* [PATCH nf-next 0/7] Netfilter updates for net-next
@ 2021-12-15 23:49 Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 1/7] ipvs: remove unused variable for ip_vs_new_dest Pablo Neira Ayuso
` (6 more replies)
0 siblings, 7 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
Hi,
The following patchset contains Netfilter updates for net-next, mostly
rather small housekeeping patches:
1) Remove unused variable in IPVS, from GuoYong Zheng.
2) Use memset_after in conntrack, from Kees Cook.
3) Remove leftover function in nfnetlink_queue, from Florian Westphal.
4) Remove redundant test on bool in conntrack, from Bernard Zhao.
5) egress support for nft_fwd, from Lukas Wunner.
6) Make pppoe work for br_netfilter, from Florian Westphal.
7) Remove unused variable in conntrack resize routine, from luo penghao.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thanks.
----------------------------------------------------------------
The following changes since commit 196073f9c44be0b4758ead11e51bc2875f98df29:
net: ixp4xx_hss: drop kfree for memory allocated with devm_kzalloc (2021-11-30 12:40:22 +0000)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 284ca7647c67683b32f4f8c0dec6cc38cb2cb9f8:
netfilter: conntrack: Remove useless assignment statements (2021-12-16 00:17:40 +0100)
----------------------------------------------------------------
Bernard Zhao (1):
netfilter: ctnetlink: remove useless type conversion to bool
Florian Westphal (2):
netfilter: nf_queue: remove leftover synchronize_rcu
netfilter: bridge: add support for pppoe filtering
GuoYong Zheng (1):
ipvs: remove unused variable for ip_vs_new_dest
Kees Cook (1):
netfilter: conntrack: Use memset_startat() to zero struct nf_conn
Pablo Neira Ayuso (1):
netfilter: nft_fwd_netdev: Support egress hook
luo penghao (1):
netfilter: conntrack: Remove useless assignment statements
net/bridge/br_netfilter_hooks.c | 7 +++----
net/netfilter/ipvs/ip_vs_ctl.c | 7 ++-----
net/netfilter/nf_conntrack_core.c | 5 +----
net/netfilter/nf_conntrack_netlink.c | 2 +-
net/netfilter/nfnetlink_queue.c | 6 ------
net/netfilter/nft_fwd_netdev.c | 7 +++++--
6 files changed, 12 insertions(+), 22 deletions(-)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH nf-next 1/7] ipvs: remove unused variable for ip_vs_new_dest
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
@ 2021-12-15 23:49 ` Pablo Neira Ayuso
2021-12-16 1:50 ` patchwork-bot+netdevbpf
2021-12-15 23:49 ` [PATCH nf-next 2/7] netfilter: conntrack: Use memset_startat() to zero struct nf_conn Pablo Neira Ayuso
` (5 subsequent siblings)
6 siblings, 1 reply; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: GuoYong Zheng <zhenggy@chinatelecom.cn>
The dest variable is not used after ip_vs_new_dest anymore in
ip_vs_add_dest, do not need pass it to ip_vs_new_dest, remove it.
Signed-off-by: GuoYong Zheng <zhenggy@chinatelecom.cn>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/ipvs/ip_vs_ctl.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 39c523bd775c..7f645328b47f 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -960,8 +960,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
* Create a destination for the given service
*/
static int
-ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
- struct ip_vs_dest **dest_p)
+ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
{
struct ip_vs_dest *dest;
unsigned int atype, i;
@@ -1021,8 +1020,6 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
spin_lock_init(&dest->stats.lock);
__ip_vs_update_dest(svc, dest, udest, 1);
- *dest_p = dest;
-
LeaveFunction(2);
return 0;
@@ -1096,7 +1093,7 @@ ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
/*
* Allocate and initialize the dest structure
*/
- ret = ip_vs_new_dest(svc, udest, &dest);
+ ret = ip_vs_new_dest(svc, udest);
}
LeaveFunction(2);
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH nf-next 2/7] netfilter: conntrack: Use memset_startat() to zero struct nf_conn
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 1/7] ipvs: remove unused variable for ip_vs_new_dest Pablo Neira Ayuso
@ 2021-12-15 23:49 ` Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 3/7] netfilter: nf_queue: remove leftover synchronize_rcu Pablo Neira Ayuso
` (4 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Kees Cook <keescook@chromium.org>
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.
Use memset_startat() to avoid confusing memset() about writing beyond
the target struct member.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_core.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 054ee9d25efe..aa657db18318 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1562,9 +1562,7 @@ __nf_conntrack_alloc(struct net *net,
ct->status = 0;
ct->timeout = 0;
write_pnet(&ct->ct_net, net);
- memset(&ct->__nfct_init_offset, 0,
- offsetof(struct nf_conn, proto) -
- offsetof(struct nf_conn, __nfct_init_offset));
+ memset_after(ct, 0, __nfct_init_offset);
nf_ct_zone_add(ct, zone);
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH nf-next 3/7] netfilter: nf_queue: remove leftover synchronize_rcu
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 1/7] ipvs: remove unused variable for ip_vs_new_dest Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 2/7] netfilter: conntrack: Use memset_startat() to zero struct nf_conn Pablo Neira Ayuso
@ 2021-12-15 23:49 ` Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 4/7] netfilter: ctnetlink: remove useless type conversion to bool Pablo Neira Ayuso
` (3 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Florian Westphal <fw@strlen.de>
Its no longer needed after commit 870299707436
("netfilter: nf_queue: move hookfn registration out of struct net").
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nfnetlink_queue.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 4acc4b8e9fe5..b61165e97252 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -1527,15 +1527,9 @@ static void __net_exit nfnl_queue_net_exit(struct net *net)
WARN_ON_ONCE(!hlist_empty(&q->instance_table[i]));
}
-static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list)
-{
- synchronize_rcu();
-}
-
static struct pernet_operations nfnl_queue_net_ops = {
.init = nfnl_queue_net_init,
.exit = nfnl_queue_net_exit,
- .exit_batch = nfnl_queue_net_exit_batch,
.id = &nfnl_queue_net_id,
.size = sizeof(struct nfnl_queue_net),
};
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH nf-next 4/7] netfilter: ctnetlink: remove useless type conversion to bool
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
` (2 preceding siblings ...)
2021-12-15 23:49 ` [PATCH nf-next 3/7] netfilter: nf_queue: remove leftover synchronize_rcu Pablo Neira Ayuso
@ 2021-12-15 23:49 ` Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 5/7] netfilter: nft_fwd_netdev: Support egress hook Pablo Neira Ayuso
` (2 subsequent siblings)
6 siblings, 0 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Bernard Zhao <bernard@vivo.com>
dying is bool, the type conversion to true/false value is not
needed.
Signed-off-by: Bernard Zhao <bernard@vivo.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 849fa7f4353c..f9f5cb46c43d 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1746,7 +1746,7 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying
res = ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
- ct, dying ? true : false, 0);
+ ct, dying, 0);
if (res < 0) {
if (!atomic_inc_not_zero(&ct->ct_general.use))
continue;
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH nf-next 5/7] netfilter: nft_fwd_netdev: Support egress hook
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
` (3 preceding siblings ...)
2021-12-15 23:49 ` [PATCH nf-next 4/7] netfilter: ctnetlink: remove useless type conversion to bool Pablo Neira Ayuso
@ 2021-12-15 23:49 ` Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 6/7] netfilter: bridge: add support for pppoe filtering Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 7/7] netfilter: conntrack: Remove useless assignment statements Pablo Neira Ayuso
6 siblings, 0 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
Allow packet redirection to another interface upon egress.
[lukas: set skb_iif, add commit message, original patch from Pablo. ]
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_fwd_netdev.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nft_fwd_netdev.c b/net/netfilter/nft_fwd_netdev.c
index cd59afde5b2f..fa9301ca6033 100644
--- a/net/netfilter/nft_fwd_netdev.c
+++ b/net/netfilter/nft_fwd_netdev.c
@@ -27,9 +27,11 @@ static void nft_fwd_netdev_eval(const struct nft_expr *expr,
{
struct nft_fwd_netdev *priv = nft_expr_priv(expr);
int oif = regs->data[priv->sreg_dev];
+ struct sk_buff *skb = pkt->skb;
/* This is used by ifb only. */
- skb_set_redirected(pkt->skb, true);
+ skb->skb_iif = skb->dev->ifindex;
+ skb_set_redirected(skb, nft_hook(pkt) == NF_NETDEV_INGRESS);
nf_fwd_netdev_egress(pkt, oif);
regs->verdict.code = NF_STOLEN;
@@ -198,7 +200,8 @@ static int nft_fwd_validate(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nft_data **data)
{
- return nft_chain_validate_hooks(ctx->chain, (1 << NF_NETDEV_INGRESS));
+ return nft_chain_validate_hooks(ctx->chain, (1 << NF_NETDEV_INGRESS) |
+ (1 << NF_NETDEV_EGRESS));
}
static struct nft_expr_type nft_fwd_netdev_type;
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH nf-next 6/7] netfilter: bridge: add support for pppoe filtering
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
` (4 preceding siblings ...)
2021-12-15 23:49 ` [PATCH nf-next 5/7] netfilter: nft_fwd_netdev: Support egress hook Pablo Neira Ayuso
@ 2021-12-15 23:49 ` Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 7/7] netfilter: conntrack: Remove useless assignment statements Pablo Neira Ayuso
6 siblings, 0 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: Florian Westphal <fw@strlen.de>
This makes 'bridge-nf-filter-pppoe-tagged' sysctl work for
bridged traffic.
Looking at the original commit it doesn't appear this ever worked:
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
[..]
if (skb->protocol == htons(ETH_P_8021Q)) {
skb_pull(skb, VLAN_HLEN);
skb->network_header += VLAN_HLEN;
+ } else if (skb->protocol == htons(ETH_P_PPP_SES)) {
+ skb_pull(skb, PPPOE_SES_HLEN);
+ skb->network_header += PPPOE_SES_HLEN;
}
[..]
NF_HOOK(... POST_ROUTING, ...)
... but the adjusted offsets are never restored.
The alternative would be to rip this code out for good,
but otoh we'd have to keep this anyway for the vlan handling
(which works because vlan tag info is in the skb, not the packet
payload).
Reported-and-tested-by: Amish Chana <amish@3g.co.za>
Fixes: 516299d2f5b6f97 ("[NETFILTER]: bridge-nf: filter bridged IPv4/IPv6 encapsulated in pppoe traffic")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/bridge/br_netfilter_hooks.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index b5af68c105a8..4fd882686b04 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -743,6 +743,9 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
if (nf_bridge->frag_max_size && nf_bridge->frag_max_size < mtu)
mtu = nf_bridge->frag_max_size;
+ nf_bridge_update_protocol(skb);
+ nf_bridge_push_encap_header(skb);
+
if (skb_is_gso(skb) || skb->len + mtu_reserved <= mtu) {
nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(net, sk, skb);
@@ -760,8 +763,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
IPCB(skb)->frag_max_size = nf_bridge->frag_max_size;
- nf_bridge_update_protocol(skb);
-
data = this_cpu_ptr(&brnf_frag_data_storage);
if (skb_vlan_tag_present(skb)) {
@@ -789,8 +790,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size;
- nf_bridge_update_protocol(skb);
-
data = this_cpu_ptr(&brnf_frag_data_storage);
data->encap_size = nf_bridge_encap_header_len(skb);
data->size = ETH_HLEN + data->encap_size;
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH nf-next 7/7] netfilter: conntrack: Remove useless assignment statements
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
` (5 preceding siblings ...)
2021-12-15 23:49 ` [PATCH nf-next 6/7] netfilter: bridge: add support for pppoe filtering Pablo Neira Ayuso
@ 2021-12-15 23:49 ` Pablo Neira Ayuso
6 siblings, 0 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2021-12-15 23:49 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev, kuba
From: luo penghao <luo.penghao@zte.com.cn>
The old_size assignment here will not be used anymore
The clang_analyzer complains as follows:
Value stored to 'old_size' is never read
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: luo penghao <luo.penghao@zte.com.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_core.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index aa657db18318..b622ef143415 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2588,7 +2588,6 @@ int nf_conntrack_hash_resize(unsigned int hashsize)
hlist_nulls_add_head_rcu(&h->hnnode, &hash[bucket]);
}
}
- old_size = nf_conntrack_htable_size;
old_hash = nf_conntrack_hash;
nf_conntrack_hash = hash;
--
2.30.2
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH nf-next 1/7] ipvs: remove unused variable for ip_vs_new_dest
2021-12-15 23:49 ` [PATCH nf-next 1/7] ipvs: remove unused variable for ip_vs_new_dest Pablo Neira Ayuso
@ 2021-12-16 1:50 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 9+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-12-16 1:50 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, davem, netdev, kuba
Hello:
This series was applied to netdev/net-next.git (master)
by Pablo Neira Ayuso <pablo@netfilter.org>:
On Thu, 16 Dec 2021 00:49:05 +0100 you wrote:
> From: GuoYong Zheng <zhenggy@chinatelecom.cn>
>
> The dest variable is not used after ip_vs_new_dest anymore in
> ip_vs_add_dest, do not need pass it to ip_vs_new_dest, remove it.
>
> Signed-off-by: GuoYong Zheng <zhenggy@chinatelecom.cn>
> Acked-by: Julian Anastasov <ja@ssi.bg>
> Acked-by: Simon Horman <horms@verge.net.au>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
>
> [...]
Here is the summary with links:
- [nf-next,1/7] ipvs: remove unused variable for ip_vs_new_dest
https://git.kernel.org/netdev/net-next/c/fc5e0352ccb5
- [nf-next,2/7] netfilter: conntrack: Use memset_startat() to zero struct nf_conn
https://git.kernel.org/netdev/net-next/c/4be1dbb75c3d
- [nf-next,3/7] netfilter: nf_queue: remove leftover synchronize_rcu
https://git.kernel.org/netdev/net-next/c/c5fc837bf934
- [nf-next,4/7] netfilter: ctnetlink: remove useless type conversion to bool
https://git.kernel.org/netdev/net-next/c/632cb151ca53
- [nf-next,5/7] netfilter: nft_fwd_netdev: Support egress hook
https://git.kernel.org/netdev/net-next/c/f87b9464d152
- [nf-next,6/7] netfilter: bridge: add support for pppoe filtering
https://git.kernel.org/netdev/net-next/c/28b78ecffea8
- [nf-next,7/7] netfilter: conntrack: Remove useless assignment statements
https://git.kernel.org/netdev/net-next/c/284ca7647c67
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-12-16 1:50 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-15 23:49 [PATCH nf-next 0/7] Netfilter updates for net-next Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 1/7] ipvs: remove unused variable for ip_vs_new_dest Pablo Neira Ayuso
2021-12-16 1:50 ` patchwork-bot+netdevbpf
2021-12-15 23:49 ` [PATCH nf-next 2/7] netfilter: conntrack: Use memset_startat() to zero struct nf_conn Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 3/7] netfilter: nf_queue: remove leftover synchronize_rcu Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 4/7] netfilter: ctnetlink: remove useless type conversion to bool Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 5/7] netfilter: nft_fwd_netdev: Support egress hook Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 6/7] netfilter: bridge: add support for pppoe filtering Pablo Neira Ayuso
2021-12-15 23:49 ` [PATCH nf-next 7/7] netfilter: conntrack: Remove useless assignment statements Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.