TUN real servers
include/net/netfilter/nf_tables.h | 6 ++
include/net/netfilter/nf_tables_ipv4.h | 33 +++++++++
include/net/netfilter/nf_tables_ipv6.h | 46 ++++++++++++
include/uapi/linux/netfilter.h | 1 +
net/netfilter/core.c | 129 ++++++++++++++++++++++++++-------
net/netfilter/ipvs/ip_vs_conn.c | 18 ++++-
net/netfilter/ipvs/ip_vs_core.c | 19 ++---
net/netfilter/nf_flow_table_core.c | 12 +--
net/netfilter/nf_flow_table_ip.c | 45 +++++++-----
net/netfilter/nf_tables_api.c | 14 ++--
net/netfilter/nft_chain_filter.c | 35 ++++++++-
11 files changed, 282 insertions(+), 76 deletions(-)
