kernel/linux.git/include/linux/netfilter.h, branch v5.10.185

Remove DECnet support from kernel

2023-06-21T13:45:38+00:00

commit 1202cdd665315c525b5237e96e0bedc76d7e754f upstream. DECnet is an obsolete network protocol that receives more attention from kernel janitors than users. It belongs in computer protocol history museum not in Linux kernel. It has been "Orphaned" in kernel since 2010. The iproute2 support for DECnet was dropped in 5.0 release. The documentation link on Sourceforge says it is abandoned there as well. Leave the UAPI alone to keep userspace programs compiling. This means that there is still an empty neighbour table for AF_DECNET. The table of /proc/sys/net entries was updated to match current directories and reformatted to be alphabetical. Signed-off-by: Stephen Hemminger Acked-by: David Ahern Acked-by: Nikolay Aleksandrov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman

netfilter: switch nf_setsockopt to sockptr_t

2020-07-24T22:41:54+00:00

Pass a sockptr_t to prepare for set_fs-less handling of the kernel pointer from bpf-cgroup. Signed-off-by: Christoph Hellwig Signed-off-by: David S. Miller

netfilter: remove the compat_{get,set} methods

2020-07-20T01:16:40+00:00

All instances handle compat sockopts via in_compat_syscall() now, so remove the compat_{get,set} methods as well as the compat_nf_{get,set}sockopt wrappers. Signed-off-by: Christoph Hellwig Signed-off-by: David S. Miller

netfilter: add and use nf_hook_slow_list()

2019-10-17T10:20:48+00:00

At this time, NF_HOOK_LIST() macro will iterate the list and then calls nf_hook() for each individual skb. This makes it so the entire list is passed into the netfilter core. The advantage is that we only need to fetch the rule blob once per list instead of per-skb. NF_HOOK_LIST now only works for ipv4 and ipv6, as those are the only callers. v2: use skb_list_del_init() instead of list_del (Edward Cree) Signed-off-by: Florian Westphal Acked-by: Edward Cree Signed-off-by: Pablo Neira Ayuso

netfilter: remove CONFIG_NETFILTER checks from headers.

2019-09-13T10:47:36+00:00

`struct nf_hook_ops`, `struct nf_hook_state` and the `nf_hookfn` function typedef appear in function and struct declarations and definitions in a number of netfilter headers. The structs and typedef themselves are defined by linux/netfilter.h but only when CONFIG_NETFILTER is enabled. Define them unconditionally and add forward declarations in order to remove CONFIG_NETFILTER conditionals from the other headers. Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso

netfilter: replace defined(CONFIG...) || defined(CONFIG...MODULE) with IS_ENABLED(CONFIG...).

2019-09-13T10:47:09+00:00

A few headers contain instances of: #if defined(CONFIG_XXX) or defined(CONFIG_XXX_MODULE) Replace them with: #if IS_ENABLED(CONFIG_XXX) Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso

netfilter: replace skb_make_writable with skb_ensure_writable

2019-05-31T16:02:48+00:00

This converts all remaining users and then removes skb_make_writable. Suggested-by: Daniel Borkmann Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

netfilter: slightly optimize nf_inet_addr_mask

2019-05-05T23:18:58+00:00

using 64bit computation to slightly optimize nf_inet_addr_mask Signed-off-by: Li RongQing Signed-off-by: Pablo Neira Ayuso

netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT)

2019-04-08T21:02:52+00:00

NF_NAT_NEEDED is true whenever nat support for either ipv4 or ipv6 is enabled. Now that the af-specific nat configuration switches have been removed, IS_ENABLED(CONFIG_NF_NAT) has the same effect. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

netfilter: optimize nf_inet_addr_cmp

2019-04-08T20:58:16+00:00

optimize nf_inet_addr_cmp by 64bit xor computation similar to ipv6_addr_equal() Signed-off-by: Yuan Linsi Signed-off-by: Li RongQing Signed-off-by: Pablo Neira Ayuso