[Devel] [PATCH RH8 00/13] port part 3: netfilter

Alexander Mikhalitsyn alexander.mikhalitsyn at virtuozzo.com
Tue May 18 20:54:14 MSK 2021


See https://jira.sw.ru/browse/PSBM-127783

Andrey Ryabinin (1):
  netfilter/x_tables: account entry offsets allocations

Kirill Tkhai (5):
  ve/netfilter: Implement pernet net->ct.max / virtualize
    "nf_conntrack_max" sysctl
  ve/netfilter: Add autoloading of sockopt modules
  ve/netfilter: Check for permittions while looking for target and match
  net: Mark conntrack users in xtables
  net: Mark conntrack users in nftables

Konstantin Khorenko (1):
  ve/netfilter: Implement pernet expect_max / virtualize
    "net.netfilter.nf_conntrack_expect_max" sysctl

Pavel Tikhomirov (1):
  ve/netlink: allow messages with family PF_BRIDGE type RTM_xxxNEIGH in
    CT

Stanislav Kinsburskiy (5):
  ve/netfilter: Basic ve transformations
  ve/nf_conntrack: expose "nf_conntrack_max" in containers
  ve/nf_conntrack: expose "nf_conntrack_acct" in contaners
  ve/nf_conntrack: expose "nf_conntrack_events*" in contaners
  net: Primitives to enable conntrack allocation

 include/linux/netfilter/x_tables.h          |  17 ++++
 include/linux/ve.h                          |   4 +-
 include/net/net_namespace.h                 |  10 ++
 include/net/netfilter/nf_conntrack_expect.h |   1 -
 include/net/netns/conntrack.h               |   4 +
 kernel/ve/ve.c                              |  98 ++++++++++---------
 net/core/rtnetlink.c                        |   4 +-
 net/ipv4/netfilter/ip_tables.c              |  15 ++-
 net/ipv4/netfilter/ipt_CLUSTERIP.c          |   2 +
 net/ipv4/netfilter/ipt_MASQUERADE.c         |   6 +-
 net/ipv4/netfilter/ipt_REJECT.c             |   4 +-
 net/ipv4/netfilter/ipt_SYNPROXY.c           |   2 +
 net/ipv6/netfilter/ip6_tables.c             |   3 +
 net/ipv6/netfilter/ip6t_MASQUERADE.c        |   6 +-
 net/ipv6/netfilter/ip6t_SYNPROXY.c          |   2 +
 net/netfilter/nf_conncount.c                |   2 +
 net/netfilter/nf_conntrack_acct.c           |   4 +-
 net/netfilter/nf_conntrack_core.c           |  26 +++--
 net/netfilter/nf_conntrack_ecache.c         |   3 +-
 net/netfilter/nf_conntrack_expect.c         |   7 +-
 net/netfilter/nf_conntrack_netlink.c        |   2 +-
 net/netfilter/nf_conntrack_standalone.c     |  85 ++++++++++++----
 net/netfilter/nf_sockopt.c                  |  76 ++++++++++++++-
 net/netfilter/nft_connlimit.c               |   7 +-
 net/netfilter/nft_ct.c                      |   2 +
 net/netfilter/nft_masq.c                    |   6 +-
 net/netfilter/nft_nat.c                     |   6 +-
 net/netfilter/nft_redir.c                   |   6 +-
 net/netfilter/x_tables.c                    | 101 +++++++++++++-------
 net/netfilter/xt_CONNSECMARK.c              |   2 +
 net/netfilter/xt_CT.c                       |   1 +
 net/netfilter/xt_HMARK.c                    |   1 +
 net/netfilter/xt_NETMAP.c                   |  14 ++-
 net/netfilter/xt_REDIRECT.c                 |  13 ++-
 net/netfilter/xt_TCPMSS.c                   |  12 ++-
 net/netfilter/xt_cluster.c                  |   2 +
 net/netfilter/xt_connbytes.c                |   2 +
 net/netfilter/xt_connlabel.c                |   3 +-
 net/netfilter/xt_connlimit.c                |   2 +
 net/netfilter/xt_connmark.c                 |   2 +
 net/netfilter/xt_conntrack.c                |   2 +
 net/netfilter/xt_helper.c                   |   1 +
 net/netfilter/xt_ipvs.c                     |   1 +
 net/netfilter/xt_limit.c                    |   4 +-
 net/netfilter/xt_nat.c                      |  14 ++-
 net/netfilter/xt_socket.c                   |  10 ++
 net/netfilter/xt_state.c                    |   2 +
 net/socket.c                                |   2 +-
 48 files changed, 451 insertions(+), 150 deletions(-)

-- 
2.28.0



More information about the Devel mailing list