Florian Westphal (1): netfilter: nf_tables: use net_generic infra for transaction data
Lu Wei (7): Revert "netfilter: nf_tables: unbind non-anonymous set if rule construction fails" Revert "netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR" Revert "netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain" Revert "netfilter: nf_tables: fix chain binding transaction logic" Revert "netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE" Revert "netfilter: nf_tables: skip bound chain on rule flush" Revert "netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID"
Pablo Neira Ayuso (11): netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE netfilter: nf_tables: fix chain binding transaction logic netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: reject unbound anonymous set before commit phase netfilter: nf_tables: reject unbound chain set before commit phase netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: drop map element references from preparation phase netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR netfilter: nf_tables: skip bound chain on rule flush netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
include/net/netfilter/nf_tables.h | 18 +- include/net/netns/nftables.h | 14 +- net/netfilter/nf_tables_api.c | 534 +++++++++++++++++++++--------- net/netfilter/nf_tables_offload.c | 30 +- net/netfilter/nft_chain_filter.c | 11 +- net/netfilter/nft_dynset.c | 6 +- net/netfilter/nft_set_bitmap.c | 5 +- net/netfilter/nft_set_hash.c | 23 +- net/netfilter/nft_set_pipapo.c | 14 +- net/netfilter/nft_set_rbtree.c | 5 +- 10 files changed, 458 insertions(+), 202 deletions(-)