From: David S. Miller <davem@davemloft.net>
Date: Mon, 13 Feb 2017 03:11:43 +0000 (-0500)
Subject: Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
X-Git-Tag: v4.14-rc1~1463^2~137
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7c92d61eca453d5007669e4322dd8e469d443d04;p=platform%2Fkernel%2Flinux-rpi3.git

Merge git://git./linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
Netfilter updates for net-next

The following patchset contains Netfilter updates for your net-next
tree, most relevantly they are:

1) Extend nft_exthdr to allow to match TCP options bitfields, from
   Manuel Messner.

2) Allow to check if IPv6 extension header is present in nf_tables,
   from Phil Sutter.

3) Allow to set and match conntrack zone in nf_tables, patches from
   Florian Westphal.

4) Several patches for the nf_tables set infrastructure, this includes
   cleanup and preparatory patches to add the new bitmap set type.

5) Add optional ruleset generation ID check to nf_tables and allow to
   delete rules that got no public handle yet via NFTA_RULE_ID. These
   patches add the missing kernel infrastructure to support rule
   deletion by description from userspace.

6) Missing NFT_SET_OBJECT flag to select the right backend when sets
   stores an object map.

7) A couple of cleanups for the expectation and SIP helper, from Gao
   feng.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
---

7c92d61eca453d5007669e4322dd8e469d443d04