From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/6] Netfilter fixes for net
Date: Sun, 22 Mar 2015 19:46:32 +0100 [thread overview]
Message-ID: <1427049998-5665-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Fix missing initialization of tuple structure in nfnetlink_cthelper
to avoid mismatches when looking up to attach userspace helpers to
flows, from Ian Wilson.
2) Fix potential crash in nft_hash when we hit -EAGAIN in
nft_hash_walk(), from Herbert Xu.
3) We don't need to indicate the hook information to update the
basechain default policy in nf_tables.
4) Restore tracing over nfnetlink_log due to recent rework to
accomodate logging infrastructure into nf_tables.
5) Fix wrong IP6T_INV_PROTO check in xt_TPROXY.
6) Set IP6T_F_PROTO flag in nft_compat so we can use SYNPROXY6 and
REJECT6 from xt over nftables.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 4363890079674db7b00cf1bb0e6fa430e846e86b:
net: Handle unregister properly when netdev namespace change fails. (2015-03-10 21:59:46 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
for you to fetch changes up to 749177ccc74f9c6d0f51bd78a15c652a2134aa11:
netfilter: nft_compat: set IP6T_F_PROTO flag if protocol is set (2015-03-22 19:32:05 +0100)
----------------------------------------------------------------
Herbert Xu (1):
netfilter: Fix potential crash in nft_hash walker
Ian Wilson (1):
netfilter: Zero the tuple in nfnl_cthelper_parse_tuple()
Pablo Neira Ayuso (4):
netfilter: nf_tables: allow to change chain policy without hook if it exists
netfilter: restore rule tracing via nfnetlink_log
netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()
netfilter: nft_compat: set IP6T_F_PROTO flag if protocol is set
include/net/netfilter/nf_log.h | 10 ++++++++++
net/ipv4/netfilter/ip_tables.c | 6 +++---
net/ipv6/netfilter/ip6_tables.c | 6 +++---
net/netfilter/nf_log.c | 24 ++++++++++++++++++++++++
net/netfilter/nf_tables_api.c | 5 ++++-
net/netfilter/nf_tables_core.c | 8 ++++----
net/netfilter/nfnetlink_cthelper.c | 3 +++
net/netfilter/nft_compat.c | 6 ++++++
net/netfilter/nft_hash.c | 2 ++
net/netfilter/xt_TPROXY.c | 4 ++--
10 files changed, 61 insertions(+), 13 deletions(-)
next reply other threads:[~2015-03-22 18:46 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-22 18:46 Pablo Neira Ayuso [this message]
2015-03-22 18:46 ` [PATCH 1/6] netfilter: Zero the tuple in nfnl_cthelper_parse_tuple() Pablo Neira Ayuso
2015-03-22 18:46 ` [PATCH 2/6] netfilter: Fix potential crash in nft_hash walker Pablo Neira Ayuso
2015-03-22 18:46 ` [PATCH 3/6] netfilter: nf_tables: allow to change chain policy without hook if it exists Pablo Neira Ayuso
2015-03-22 18:46 ` [PATCH 4/6] netfilter: restore rule tracing via nfnetlink_log Pablo Neira Ayuso
2015-03-22 18:46 ` [PATCH 5/6] netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check() Pablo Neira Ayuso
2015-03-22 18:46 ` [PATCH 6/6] netfilter: nft_compat: set IP6T_F_PROTO flag if protocol is set Pablo Neira Ayuso
2015-03-22 20:57 ` [PATCH 0/6] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-08-24 11:39 Pablo Neira Ayuso
2020-08-24 13:37 ` David Miller
2020-05-14 12:19 Pablo Neira Ayuso
2020-05-14 20:15 ` David Miller
2020-02-26 22:54 Pablo Neira Ayuso
2020-02-27 0:32 ` David Miller
2020-01-31 19:24 Pablo Neira Ayuso
2020-02-01 20:59 ` Jakub Kicinski
2019-02-05 19:04 Pablo Neira Ayuso
2019-02-05 19:23 ` David Miller
2018-10-01 22:37 Pablo Neira Ayuso
2018-10-01 22:41 ` David Miller
2018-07-09 17:18 Pablo Neira Ayuso
2018-07-09 21:24 ` David Miller
2018-06-27 15:22 Pablo Neira Ayuso
2018-06-28 4:33 ` David Miller
2018-02-01 18:02 Pablo Neira Ayuso
2018-02-01 19:45 ` David Miller
2017-02-27 11:35 Pablo Neira Ayuso
2017-02-27 14:19 ` David Miller
2017-01-05 11:19 Pablo Neira Ayuso
2017-01-05 16:52 ` David Miller
2016-08-18 17:29 Pablo Neira Ayuso
2016-08-19 1:49 ` David Miller
2016-02-16 17:02 Pablo Neira Ayuso
2016-02-16 17:56 ` David Miller
2016-01-20 17:03 Pablo Neira Ayuso
2016-01-21 2:57 ` David Miller
2015-12-14 11:25 [PATCH 0/6] netfilter " Pablo Neira Ayuso
2015-12-14 16:09 ` David Miller
2015-09-03 9:50 [PATCH 0/6] Netfilter " Pablo Neira Ayuso
2015-09-06 4:59 ` David Miller
2014-05-09 10:56 Pablo Neira Ayuso
2014-05-09 17:17 ` David Miller
2014-02-19 11:41 Pablo Neira Ayuso
2014-02-19 18:16 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1427049998-5665-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).