github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-13 08:39:31 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
4bc852006b
linux/include/net
History
Jakub Kicinski 2ab02ac411 netfilter pull request 26-05-01 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEjF9xRqF1emXiQiqU1w0aZmrPKyEFAmn0hZ8ACgkQ1w0aZmrP
 KyFzNg//ZVbSZyMag+CJoIJv3sMFDJ7uLSEko9mR0nNvo6hPZDWAysCNychhPCDl
 w9yiar5wM9W1zcSWvtlBFozZUcS55mQbcqCHNEyJdSjQ1zTr7C9Dl9zDU3jDJEoK
 aplUk5VvFYFqEp4Bqy7EA1VGY5uc2WzmbsCAf9Z2pjprTQKD/E5tzyx0RFEPksKU
 0pSvsC8VfOES6mJs3KIng6TfvnaC/TWilOtjXC/1y1jl+WftXgwb0gwIVnWKjZnc
 yEJ6h4VOiW2NjwcW+gcaaqvt0c1T4EO/bDvuVnCJzwxDZKI2W9KOs8yQytO2hNTo
 jrAyjTB0F3yDxcnDP1AO8ipkJzu42wOfZblrZKvSmC4Kwwqq8QlsXqD1HMh3oMqv
 JGNJSB8rNbIqt9RTMB+A5wiAZvZbSGZc3qH+y7Z5z/2Zl7u0+Zwl20YZ1r7RqM9Z
 Ay/+QzZIyRAyKmQDr8nSoqmBy2i0wfw79NovvhgPDl9qak8Cfc8Df8wkd59t3z33
 0VzPO9kieTWW6aqW19l88C7dtspsd93IsMZz3He3Lvy5e4dpPG+2OdLKpPkTYHBg
 17KY4Qs7gYM0m5baHlcmana4bZHWcBz146dmIMUuhoj3gPyjgV+s/Hum3YxD/P43
 PNA6X8pI38R8O97VkPXYg1aoQIRLt9YsGwVTYxPXv2gZgLD0Acw=
 =ASC0
 -----END PGP SIGNATURE-----

Merge tag 'nf-26-05-01' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following batch contains Netfilter fixes for net:

1) Replace skb_try_make_writable() by skb_ensure_writable() in
   nft_fwd_netdev and the flowtable to deal with uncloned packets
   having their network header in paged fragments.

2) Drop packet if output device does not exist and ensure sufficient
   headroom in nft_fwd_netdev before transmitting the skb.

3) Use the existing dup recursion counter in nft_fwd_netdev for the
   neigh_xmit variant, from Weiming Shi.

4) Add .check_hooks interface to x_tables to detach the control plane
   hook check based on the match/target configuration. Then, update
   nft_compat to use .check_hooks from .validate path, this fixes a
   lack of hook validation for several match/targets.

5) Fix incorrect .usersize in xt_CT, from Florian Westphal.

6) Fix a memleak with netdev tables in dormant state,
   from Florian Westphal.

7) Several patches to check if the packet is a fragment, then skip
   layer 4 inspection, for x_tables and nf_tables; as well as common
   nf_socket infrastructure. The xt_hashlimit match drops fragments
   to stay consistent with the existing approach when failing to parse
   the layer 4 protocol header.

8) Ensure sufficient headroom in the flowtable before transmitting
   the skb.

9) Fix the flowtable inline vlan approach for double-tagged vlan:
   Reverse the iteration over .encap[] since it represents the
   encapsulation as seen from the ingress path. Postpone pushing
   layer 2 header so output device is available to calculate needed
   headroom. Finally, add and use nf_flow_vlan_push() to fix it.

10) Fix flowtable inline pppoe with GSO packets. Moreover, use
    FLOW_OFFLOAD_XMIT_DIRECT to fill up destination hardware
    address since neighbour cache does not exist in pppoe.

11) Use skb_pull_rcsum() to decapsulate vlan and pppoe headers, for
    double-tagged vlan in particular this should provide some benefits
    in certain scenarios.

More notes regarding 9-11):

- sashiko is also signalling to use it for IPIP headers, but that needs
  more adjustments such setting skb->protocol after removing the IPIP
  header, will follow up in a separated patch.
- I plan to submit selftests to cover double-tagged-vlan. As for pppoe,
  it should be possible but that would mandate a few userspace dependencies.
  This has been semi-automatically  tested by me and reporters describing
  broken double-vlan-tagged and pppoe currently in the flowtable.

* tag 'nf-26-05-01' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: flowtable: use skb_pull_rcsum() to pop vlan/pppoe header
  netfilter: flowtable: fix inline pppoe encapsulation in xmit path
  netfilter: flowtable: fix inline vlan encapsulation in xmit path
  netfilter: flowtable: ensure sufficient headroom in xmit path
  netfilter: xtables: fix L4 header parsing for non-first fragments
  netfilter: nf_tables: skip L4 header parsing for non-first fragments
  netfilter: nf_socket: skip socket lookup for non-first fragments
  netfilter: nf_tables: fix netdev hook allocation memleak with dormant tables
  netfilter: xt_CT: fix usersize for v1 and v2 revision
  netfilter: nft_compat: run xt_check_hooks_{match,target}() from .validate
  netfilter: x_tables: add .check_hooks to matches and targets
  netfilter: nft_fwd_netdev: use recursion counter in neigh egress path
  netfilter: nft_fwd_netdev: add device and headroom validate with neigh forwarding
  netfilter: replace skb_try_make_writable() by skb_ensure_writable()
====================

Link: https://patch.msgid.link/20260501122237.296262-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-01 16:45:42 -07:00
..
9p 9p: document missing enum values in kernel-doc comments 2026-04-16 02:57:01 +00:00
bluetooth Bluetooth: hci.h: Avoid a couple -Wflex-array-member-not-at-end warnings 2026-04-13 09:19:42 -04:00
iucv treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
libeth libeth, idpf: use truesize as XDP RxQ info frag_size 2026-03-05 08:02:05 -08:00
mana RDMA v7.1 merge window 2026-04-20 11:20:35 -07:00
netfilter netfilter: flowtable: fix inline pppoe encapsulation in xmit path 2026-05-01 01:24:01 +02:00
netns Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
nfc nfc: nci: Fix race between rfkill and nci_unregister_device(). 2026-01-28 19:32:26 -08:00
page_pool net: Slightly simplify net_mp_{open,close}_rxq 2026-04-09 18:21:46 -07:00
phonet phonet: Convert phonet_routes.lock to spinlock_t. 2024-10-24 16:03:40 +02:00
phy net: phy: realtek: add dummy PHY driver for RTL8127ATF 2026-01-12 19:29:11 -08:00
psp psp: add stats from psp spec to driver facing api 2025-11-07 18:53:57 -08:00
sctp sctp: Remove unused declaration sctp_auth_init_hmacs() 2025-11-14 18:00:34 -08:00
tc_act net/sched: act_ife: Fix metalist update behavior 2026-03-05 07:54:08 -08:00
6lowpan.h
act_api.h net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks 2026-02-27 19:06:21 -08:00
addrconf.h ipv6: addrconf: reduce default temp_valid_lft to 2 days 2026-02-17 17:12:06 -08:00
af_ieee802154.h
af_rxrpc.h rxrpc: Remove deadcode 2025-04-24 17:03:45 -07:00
af_unix.h af_unix: Introduce SO_INQ. 2025-07-08 18:05:25 -07:00
af_vsock.h vsock: add G2H fallback for CIDs not owned by H2G transport 2026-03-12 10:59:36 +01:00
ah.h
aligned_data.h udp: move udp_memory_allocated into net_aligned_data 2025-07-02 14:22:02 -07:00
amt.h
arp.h
ax25.h net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
ax88796.h
bareudp.h
bond_3ad.h bonding: 3ad: implement proper RCU rules for port->aggregator 2026-04-29 18:32:02 -07:00
bond_alb.h
bond_options.h bonding: add support for per-port LACP actor priority 2025-09-09 10:56:02 +02:00
bonding.h bonding: remove unused bond_is_first_slave and bond_is_last_slave macros 2026-04-08 19:07:08 -07:00
bpf_sk_storage.h
busy_poll.h net: gro: decouple GRO from the NAPI layer 2025-02-27 14:03:14 +01:00
calipso.h
can.h can: add CAN skb extension infrastructure 2026-02-05 11:58:39 +01:00
cfg80211-wext.h
cfg80211.h wifi: nl80211: Add a notification to notify NAN channel evacuation 2026-03-25 20:56:55 +01:00
cfg802154.h
checksum.h net: Fix checksum update for ILA adj-transport 2025-05-30 19:53:51 -07:00
cipso_ipv4.h
cls_cgroup.h net/cls_cgroup: Fix task_get_classid() during qdisc run 2025-09-14 11:55:04 -07:00
codel_impl.h codel: annotate data-races in codel_dump_stats() 2026-04-08 19:18:52 -07:00
codel_qdisc.h
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h devlink: Add port-level resource registration infrastructure 2026-04-08 19:55:38 -07:00
dropreason-core.h ipv6: Implement limits on extension header parsing 2026-04-30 17:21:45 -07:00
dropreason-qdisc.h net: sched: sch_dualpi2: use qdisc_dequeue_drop() for dequeue drops 2026-02-28 15:31:35 -08:00
dropreason.h net: sched: introduce qdisc-specific drop reason tracing 2026-02-28 15:31:34 -08:00
dsa_stubs.h
dsa.h net: dsa: add bridge member iteration macro 2026-04-06 18:30:33 -07:00
dscp.h
dsfield.h
dst_cache.h
dst_metadata.h net: dst_metadata: fix IP_DF bit not extracted from tunnel headers 2025-09-14 14:28:12 -07:00
dst_ops.h
dst.h inet: add dst4_mtu() and dst6_mtu() helpers 2026-02-02 17:49:29 -08:00
eee.h net: simplify eeecfg_mac_can_tx_lpi 2024-11-13 18:49:50 -08:00
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
firewire.h
flow_dissector.h
flow_offload.h net: dsa: eliminate local type for tc policers 2026-02-10 15:30:11 +01:00
flow.h ipv4: Convert ->flowi4_tos to dscp_t. 2025-08-26 17:34:31 -07:00
fou.h
fq_impl.h Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
fq.h
garp.h
gen_stats.h
genetlink.h genetlink: fix typo in comment 2025-09-03 15:16:49 -07:00
geneve.h
gre.h
gro_cells.h
gro.h gro: inline tcp6_gro_complete() 2026-01-21 19:28:32 -08:00
gso.h
gtp.h
gue.h
handshake.h
hotdata.h net-sysfs: use rps_tag_ptr and remove metadata from rps_sock_flow_table 2026-03-04 16:54:09 -08:00
hwbm.h
icmp.h ipv4: icmp: Pass IPv4 control block structure as an argument to __icmp_send() 2025-09-11 12:22:38 +02:00
ieee8021q.h
ieee80211_radiotap.h wifi: mac80211: add RX flag to report radiotap VHT information 2025-10-30 08:38:51 +01:00
ieee802154_netdev.h
if_inet6.h
ife.h
inet_common.h net: remove addr_len argument of recvmsg() handlers 2026-03-02 18:17:17 -08:00
inet_connection_sock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-02-26 10:23:00 -08:00
inet_dscp.h ipv4: Convert ->flowi4_tos to dscp_t. 2025-08-26 17:34:31 -07:00
inet_ecn.h tcp: ECT_1_NEGOTIATION and NEEDS_ACCECN identifiers 2026-02-03 15:13:24 +01:00
inet_frag.h inet: frags: flush pending skbs in fqdir_pre_exit() 2025-12-10 01:15:27 -08:00
inet_hashtables.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-03-26 12:09:57 -07:00
inet_sock.h ipv6: colocate inet6_cork in inet_cork_full 2026-02-02 17:49:30 -08:00
inet_timewait_sock.h tcp: Update bind bucket state on port release 2025-09-23 10:12:15 +02:00
inet6_connection_sock.h tcp: move inet6_csk_update_pmtu() to tcp_ipv6.c 2026-02-24 17:47:27 -08:00
inet6_hashtables.h tcp: Initialise ehash secrets during connect() and listen(). 2026-03-05 18:50:05 -08:00
inetpeer.h inetpeer: remove create argument of inet_getpeer() 2024-12-17 19:37:00 -08:00
ioam6.h ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() 2026-02-13 12:24:05 -08:00
ip_fib.h net: ipv4: fix ARM64 alignment fault in multipath hash seed 2026-03-03 17:20:37 -08:00
ip_tunnels.h net: increase IP_TUNNEL_RECURSION_LIMIT to 5 2026-04-03 15:52:10 -07:00
ip_vs.h ipvs: use more keys for connection hashing 2026-03-04 11:45:45 +01:00
ip.h net: remove EXPORT_IPV6_MOD() and EXPORT_IPV6_MOD_GPL() macros 2026-03-29 11:21:22 -07:00
ip6_checksum.h udp: move udp6_csum_init() back to net/ipv6/udp.c 2026-02-24 16:30:40 -08:00
ip6_fib.h ipv6: remove ipv6_stub infrastructure completely 2026-03-29 11:21:24 -07:00
ip6_route.h ipv6: prepare headers for ipv6_stub removal 2026-03-29 11:21:23 -07:00
ip6_tunnel.h net: dropreason: add SKB_DROP_REASON_RECURSION_LIMIT 2026-03-14 08:38:06 -07:00
ipcomp.h xfrm: ipcomp: Use crypto_acomp interface 2025-03-21 17:36:49 +08:00
ipconfig.h
ipv6_frag.h inet: frags: flush pending skbs in fqdir_pre_exit() 2025-12-10 01:15:27 -08:00
ipv6.h ipv6: Implement limits on extension header parsing 2026-04-30 17:21:45 -07:00
iw_handler.h
kcm.h net: kcm: Fix race condition in kcm_unattach() 2025-08-13 18:18:33 -07:00
l3mdev.h net: l3mdev: use skb_dst_dev_rcu() in l3mdev_l3_out() 2026-02-02 17:09:11 -08:00
lag.h
lapb.h net: lapb: increase LAPB_HEADER_LEN 2024-12-06 17:43:08 -08:00
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h net: dst: annotate data-races around dst->output 2025-07-02 14:32:30 -07:00
mac80211.h wifi: mac80211: add NAN peer schedule support 2026-04-07 15:36:03 +02:00
mac802154.h
macsec.h net: macsec: Add endianness annotations in salt struct 2025-01-20 12:20:42 +00:00
mctp.h net: mctp: fix don't require received header reserved bits to be zero 2026-04-20 11:46:57 -07:00
mctpdevice.h net: mctp: Expose transport binding identifier via IFLA attribute 2024-11-09 09:04:54 -08:00
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mptcp.h mptcp: sched: remove mptcp_sched_data 2025-04-15 08:21:46 -07:00
mrp.h
ncsi.h
ndisc.h ipv6: remove ipv6_stub infrastructure completely 2026-03-29 11:21:24 -07:00
neighbour_tables.h neighbour: Create netdev->neighbour association 2024-11-09 13:22:57 -08:00
neighbour.h neighbour: Convert rwlock of struct neigh_table to spinlock. 2025-10-24 17:57:20 -07:00
net_debug.h Kbuild updates for v6.13 2024-11-30 13:41:50 -08:00
net_failover.h
net_namespace.h kernfs: pass struct ns_common instead of const void * for namespace tags 2026-04-09 14:36:52 +02:00
net_ratelimit.h
net_shaper.h
net_trackers.h
netdev_lock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-05-22 09:42:41 -07:00
netdev_netlink.h net: add granular lock for the netdev netlink socket 2025-03-12 13:32:35 -07:00
netdev_queues.h net: Proxy netdev_queue_get_dma_dev for leased queues 2026-04-09 18:21:46 -07:00
netdev_rx_queue.h net: remove the netif_get_rx_queue_lease_locked() helpers 2026-04-09 18:26:28 -07:00
netevent.h
netkit.h
netlabel.h Networking changes for 6.13. 2024-11-21 08:28:08 -08:00
netlink.h netlink: add a nla_nest_end_safe() helper 2026-04-12 11:23:50 -07:00
netmem.h net: add net_iov_init() and use it to initialize ->page_type 2026-04-29 16:40:08 -07:00
netprio_cgroup.h
nexthop.h ipv6: Protect nh->f6i_list with spinlock and flag. 2025-04-24 09:29:56 +02:00
nl802154.h nl802154: fix some kernel-doc warnings 2025-10-20 17:13:40 -07:00
nsh.h
pfcp.h net: pfcp: fix typo in message_priority field name 2025-06-13 18:17:08 -07:00
pie.h net/sched: sch_pie: annotate data-races in pie_dump_stats() 2026-04-22 21:12:47 -07:00
ping.h net: remove addr_len argument of recvmsg() handlers 2026-03-02 18:17:17 -08:00
pkt_cls.h net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr() 2025-11-24 18:53:14 -08:00
pkt_sched.h net/sched: don't use dynamic lockdep keys with clsact/ingress/noqueue 2026-02-05 09:32:45 -08:00
pptp.h
proto_memory.h net: Allow opt-out from global protocol memory accounting. 2025-10-16 12:04:47 -07:00
protocol.h
psample.h
psnap.h
psp.h psp: base PSP device support 2025-09-18 12:32:06 +02:00
raw.h net: use NUMA drop counters for softnet_data.dropped 2025-09-14 11:35:17 -07:00
rawv6.h
red.h
regulatory.h
request_sock.h tcp: move __reqsk_free() out of line 2026-02-05 09:23:06 -08:00
rose.h net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
route.h net: use dst_dev_rcu() in sk_setup_caps() 2025-08-29 19:36:32 -07:00
rpl.h
rps-types.h net: add rps_tag_ptr type and helpers 2026-03-04 16:54:09 -08:00
rps.h net-sysfs: use rps_tag_ptr and remove metadata from rps_dev_flow_table 2026-03-04 16:54:10 -08:00
rsi_91x.h
rstreason.h net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
rtnetlink.h rtnetlink: Remove "net" from newlink params 2025-02-21 15:28:03 -08:00
rtnh.h
sch_generic.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
sch_priv.h net/sched: Export mq functions for reuse 2026-01-13 11:54:29 +01:00
scm.h af_unix/scm: fix whitespace errors 2025-07-04 09:32:35 +02:00
secure_seq.h tcp: secure_seq: add back ports to TS offset 2026-03-04 17:44:35 -08:00
seg6_hmac.h ipv6: sr: Prepare HMAC key ahead of time 2025-08-26 18:11:29 -07:00
seg6_local.h
seg6.h
selftests.h net: selftests: export packet creation helpers for driver use 2025-11-06 13:38:11 +01:00
slhc_vj.h
smc.h net/smc: bpf: Introduce generic hook for handshake flow 2025-11-10 11:19:41 -08:00
snmp.h net: snmp: remove SNMP_MIB_SENTINEL 2025-09-08 18:06:21 -07:00
sock_reuseport.h
sock.h Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
Space.h drivers: net: 8390: wd80x3: Remove this driver 2026-04-23 15:57:10 -07:00
stp.h
strparser.h strparser: Remove unused __strp_unpause 2025-05-05 16:48:12 -07:00
switchdev.h bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
tc_wrapper.h net/sched: refine indirect call mitigation in tc_wrapper.h 2026-03-09 19:31:41 -07:00
tcp_ao.h tcp: Free TCP-AO/TCP-MD5 info/keys without RCU 2025-09-11 19:05:56 -07:00
tcp_ecn.h tcp: annotate data-races around tp->delivered and tp->delivered_ce 2026-04-18 11:10:12 -07:00
tcp_states.h
tcp.h tcp: add data-races annotations around tp->reordering, tp->snd_cwnd 2026-04-18 11:10:12 -07:00
tcx.h bpf: Remove location field in tcx_link 2025-07-11 11:00:57 -07:00
timewait_sock.h tcp: Remove timewait_sock_ops.twsk_destructor(). 2025-08-25 17:53:35 -07:00
tipc.h
tls_prot.h
tls_toe.h
tls.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-31 06:46:03 -07:00
transp_v6.h ipv6: Retire UDP-Lite. 2026-03-13 18:57:44 -07:00
tso.h net: tso: Introduce tso_dma_map and helpers 2026-04-12 10:54:31 -07:00
tun_proto.h
udp_tunnel.h ipv6: remove ipv6_stub infrastructure completely 2026-03-29 11:21:24 -07:00
udp.h udp: Don't pass udptable to IPv4 socket lookup functions. 2026-03-13 18:57:46 -07:00
vsock_addr.h net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
vxlan.h vxlan: Support MC routing in the underlay 2025-06-17 18:18:46 -07:00
wext.h
x25.h net/x25: Remove unused x25_terminate_link() 2025-07-14 17:19:13 -07:00
x25device.h
xdp_priv.h
xdp_sock_drv.h xsk: respect tailroom for ZC setups 2026-04-06 18:43:51 -07:00
xdp_sock.h xsk: fix XDP_UMEM_SG_FLAG issues 2026-04-06 18:43:51 -07:00
xdp.h bpf-next-for-netdev 2025-09-24 10:22:37 -07:00
xfrm.h xfrm: reduce struct sec_path size 2026-02-10 20:21:48 -08:00
xsk_buff_pool.h xsk: remove repeated defines 2026-03-16 19:28:21 -07:00