diff options
author | David S. Miller <davem@davemloft.net> | 2019-07-08 12:13:38 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-07-08 12:13:38 -0700 |
commit | 47cfb90406e1d8de4007e781155884ff10bb40d3 (patch) | |
tree | bff43ffd983233d08edc09243df7759e3ff15d61 /include/uapi | |
parent | bfb204129a5adeb8eb62d693e97047ae6c8f37fd (diff) | |
parent | 0ef1efd1354d732d040f29b2005420f83fcdd8f4 (diff) | |
download | linux-47cfb90406e1d8de4007e781155884ff10bb40d3.tar.gz linux-47cfb90406e1d8de4007e781155884ff10bb40d3.tar.bz2 linux-47cfb90406e1d8de4007e781155884ff10bb40d3.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
Netfilter/IPVS updates for net-next
The following patchset contains Netfilter/IPVS updates for net-next:
1) Move bridge keys in nft_meta to nft_meta_bridge, from wenxu.
2) Support for bridge pvid matching, from wenxu.
3) Support for bridge vlan protocol matching, also from wenxu.
4) Add br_vlan_get_pvid_rcu(), to fetch the bridge port pvid
from packet path.
5) Prefer specific family extension in nf_tables.
6) Autoload specific family extension in case it is missing.
7) Add synproxy support to nf_tables, from Fernando Fernandez Mancera.
8) Support for GRE encapsulation in IPVS, from Vadim Fedorenko.
9) ICMP handling for GRE encapsulation, from Julian Anastasov.
10) Remove unused parameter in nf_queue, from Florian Westphal.
11) Replace seq_printf() by seq_puts() in nf_log, from Markus Elfring.
12) Rename nf_SYNPROXY.h => nf_synproxy.h before this header becomes
public.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/uapi')
-rw-r--r-- | include/uapi/linux/ip_vs.h | 1 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/nf_synproxy.h (renamed from include/uapi/linux/netfilter/nf_SYNPROXY.h) | 4 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/nf_tables.h | 20 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/xt_SYNPROXY.h | 2 |
4 files changed, 26 insertions, 1 deletions
diff --git a/include/uapi/linux/ip_vs.h b/include/uapi/linux/ip_vs.h index e4f18061a4fd..4102ddcb4e14 100644 --- a/include/uapi/linux/ip_vs.h +++ b/include/uapi/linux/ip_vs.h @@ -128,6 +128,7 @@ enum { IP_VS_CONN_F_TUNNEL_TYPE_IPIP = 0, /* IPIP */ IP_VS_CONN_F_TUNNEL_TYPE_GUE, /* GUE */ + IP_VS_CONN_F_TUNNEL_TYPE_GRE, /* GRE */ IP_VS_CONN_F_TUNNEL_TYPE_MAX, }; diff --git a/include/uapi/linux/netfilter/nf_SYNPROXY.h b/include/uapi/linux/netfilter/nf_synproxy.h index 068d1b3a6f06..6f3791c8946f 100644 --- a/include/uapi/linux/netfilter/nf_SYNPROXY.h +++ b/include/uapi/linux/netfilter/nf_synproxy.h @@ -9,6 +9,10 @@ #define NF_SYNPROXY_OPT_SACK_PERM 0x04 #define NF_SYNPROXY_OPT_TIMESTAMP 0x08 #define NF_SYNPROXY_OPT_ECN 0x10 +#define NF_SYNPROXY_OPT_MASK (NF_SYNPROXY_OPT_MSS | \ + NF_SYNPROXY_OPT_WSCALE | \ + NF_SYNPROXY_OPT_SACK_PERM | \ + NF_SYNPROXY_OPT_TIMESTAMP) struct nf_synproxy_info { __u8 options; diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index c6c8ec5c7c00..0e3462dfb182 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -795,6 +795,8 @@ enum nft_exthdr_attributes { * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp) * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind) * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind) + * @NFT_META_BRI_IIFPVID: packet input bridge port pvid + * @NFT_META_BRI_IIFVPROTO: packet input bridge vlan proto */ enum nft_meta_keys { NFT_META_LEN, @@ -825,6 +827,8 @@ enum nft_meta_keys { NFT_META_SECPATH, NFT_META_IIFKIND, NFT_META_OIFKIND, + NFT_META_BRI_IIFPVID, + NFT_META_BRI_IIFVPROTO, }; /** @@ -1552,6 +1556,22 @@ enum nft_osf_flags { }; /** + * enum nft_synproxy_attributes - nf_tables synproxy expression netlink attributes + * + * @NFTA_SYNPROXY_MSS: mss value sent to the backend (NLA_U16) + * @NFTA_SYNPROXY_WSCALE: wscale value sent to the backend (NLA_U8) + * @NFTA_SYNPROXY_FLAGS: flags (NLA_U32) + */ +enum nft_synproxy_attributes { + NFTA_SYNPROXY_UNSPEC, + NFTA_SYNPROXY_MSS, + NFTA_SYNPROXY_WSCALE, + NFTA_SYNPROXY_FLAGS, + __NFTA_SYNPROXY_MAX, +}; +#define NFTA_SYNPROXY_MAX (__NFTA_SYNPROXY_MAX - 1) + +/** * enum nft_device_attributes - nf_tables device netlink attributes * * @NFTA_DEVICE_NAME: name of this device (NLA_STRING) diff --git a/include/uapi/linux/netfilter/xt_SYNPROXY.h b/include/uapi/linux/netfilter/xt_SYNPROXY.h index 4d5611d647df..19c04ed86172 100644 --- a/include/uapi/linux/netfilter/xt_SYNPROXY.h +++ b/include/uapi/linux/netfilter/xt_SYNPROXY.h @@ -2,7 +2,7 @@ #ifndef _XT_SYNPROXY_H #define _XT_SYNPROXY_H -#include <linux/netfilter/nf_SYNPROXY.h> +#include <linux/netfilter/nf_synproxy.h> #define XT_SYNPROXY_OPT_MSS NF_SYNPROXY_OPT_MSS #define XT_SYNPROXY_OPT_WSCALE NF_SYNPROXY_OPT_WSCALE |