v2: including fixes from Florian to address selftest issues
and a fix for set element count and type.
-o-
Hi,
The following batch contains Netfilter updates for net-next:
1) Replace msecs_to_jiffies() by secs_to_jiffies(), from Easwar Hariharan.
2) Allow to compile xt_cgroup with cgroupsv2 support only,
from Michal Koutny.
3) Prepare for sock_cgroup_classid() removal by wrapping it around
ifdef, also from Michal Koutny.
4) Disable xtables legacy with PREEMPT_RT, from Sebastian Andrzej Siewior
and Florian Westphal.
5) Remove redundant pointer fetch on conntrack template, from Xuanqiang Luo.
6) Re-format one block in the tproxy documentation for consistency,
from Chen Linxuan.
7) Expose set element count and type via netlink attributes,
from Florian Westphal.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-25-04-24
Thanks.
----------------------------------------------------------------
The following changes since commit bef4f1156b74721b7d111114538659031119b6f2:
net: phy: marvell-88q2xxx: Enable temperature sensor for mv88q211x (2025-04-24 13:19:51 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-04-24
for you to fetch changes up to 67587b4843ea66166d7fd4d785951734014e5a2c:
netfilter: nf_tables: export set count and backend name to userspace (2025-04-24 22:05:41 +0200)
----------------------------------------------------------------
netfilter pull request 25-04-24
----------------------------------------------------------------
Chen Linxuan (1):
docs: tproxy: fix formatting for nft code block
Easwar Hariharan (1):
netfilter: xt_IDLETIMER: convert timeouts to secs_to_jiffies()
Florian Westphal (1):
netfilter: nf_tables: export set count and backend name to userspace
Michal Koutný (2):
netfilter: xt_cgroup: Make it independent from net_cls
net: cgroup: Guard users of sock_cgroup_classid()
Pablo Neira Ayuso (1):
netfilter: Exclude LEGACY TABLES on PREEMPT_RT.
Xuanqiang Luo (1):
netfilter: conntrack: Remove redundant NFCT_ALIGN call
Documentation/networking/tproxy.rst | 4 ++--
include/uapi/linux/netfilter/nf_tables.h | 4 ++++
net/Kconfig | 10 ++++++++++
net/bridge/netfilter/Kconfig | 8 ++++----
net/ipv4/inet_diag.c | 2 +-
net/ipv4/netfilter/Kconfig | 15 ++++++++-------
net/ipv6/netfilter/Kconfig | 13 +++++++------
net/netfilter/Kconfig | 2 +-
net/netfilter/nf_conntrack_core.c | 4 +---
net/netfilter/nf_tables_api.c | 26 ++++++++++++++++++++++++++
net/netfilter/x_tables.c | 16 +++++++++++-----
net/netfilter/xt_IDLETIMER.c | 12 ++++++------
net/netfilter/xt_TCPOPTSTRIP.c | 4 ++--
net/netfilter/xt_cgroup.c | 26 ++++++++++++++++++++++++++
net/netfilter/xt_mark.c | 2 +-
tools/testing/selftests/net/config | 11 +++++++++++
tools/testing/selftests/net/netfilter/config | 5 +++++
17 files changed, 126 insertions(+), 38 deletions(-)
