Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

1) Missing dependencies in NFT_BRIDGE_REJECT, from Randy Dunlap.

2) Use atomic_inc_return() instead of atomic_add_return() in IPVS,
   from Yejune Deng.

3) Simplify check for overquota in xt_nfacct, from Kaixu Xia.

4) Move nfnl_acct_list away from struct net, from Miao Wang.

5) Pass actual sk in reject actions, from Jan Engelhardt.

6) Add timeout and protoinfo to ctnetlink destroy events,
   from Florian Westphal.

7) Four patches to generalize set infrastructure to support
   for multiple expressions per set element.

* git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next:
  netfilter: nftables: netlink support for several set element expressions
  netfilter: nftables: generalize set extension to support for several expressions
  netfilter: nftables: move nft_expr before nft_set
  netfilter: nftables: generalize set expressions support
  netfilter: ctnetlink: add timeout and protoinfo to destroy events
  netfilter: use actual socket sk for REJECT action
  netfilter: nfnl_acct: remove data from struct net
  netfilter: Remove unnecessary conversion to bool
  ipvs: replace atomic_add_return()
  netfilter: nft_reject_bridge: fix build errors due to code movement
====================

Link: https://lore.kernel.org/r/20201212230513.3465-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --cc include/net/netfilter/nf_tables.h
Simple merge

diff --cc net/netfilter/nf_tables_api.c
Simple merge

diff --cc net/netfilter/nft_dynset.c
index 9af4f93,13c426d..983a1d5
--- 1/net/netfilter/nft_dynset.c
--- 2/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@@ -269,11 -366,26 +368,26 @@@ static int nft_dynset_dump(struct sk_bu
        if (nla_put_string(skb, NFTA_DYNSET_SET_NAME, priv->set->name))
                goto nla_put_failure;
        if (nla_put_be64(skb, NFTA_DYNSET_TIMEOUT,
 -                       cpu_to_be64(jiffies_to_msecs(priv->timeout)),
 +                       nf_jiffies64_to_msecs(priv->timeout),
                         NFTA_DYNSET_PAD))
                goto nla_put_failure;
-       if (priv->expr && nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr))
-               goto nla_put_failure;
+       if (priv->num_exprs == 1) {
+               if (nft_expr_dump(skb, NFTA_DYNSET_EXPR, priv->expr_array[0]))
+                       goto nla_put_failure;
+       } else if (priv->num_exprs > 1) {
+               struct nlattr *nest;
+ 
+               nest = nla_nest_start_noflag(skb, NFTA_DYNSET_EXPRESSIONS);
+               if (!nest)
+                       goto nla_put_failure;
+ 
+               for (i = 0; i < priv->num_exprs; i++) {
+                       if (nft_expr_dump(skb, NFTA_LIST_ELEM,
+                                         priv->expr_array[i]))
+                               goto nla_put_failure;
+               }
+               nla_nest_end(skb, nest);
+       }
        if (nla_put_be32(skb, NFTA_DYNSET_FLAGS, htonl(flags)))
                goto nla_put_failure;
        return 0;