4138413660
Pablo Neira Ayuso says: ==================== connection tracking support for bridge This patchset adds native connection tracking support for the bridge. Patch #1 and #2 extract code from IPv4/IPv6 fragmentation core and introduce the fraglist splitter. That splits a skbuff fraglist into independent fragments. Patch #3 and #4 also extract code from IPv4/IPv6 fragmentation core and introduce the skbuff into fragments transformer. This can be used by linearized skbuffs (eg. coming from nfqueue and ct helpers) as well as cloned skbuffs (that are either seen either with taps or with bridge port flooding). Patch #5 moves the specific IPCB() code from these new fragment splitter/transformer APIs into the IPv4 stack. The bridge has a different control buffer layout and it starts using this new APIs in this patchset. Patch #6 adds basic infrastructure that allows to register bridge conntrack support. Patch #7 adds bridge conntrack support (only for IPv4 in this patch). Patch #8 adds IPv6 support for the bridge conntrack support. Patch #9 registers the IPv4/IPv6 conntrack hooks in case the bridge conntrack is used to deal with local traffic, ie. prerouting -> input bridge hook path. This cover the bridge interface has a IP address scenario. Before this patchset, only chance for people to do stateful filtering is to use the `br_netfilter` emulation layer, that turns bridge frame into IPv4/IPv6 packets and inject them into the IPv4/IPv6 hooks. Apparently, this module allows users to use iptables and all of its feature-set from the bridge, including stateful filtering. However, this approach is flawed in many aspects that have been discussed many times. This is a step forward to deprecate `br_netfilter'. v2: Fix English typo in commit message. v3: Fix another English typo in commit message. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| Documentation | ||
| LICENSES | ||
| arch | ||
| block | ||
| certs | ||
| crypto | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| ipc | ||
| kernel | ||
| lib | ||
| mm | ||
| net | ||
| samples | ||
| scripts | ||
| security | ||
| sound | ||
| tools | ||
| usr | ||
| virt | ||
| .clang-format | ||
| .cocciconfig | ||
| .get_maintainer.ignore | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| COPYING | ||
| CREDITS | ||
| Kbuild | ||
| Kconfig | ||
| MAINTAINERS | ||
| Makefile | ||
| README | ||
README
Linux kernel
============
There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.
In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``. The formatted documentation can also be read online at:
https://www.kernel.org/doc/html/latest/
There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.