From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH 0/5] Netfilter fixes for net
Date: Tue, 8 Sep 2020 17:09:42 +0200 [thread overview]
Message-ID: <20200908150947.12623-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter fixes for net:
1) Allow conntrack entries with l3num == NFPROTO_IPV4 or == NFPROTO_IPV6
only via ctnetlink, from Will McVicker.
2) Batch notifications to userspace to improve netlink socket receive
utilization.
3) Restore mark based dump filtering via ctnetlink, from Martin Willi.
4) nf_conncount_init() fails with -EPROTO with CONFIG_IPV6, from
Eelco Chaudron.
5) Containers fail to match on meta skuid and skgid, use socket user_ns
to retrieve meta skuid and skgid.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thank you.
----------------------------------------------------------------
The following changes since commit 19162fd4063a3211843b997a454b505edb81d5ce:
hv_netvsc: Fix hibernation for mlx5 VF driver (2020-09-07 21:04:36 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 0c92411bb81de9bc516d6924f50289d8d5f880e5:
netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid (2020-09-08 13:04:56 +0200)
----------------------------------------------------------------
Eelco Chaudron (1):
netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled
Martin Willi (1):
netfilter: ctnetlink: fix mark based dump filtering regression
Pablo Neira Ayuso (2):
netfilter: nf_tables: coalesce multiple notifications into one skbuff
netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid
Will McVicker (1):
netfilter: ctnetlink: add a range check for l3/l4 protonum
include/net/netns/nftables.h | 1 +
net/netfilter/nf_conntrack_netlink.c | 22 +++---------
net/netfilter/nf_conntrack_proto.c | 2 ++
net/netfilter/nf_tables_api.c | 70 +++++++++++++++++++++++++++++-------
net/netfilter/nft_meta.c | 4 +--
5 files changed, 67 insertions(+), 32 deletions(-)
next reply other threads:[~2020-09-08 20:13 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-08 15:09 Pablo Neira Ayuso [this message]
2020-09-08 15:09 ` [PATCH 1/5] netfilter: ctnetlink: add a range check for l3/l4 protonum Pablo Neira Ayuso
2020-09-08 15:09 ` [PATCH 2/5] netfilter: nf_tables: coalesce multiple notifications into one skbuff Pablo Neira Ayuso
2020-09-08 15:09 ` [PATCH 3/5] netfilter: ctnetlink: fix mark based dump filtering regression Pablo Neira Ayuso
2020-09-08 15:09 ` [PATCH 4/5] netfilter: conntrack: nf_conncount_init is failing with IPv6 disabled Pablo Neira Ayuso
2020-09-08 15:09 ` [PATCH 5/5] netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid Pablo Neira Ayuso
2020-09-09 3:08 ` [PATCH 0/5] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-08-04 20:02 Pablo Neira Ayuso
2020-08-04 20:32 ` David Miller
2020-05-25 21:54 Pablo Neira Ayuso
2020-05-26 1:29 ` David Miller
2020-05-26 20:10 ` Pablo Neira Ayuso
2020-05-26 23:08 ` David Miller
2019-09-25 20:29 Pablo Neira Ayuso
2019-09-27 18:16 ` David Miller
2019-09-04 19:36 Pablo Neira Ayuso
2019-09-04 22:04 ` David Miller
2019-08-30 12:06 Pablo Neira Ayuso
2019-08-31 0:52 ` David Miller
2019-08-19 18:49 Pablo Neira Ayuso
2019-08-19 20:16 ` David Miller
2019-03-11 22:50 Pablo Neira Ayuso
2019-03-11 23:14 ` David Miller
2018-12-13 1:06 Pablo Neira Ayuso
2018-12-13 5:37 ` David Miller
2017-08-24 14:43 Pablo Neira Ayuso
2017-08-24 18:49 ` David Miller
2017-07-18 10:13 Pablo Neira Ayuso
2017-07-18 19:03 ` David Miller
2017-07-18 21:11 ` Florian Westphal
2017-07-18 21:54 ` David Miller
2015-08-10 17:58 Pablo Neira Ayuso
2015-08-11 4:08 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200908150947.12623-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).