Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=v5.7 2019-06-05T15:37:15Z 2019-06-05T15:37:15Z Thomas Gleixner tglx@linutronix.de 2019-06-01T08:08:37Z urn:sha1:75a6faf617d107bdbc74d36ccf89f2280b96ac26 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms and conditions of the gnu general public license version 2 as published by the free software foundation extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 101 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190531190113.822954939@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-03-18T15:22:49Z Pablo Neira Ayuso pablo@netfilter.org 2019-03-14T09:50:20Z urn:sha1:8ffcd32f64633926163cdd07a7d295c500a947d1 Proper use counter updates when activating and deactivating the object, otherwise, this hits bogus EBUSY error. Fixes: cd5125d8f518 ("netfilter: nf_tables: split set destruction in deactivate and destroy phase") Reported-by: Laura Garcia <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2019-03-11T12:19:24Z Pablo Neira Ayuso pablo@netfilter.org 2019-03-08T14:30:03Z urn:sha1:273fe3f1006ea5ebc63d6729e43e8e45e32b256a Set deletion after flush coming in the same batch results in EBUSY. Add set use counter to track the number of references to this set from rules. We cannot rely on the list of bindings for this since such list is still populated from the preparation phase. Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2019-02-08T23:00:17Z David S. Miller davem@davemloft.net 2019-02-08T23:00:17Z urn:sha1:a655fe9f194842693258f43b5382855db1c2f654 An ipvlan bug fix in 'net' conflicted with the abstraction away of the IPV6 specific support in 'net-next'. Similarly, a bug fix for mlx5 in 'net' conflicted with the flow action conversion in 'net-next'. Signed-off-by: David S. Miller <davem@davemloft.net> 2019-02-04T16:29:17Z Pablo Neira Ayuso pablo@netfilter.org 2019-02-02T09:49:13Z urn:sha1:f6ac8585897684374a19863fff21186a05805286 Anonymous sets that are bound to rules from the same transaction trigger a kernel splat from the abort path due to double set list removal and double free. This patch updates the logic to search for the transaction that is responsible for creating the set and disable the set list removal and release, given the rule is now responsible for this. Lookup is reverse since the transaction that adds the set is likely to be at the tail of the list. Moreover, this patch adds the unbind step to deliver the event from the commit path. This should not be done from the worker thread, since we have no guarantees of in-order delivery to the listener. This patch removes the assumption that both activate and deactivate callbacks need to be provided. Fixes: cd5125d8f518 ("netfilter: nf_tables: split set destruction in deactivate and destroy phase") Reported-by: Mikhail Morfikov <mmorfikov@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2019-01-18T14:02:33Z Florian Westphal fw@strlen.de 2019-01-08T14:45:59Z urn:sha1:4d44175aa5bb5f68772b1eb0306554812294ca52 Instead of linear search, use rhlist interface to look up the objects. This fixes rulesets with thousands of named objects (quota, counters and the like). We only use a single table for this and consider the address of the table we're doing the lookup in as a part of the key. This reduces restore time of a sample ruleset with ~20k named counters from 37 seconds to 0.8 seconds. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2019-01-18T14:02:32Z Florian Westphal fw@strlen.de 2019-01-08T14:45:58Z urn:sha1:d152159b89118841ebc0f7be2aadf79a22c6c501 Add a 'key' structure for object, so we can look them up by name + table combination (the name can be the same in each table). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2018-09-17T09:29:49Z Florian Westphal fw@strlen.de 2018-08-29T12:41:30Z urn:sha1:cd5125d8f51882279f50506bb9c7e5e89dc9bef3 Splits unbind_set into destroy_set and unbinding operation. Unbinding removes set from lists (so new transaction would not find it anymore) but keeps memory allocated (so packet path continues to work). Rebind function is added to allow unrolling in case transaction that wants to remove set is aborted. Destroy function is added to free the memory, but this could occur outside of transaction in the future. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2018-04-24T08:29:09Z Pablo Neira Ayuso pablo@netfilter.org 2018-03-28T10:06:51Z urn:sha1:cac20fcdf146b82d02e412d7a345f5826279cd82 Replace the nf_tables_ prefix by nft_ and merge code into single lookup function whenever possible. In many cases we go over the 80-chars boundary function names, this save us ~50 LoC. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-30T09:29:20Z Pablo Neira Ayuso pablo@netfilter.org 2018-03-28T10:06:49Z urn:sha1:10659cbab72b7bfee1a886018d1915a9549b6378 To prepare shorter introduction of shorter function prefix. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>