See https://jira.sw.ru/browse/PSBM-127783
Andrey Ryabinin (1):
netfilter/x_tables: account entry offsets allocations
Kirill Tkhai (5):
ve/netfilter: Implement pernet net->ct.max / virtualize
"nf_conntrack_max" sysctl
ve/netfilter: Add autoloading of sockopt modules
ve/netfilter: Check for permittions while looking for target and match
net: Mark conntrack users in xtables
net: Mark conntrack users in nftables
Konstantin Khorenko (2):
ve/netfilter: Implement pernet expect_max / virtualize
"net.netfilter.nf_conntrack_expect_max" sysctl
ve/netfilter/cred: add ve_capable to check capabilities relative to
the current VE (v2)
Pavel Tikhomirov (1):
ve/netlink: allow messages with family PF_BRIDGE type RTM_xxxNEIGH in
CT
Stanislav Kinsburskiy (5):
ve/netfilter: Basic ve transformations
ve/nf_conntrack: expose "nf_conntrack_max" in containers
ve/nf_conntrack: expose "nf_conntrack_acct" in contaners
ve/nf_conntrack: expose "nf_conntrack_events*" in contaners
net: Primitives to enable conntrack allocation
include/linux/netfilter/x_tables.h | 17 ++++
include/linux/ve.h | 4 +-
include/net/net_namespace.h | 10 ++
include/net/netfilter/nf_conntrack_expect.h | 1 -
include/net/netns/conntrack.h | 4 +
kernel/ve/ve.c | 98 ++++++++++---------
net/core/rtnetlink.c | 4 +-
net/ipv4/netfilter/ip_tables.c | 27 ++++--
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +
net/ipv4/netfilter/ipt_MASQUERADE.c | 6 +-
net/ipv4/netfilter/ipt_REJECT.c | 4 +-
net/ipv4/netfilter/ipt_SYNPROXY.c | 2 +
net/ipv6/netfilter/ip6_tables.c | 15 ++-
net/ipv6/netfilter/ip6t_MASQUERADE.c | 6 +-
net/ipv6/netfilter/ip6t_SYNPROXY.c | 2 +
net/netfilter/nf_conntrack_acct.c | 4 +-
net/netfilter/nf_conntrack_core.c | 26 +++--
net/netfilter/nf_conntrack_ecache.c | 3 +-
net/netfilter/nf_conntrack_expect.c | 7 +-
net/netfilter/nf_conntrack_netlink.c | 2 +-
net/netfilter/nf_conntrack_standalone.c | 85 ++++++++++++----
net/netfilter/nf_sockopt.c | 76 ++++++++++++++-
net/netfilter/nft_ct.c | 2 +
net/netfilter/nft_nat.c | 6 +-
net/netfilter/x_tables.c | 101 +++++++++++++-------
net/netfilter/xt_CONNSECMARK.c | 2 +
net/netfilter/xt_CT.c | 1 +
net/netfilter/xt_HMARK.c | 1 +
net/netfilter/xt_NETMAP.c | 14 ++-
net/netfilter/xt_REDIRECT.c | 13 ++-
net/netfilter/xt_TCPMSS.c | 12 ++-
net/netfilter/xt_cluster.c | 2 +
net/netfilter/xt_connbytes.c | 2 +
net/netfilter/xt_connlabel.c | 3 +-
net/netfilter/xt_connlimit.c | 2 +
net/netfilter/xt_connmark.c | 2 +
net/netfilter/xt_conntrack.c | 2 +
net/netfilter/xt_helper.c | 1 +
net/netfilter/xt_ipvs.c | 1 +
net/netfilter/xt_limit.c | 4 +-
net/netfilter/xt_nat.c | 14 ++-
net/netfilter/xt_socket.c | 10 ++
net/netfilter/xt_state.c | 2 +
net/socket.c | 2 +-
44 files changed, 449 insertions(+), 155 deletions(-)
--
2.28.0
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
