From: Jakub Kicinski Date: Thu, 26 Feb 2026 03:36:28 +0000 (-0800) Subject: Merge branch 'netfilter-updates-for-net-next' X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2cd63825c7c6105bc298474fbb073d25f48114cf;p=thirdparty%2Flinux.git Merge branch 'netfilter-updates-for-net-next' Florian Westphal says: ==================== netfilter: updates for net-next including IPVS updates from and via Julian Anastasov. First updates for IPVS. From Julians cover-letter: * Convert the global __ip_vs_mutex to per-net service_mutex and switch the service tables to be per-net, cowork by Jiejian Wu and Dust Li * Convert some code that walks the service lists to use RCU instead of the service_mutex * We used two tables for services (non-fwmark and fwmark), merge them into single svc_table * The list for unavailable destinations (dest_trash) holds dsts and thus dev references causing extra work for the ip_vs_dst_event() dev notifier handler. Change this by dropping the reference when dest is removed and saved into dest_trash. The dest_trash will need more changes to make it light for lookups. TODO. * On new connection we can do multiple lookups for services by trying different fallback options. Add more counters for service types, so that we can avoid unneeded lookups for services. * The no_cport and dropentry counters can be per-net and also we can avoid extra conn lookups Then, a few cleanups for nf_tables: * keep BH enabled during nft_set_rbtree inserts, this is possible because the root lock is now only taken from control plane. * toss a few EXPORT_SYMBOLs from nf_tables; these were historic leftovers from back in the day when e.g. set backends were still residing in their own modules. * remove the register tracking infra from nftables. It was disabled years ago in 5.18 and there are no plans to salvage this work; the idea was good (remove redundant register stores), but there is just one too many pitfalls, and better rule structuring (verdict maps) largely avoids the scenarios where this would have helped. ==================== Link: https://patch.msgid.link/20260224205048.4718-1-fw@strlen.de Signed-off-by: Jakub Kicinski --- 2cd63825c7c6105bc298474fbb073d25f48114cf