Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <kaber <at> trash.net>
Subject: [PATCH 00/84] netfilter: netfilter update for 2.6.35
Newsgroups: gmane.comp.security.firewalls.netfilter.devel
Date: Monday 10th May 2010 20:17:31 UTC (over 7 years ago)
Hi Dave,

appologies for not sending this earlier in smaller batches, as mentioned
earlier I ran into some problems with git. Following is a first netfilter
update for 2.6.35, containing:

- various smaller cleanups, optimizations, Kconfig updates etc.

- merging of the xt_MARK module with xt_mark and xt_CONNMARK with
xt_connmark
  to decrease overhead when using modular kernels, saving 14k on 32 bit,
  from Jan

- scheduling of the NOTRACK module for removal, obsoleted by the CT module

- removal of the compat /proc directory of xt_recent

- addition of an entry reaper to the recent module, from Tim Gardner

- support for changing UID/GID of the recent /proc files, from Jan

- use of NFPROTO values in NF_HOOK calls in IPv4/IPv6/bridging/DECnet, from
Jan

- a change to the xtables ->checkentry() function signature to support
  returning errno codes, from Jan

- removal of old revisions of the hashlimit, multiport and string matches,
  from Jan

- ctnetlink message size computation fixes with conntrack accounting,
  from Jiri Pirko

- hashlimit match RCU conversion, from Eric

- userspace queuing checksum fixes, from Herbert

- fixes for netfilter RCU warnings, from myself

- fixes for the LED target to avoid invalid errors when replacing the
  ruleset

- fixes for iproute compilation breakage due to XT_ALIGN cleanups, from
  Alexey Dobriyan

- bridge netfilter cleanups, simplification and comment updates from Bart

- bridge netfilter MAC header fixes when using DNAT

- bridge netfilter refragmentation fixes for PPPoe, from Bart

- a change to the IPv6 POST_ROUTING invocation to make it receive
  unfragmented packets like IPv4, from Jan

- a fix for the IPv6 xfrm lookup in ip6_route_me_harder, from Ulrich Weber

- more appropriate default log level (KERNL_NOTICE instead of KERN_EMERG)
for
  the IPv4 and IPv6 LOG targets, from myself

- addition of the TEE target, which can be used to clone packets and send
  them to other hosts, f.i. IDS or logging hosts, from Jan

- a patch to make iptables and ip6tables reentrant by moving the jump stack
  to a seperately allocated area. This will allow to get rid of the per
  CPU ruleset duplication in the future. From Jan.

The patches won't apply cleanly because of some conflicts resolved during
merges, please pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6.git
master

Thanks!

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel"
in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms