Merge tag 'nf-next-2023-05-18' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next

Florian Westphal says:

====================
Netfilter updates for net-next

nftables updates:

1. Allow key existence checks with maps.
   At the moment the kernel requires userspace to pass a destination
   register for the associated value, make this optional so userspace
   can query if the key exists, just like with normal sets.

2. nftables maintains a counter per set that holds the number of
   elements.  This counter gets decremented on element removal,
   but its only incremented if the set has a upper maximum value.
   Increment unconditionally, this will allow us to update the
   maximum value later on.

3. At DCCP option maching, from Jeremy Sowden.

4. use struct_size macro, from Christophe JAILLET.

Conntrack:

5. Squash holes in struct nf_conntrack_expect, also Christophe JAILLET.

6. Allow clash resolution for GRE Protocol to avoid a packet drop,
   from Faicker Mo.

Flowtable:

Simplify route logic and split large functions into smaller
chunks, from Pablo Neira Ayuso.

* tag 'nf-next-2023-05-18' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next:
  netfilter: flowtable: split IPv6 datapath in helper functions
  netfilter: flowtable: split IPv4 datapath in helper functions
  netfilter: flowtable: simplify route logic
  netfilter: conntrack: allow insertion clash of gre protocol
  netfilter: nft_set_pipapo: Use struct_size()
  netfilter: Reorder fields in 'struct nf_conntrack_expect'
  netfilter: nft_exthdr: add boolean DCCP option matching
  netfilter: nf_tables: always increment set element count
  netfilter: nf_tables: relax set/map validation checks
====================

Link: https://lore.kernel.org/r/20230518100759.84858-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

0 files changed, 0 insertions, 0 deletions