[PATCH net-next 00/19] Netfilter/IPVS updates for net-next

[Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>]

Hi,

The following series contains Netfilter/IPVS updates for net-next:

1) Display netns inode in conntrack table full log, from lvxiafei.

2) Autoload nf_log_syslog in case no logging backend is available,
   from Lance Yang.

3) Three patches to remove unused functions in x_tables, nf_tables and
   conntrack. From Yue Haibing.

4) Exclude LEGACY TABLES on PREEMPT_RT: Add NETFILTER_XTABLES_LEGACY
   to exclude xtables legacy infrastructure.

5) Restore selftests by toggling NETFILTER_XTABLES_LEGACY where needed.
   From Florian Westphal.

6) Use CONFIG_INET_SCTP_DIAG in tools/testing/selftests/net/netfilter/config,
   from Sebastian Andrzej Siewior.

7) Use timer_delete in comment in IPVS codebase, from WangYuli.

8) Dump flowtable information in nfnetlink_hook, this includes an initial
   patch to consolidate common code in helper function, from Phil Sutter.

9) Remove unused arguments in nft_pipapo set backend, from Florian Westphal.

10) Return nft_set_ext instead of boolean in set lookup function,
    from Florian Westphal.

11) Remove indirection in dynamic set infrastructure, also from Florian.

12) Consolidate pipapo_get/lookup, from Florian.

13) Use kvmalloc in nft_pipapop, from Florian Westphal.

14) syzbot reports slab-out-of-bounds in xt_nfacct log message,
    fix from Florian Westphal.

15) Ignored tainted kernels in selftest nft_interface_stress.sh,
    from Phil Sutter.

16) Fix IPVS selftest by disabling rp_filter with ipip tunnel device,
    from Yi Chen.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-25-07-25

Thanks.

----------------------------------------------------------------

The following changes since commit faa60990a5414e5a1957adc9434ca0e804ad700b:

  Merge branch 'selftests-drv-net-fix-and-improve-command-requirement-checking' (2025-07-24 18:52:03 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-07-25

for you to fetch changes up to 8b4a1a46e84a17f5d6fde5c506cc6bb141a24772:

  selftests: netfilter: ipvs.sh: Explicity disable rp_filter on interface tunl0 (2025-07-25 18:41:04 +0200)

----------------------------------------------------------------
netfilter pull request 25-07-25

----------------------------------------------------------------
Florian Westphal (7):
      selftests: net: Enable legacy netfilter legacy options.
      netfilter: nft_set_pipapo: remove unused arguments
      netfilter: nft_set: remove one argument from lookup and update functions
      netfilter: nft_set: remove indirection from update API call
      netfilter: nft_set_pipapo: merge pipapo_get/lookup
      netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps
      netfilter: xt_nfacct: don't assume acct name is null-terminated

Lance Yang (1):
      netfilter: load nf_log_syslog on enabling nf_conntrack_log_invalid

Pablo Neira Ayuso (1):
      netfilter: Exclude LEGACY TABLES on PREEMPT_RT.

Phil Sutter (3):
      netfilter: nfnetlink: New NFNLA_HOOK_INFO_DESC helper
      netfilter: nfnetlink_hook: Dump flowtable info
      selftests: netfilter: Ignore tainted kernels in interface stress test

Sebastian Andrzej Siewior (1):
      selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG

WangYuli (1):
      ipvs: Rename del_timer in comment in ip_vs_conn_expire_now()

Yi Chen (1):
      selftests: netfilter: ipvs.sh: Explicity disable rp_filter on interface tunl0

Yue Haibing (3):
      netfilter: x_tables: Remove unused functions xt_{in|out}name()
      netfilter: nf_tables: Remove unused nft_reduce_is_readonly()
      netfilter: conntrack: Remove unused net in nf_conntrack_double_lock()

lvxiafei (1):
      netfilter: conntrack: table full detailed log

 include/linux/netfilter.h                          |   1 +
 include/linux/netfilter/x_tables.h                 |  10 -
 include/net/netfilter/nf_log.h                     |   3 +
 include/net/netfilter/nf_tables.h                  |  19 +-
 include/net/netfilter/nf_tables_core.h             |  50 +++--
 include/uapi/linux/netfilter/nfnetlink_hook.h      |   2 +
 net/bridge/netfilter/Kconfig                       |  10 +-
 net/ipv4/netfilter/Kconfig                         |  24 +--
 net/ipv6/netfilter/Kconfig                         |  19 +-
 net/netfilter/Kconfig                              |  10 +
 net/netfilter/ipvs/ip_vs_conn.c                    |   2 +-
 net/netfilter/nf_conntrack_core.c                  |  16 +-
 net/netfilter/nf_conntrack_standalone.c            |  26 ++-
 net/netfilter/nf_log.c                             |  26 +++
 net/netfilter/nf_tables_api.c                      |  24 +--
 net/netfilter/nfnetlink_hook.c                     |  76 ++++++--
 net/netfilter/nft_dynset.c                         |  10 +-
 net/netfilter/nft_lookup.c                         |  27 +--
 net/netfilter/nft_objref.c                         |   5 +-
 net/netfilter/nft_set_bitmap.c                     |  11 +-
 net/netfilter/nft_set_hash.c                       |  54 +++---
 net/netfilter/nft_set_pipapo.c                     | 204 +++++++--------------
 net/netfilter/nft_set_pipapo_avx2.c                |  26 +--
 net/netfilter/nft_set_rbtree.c                     |  40 ++--
 net/netfilter/x_tables.c                           |  16 +-
 net/netfilter/xt_nfacct.c                          |   4 +-
 tools/testing/selftests/bpf/config                 |   1 +
 tools/testing/selftests/hid/config.common          |   1 +
 tools/testing/selftests/net/config                 |  11 ++
 tools/testing/selftests/net/mptcp/config           |   2 +
 tools/testing/selftests/net/netfilter/config       |   7 +-
 tools/testing/selftests/net/netfilter/ipvs.sh      |   4 +-
 .../net/netfilter/nft_interface_stress.sh          |   5 +-
 .../testing/selftests/wireguard/qemu/kernel.config |   4 +
 34 files changed, 402 insertions(+), 348 deletions(-)