From: David S. Miller <davem@davemloft.net>
Date: Wed, 18 Jan 2023 13:19:48 +0000 (+0000)
Subject: Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next
X-Git-Tag: v6.3-rc1~162^2~264
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4218b0e2122f8bf996e695be20b66b9484c3283d;p=thirdparty%2Fkernel%2Flinux.git

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next

Florian Westphal says:

====================
Netfilter updates for net-next

following patch set includes netfilter updates for your *net-next* tree.

1. Replace pr_debug use with nf_log infra for debugging in sctp
   conntrack.
2. Remove pr_debug calls, they are either useless or we have better
   options in place.
3. Avoid repeated load of ct->status in some spots.
   Some bit-flags cannot change during the lifeetime of
   a connection, so no need to re-fetch those.
4. Avoid uneeded nesting of rcu_read_lock during tuple lookup.
5. Remove the CLUSTERIP target.  Marked as obsolete for years,
   and we still have WARN splats wrt. races of the out-of-band
   /proc interface installed by this target.
6. Add static key to nf_tables to avoid the retpoline mitigation
   if/else if cascade provided the cpu doesn't need the retpoline thunk.
7. add nf_tables objref calls to the retpoline mitigation workaround.
8. Split parts of nft_ct.c that do not need symbols exported by
   the conntrack modules and place them in nf_tables directly.
   This allows to avoid indirect call for 'ct status' checks.
9. Add 'destroy' commands to nf_tables.  They are identical
   to the existing 'delete' commands, but do not indicate
   an error if the referenced object (set, chain, rule...)
   did not exist, from Fernando.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
---

4218b0e2122f8bf996e695be20b66b9484c3283d