forked from mirrors/linux
00a25cca0d
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEjF9xRqF1emXiQiqU1w0aZmrPKyEFAmff3F0ACgkQ1w0aZmrP KyGZDQ/7BzMeVJNjr8gRAfYtjqt+NWGr1vf6Tz8GDsGEHfgqeFrX/GyRMZi90kOV YMB8K+HiIou5yJtY2ZWgSkGsId8aK7fHMmN5KnP4l0XL6bcwi7yP/sck2m+KdN9k cApi/iVMVtJ4/+4MPrD6rgPcsDonj+wHwMQ3WItGNgenYDTOnEmqeEL7AK6HGTAg kTUmjVnyws+9UllNRzgJ/67OVewzPWy8imixFl1H+ZEfM0rTuNtr0zzl6rttXIU2 w6FK6Kw3WBZYYfLelLLmtZ2UoxqVD90Y6DOPip1mMjj95jrJPSedsZfUsZivDTNn JOIn/zLtwGjJ2hO/2rFxEEoeiqG79Fskg7fGzQ5mxVtJ1/otDc53WMHjNtQQpYNz 3xpPrwVOdCNQvorDLoDL2cInoc91ZADyJGFmLAou5NQdMbAWKsGKXEQolEiG0JEh hmWlrzkY5cns/dSGeZDAZvyhpVSF8dnClUP2BsPU3vVYN2MbCEBH10dwOkWcUhiq kj+1sNPnxkDiy054e708N3w0OKToHwtgJkfpEENxtI7dtCj/6sz9JHaN77RPiuzf aCIyjrhlUslkB6q5bLznyGoiQTaqzjOVWIGPcMKNT7XbElmhxIUMh3U05SktdlXz F9m1jIvThxPKj492i8ZEDjZQ9iBCEYm5KmnRD89aW+zf4UPbSYg= =b5n2 -----END PGP SIGNATURE----- Merge tag 'nf-next-25-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following batch contains Netfilter updates for net-next: 1) Use kvmalloc in xt_hashlimit, from Denis Kirjanov. 2) Tighten nf_conntrack sysctl accepted values for nf_conntrack_max and nf_ct_expect_max, from Nicolas Bouchinet. 3) Avoid lookup in nft_fib if socket is available, from Florian Westphal. 4) Initialize struct lsm_context in nfnetlink_queue to avoid hypothetical ENOMEM errors, Chenyuan Yang. 5) Use strscpy() instead of _pad when initializing xtables table name, kzalloc is already used to initialized the table memory area. From Thorsten Blum. 6) Missing socket lookup by conntrack information for IPv6 traffic in nft_socket, there is a similar chunk in IPv4, this was never added when IPv6 NAT was introduced. From Maxim Mikityanskiy. 7) Fix clang issues with nf_tables CONFIG_MITIGATION_RETPOLINE, from WangYuli. * tag 'nf-next-25-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next: netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE netfilter: socket: Lookup orig tuple for IPv6 SNAT netfilter: xtables: Use strscpy() instead of strscpy_pad() netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error netfilter: fib: avoid lookup if socket is available netfilter: conntrack: Bound nf_conntrack sysctl writes netfilter: xt_hashlimit: replace vmalloc calls with kvmalloc ==================== Link: https://patch.msgid.link/20250323100922.59983-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|---|---|---|
| .. | ||
| ipv4 | ||
| ipv6 | ||
| br_netfilter.h | ||
| nf_bpf_link.h | ||
| nf_conntrack.h | ||
| nf_conntrack_acct.h | ||
| nf_conntrack_act_ct.h | ||
| nf_conntrack_bpf.h | ||
| nf_conntrack_bridge.h | ||
| nf_conntrack_core.h | ||
| nf_conntrack_count.h | ||
| nf_conntrack_ecache.h | ||
| nf_conntrack_expect.h | ||
| nf_conntrack_extend.h | ||
| nf_conntrack_helper.h | ||
| nf_conntrack_l4proto.h | ||
| nf_conntrack_labels.h | ||
| nf_conntrack_seqadj.h | ||
| nf_conntrack_synproxy.h | ||
| nf_conntrack_timeout.h | ||
| nf_conntrack_timestamp.h | ||
| nf_conntrack_tuple.h | ||
| nf_conntrack_zones.h | ||
| nf_dup_netdev.h | ||
| nf_flow_table.h | ||
| nf_hooks_lwtunnel.h | ||
| nf_log.h | ||
| nf_nat.h | ||
| nf_nat_helper.h | ||
| nf_nat_masquerade.h | ||
| nf_nat_redirect.h | ||
| nf_queue.h | ||
| nf_reject.h | ||
| nf_socket.h | ||
| nf_synproxy.h | ||
| nf_tables.h | ||
| nf_tables_core.h | ||
| nf_tables_ipv4.h | ||
| nf_tables_ipv6.h | ||
| nf_tables_offload.h | ||
| nf_tproxy.h | ||
| nft_fib.h | ||
| nft_meta.h | ||
| nft_reject.h | ||
| xt_rateest.h | ||