From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/8] Netfilter fixes for net
Date: Mon, 22 Oct 2018 22:07:16 +0200 [thread overview]
Message-ID: <20181022200724.25806-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter fixes for your net tree:
1) rbtree lookup from control plane returns the left-hand side element
of the range when the interval end flag is set on.
2) osf extension is not supported from the input path, reject this from
the control plane, from Fernando Fernandez Mancera.
3) xt_TEE is leaving output interface unset due to a recent incorrect
netns rework, from Taehee Yoo.
4) xt_TEE allows to select an interface which does not belong to this
netnamespace, from Taehee Yoo.
5) Zero private extension area in nft_compat, just like we do in x_tables,
otherwise we leak kernel memory to userspace.
6) Missing .checkentry and .destroy entries in new DNAT extensions breaks
it since we never load nf_conntrack dependencies, from Paolo Abeni.
7) Do not remove flowtable hook from netns exit path, the netdevice handler
already deals with this, also from Taehee Yoo.
8) Only cleanup flowtable entries that reside in this netnamespace, also
from Taehee Yoo.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 9a4890bd6d6325a1c88564a20ab310b2d56f6094:
rds: RDS (tcp) hangs on sendto() to unresponding address (2018-10-10 22:19:52 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to a3fb3698cadf27dc142b24394c401625e14d80d0:
netfilter: nf_flow_table: do not remove offload when other netns's interface is down (2018-10-19 13:30:48 +0200)
----------------------------------------------------------------
Fernando Fernandez Mancera (1):
netfilter: nft_osf: usage from output path is not valid
Pablo Neira Ayuso (2):
netfilter: nft_set_rbtree: allow loose matching of closing element in interval
netfilter: nft_compat: do not dump private area
Paolo Abeni (1):
netfilter: xt_nat: fix DNAT target for shifted portmap ranges
Taehee Yoo (4):
netfilter: xt_TEE: fix wrong interface selection
netfilter: xt_TEE: add missing code to get interface index in checkentry.
netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
netfilter: nf_flow_table: do not remove offload when other netns's interface is down
net/netfilter/nf_flow_table_core.c | 9 +++--
net/netfilter/nf_tables_api.c | 3 --
net/netfilter/nft_compat.c | 24 +++++++++++-
net/netfilter/nft_osf.c | 10 +++++
net/netfilter/nft_set_rbtree.c | 10 ++++-
net/netfilter/xt_TEE.c | 76 +++++++++++++++++++++++++++++---------
net/netfilter/xt_nat.c | 2 +
7 files changed, 107 insertions(+), 27 deletions(-)
next reply other threads:[~2018-10-23 4:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-22 20:07 Pablo Neira Ayuso [this message]
2018-10-22 20:07 ` [PATCH 1/8] netfilter: nft_set_rbtree: allow loose matching of closing element in interval Pablo Neira Ayuso
2018-10-22 20:07 ` [PATCH 2/8] netfilter: nft_osf: usage from output path is not valid Pablo Neira Ayuso
2018-10-22 20:07 ` [PATCH 3/8] netfilter: xt_TEE: fix wrong interface selection Pablo Neira Ayuso
2018-10-22 20:07 ` [PATCH 4/8] netfilter: xt_TEE: add missing code to get interface index in checkentry Pablo Neira Ayuso
2018-10-22 20:07 ` [PATCH 5/8] netfilter: nft_compat: do not dump private area Pablo Neira Ayuso
2018-10-22 20:07 ` [PATCH 6/8] netfilter: xt_nat: fix DNAT target for shifted portmap ranges Pablo Neira Ayuso
2018-10-22 20:07 ` [PATCH 7/8] netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine Pablo Neira Ayuso
2018-10-22 20:07 ` [PATCH 8/8] netfilter: nf_flow_table: do not remove offload when other netns's interface is down Pablo Neira Ayuso
2018-10-23 3:21 ` [PATCH 0/8] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-08-31 9:36 Pablo Neira Ayuso
2020-08-31 18:22 ` David Miller
2020-08-15 10:31 Pablo Neira Ayuso
2020-08-16 23:05 ` David Miller
2019-07-31 11:51 [PATCH 0/8] netfilter " Pablo Neira Ayuso
2019-07-31 15:50 ` David Miller
2017-03-29 12:14 [PATCH 0/8] Netfilter " Pablo Neira Ayuso
2017-03-29 21:39 ` David Miller
2017-02-23 11:14 Pablo Neira Ayuso
2017-02-23 16:00 ` David Miller
2014-10-27 21:37 Pablo Neira Ayuso
2014-10-27 22:49 ` David Miller
2014-04-05 16:21 [PATCH 0/8] netfilter " Pablo Neira Ayuso
2014-04-05 16:03 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181022200724.25806-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).