Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/9] Netfilter fixes for net
@ 2019-03-21 11:28 Pablo Neira Ayuso
  2019-03-21 11:28 ` [PATCH 1/9] netfilter: nf_conntrack_sip: remove direct dependency on IPv6 Pablo Neira Ayuso
                   ` (9 more replies)
  0 siblings, 10 replies; 11+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-21 11:28 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev

Hi David,

The following patchset contains Netfilter fixes for your net tree:

1) Remove a direct dependency with IPv6 introduced by the
   sip_external_media feature, from Alin Nastac.

2) Fix bogus ENOENT when removing interval elements from set.

3) Set transport_header from br_netfilter to mimic the stack
   behaviour, this partially fixes a checksum validation bug
   from the SCTP connection tracking, from Xin Long.

4) Fix undefined reference to symbol in xt_TEE, due to missing
   Kconfig dependencies, from Arnd Bergmann.

5) Check for NULL in skb_header_pointer() calls in ip6t_shr,
   from Kangjie Lu.

6) Fix bogus EBUSY when removing an existing conntrack helper from
   a transaction.

7) Fix module autoload of the redirect extension.

8) Remove duplicated transition in flowtable diagram in the existing
   documentation.

9) Missing .release_ops call from error path in newrule() which
   results module refcount leak, from Taehee Yoo.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks!

----------------------------------------------------------------

The following changes since commit 4ec850e5dfec092b26cf3b7d5a6c9e444ea4babd:

  net: dwmac-sun8i: fix a missing check of of_get_phy_mode (2019-03-12 14:52:00 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to b25a31bf0ca091aa8bdb9ab329b0226257568bbe:

  netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (2019-03-20 08:32:58 +0100)

----------------------------------------------------------------
Alin Nastac (1):
      netfilter: nf_conntrack_sip: remove direct dependency on IPv6

Arnd Bergmann (1):
      netfilter: fix NETFILTER_XT_TARGET_TEE dependencies

Kangjie Lu (1):
      netfilter: ip6t_srh: fix NULL pointer dereferences

Pablo Neira Ayuso (4):
      netfilter: nft_set_rbtree: check for inactive element after flag mismatch
      netfilter: nf_tables: bogus EBUSY in helper removal from transaction
      netfilter: nft_redir: fix module autoload with ip4
      netfilter: nf_flowtable: remove duplicated transition in diagram

Taehee Yoo (1):
      netfilter: nf_tables: add missing ->release_ops() in error path of newrule()

Xin Long (1):
      netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING

 Documentation/networking/nf_flowtable.txt |  8 +++----
 net/bridge/br_netfilter_hooks.c           |  1 +
 net/bridge/br_netfilter_ipv6.c            |  2 ++
 net/ipv6/netfilter/ip6t_srh.c             |  6 +++++
 net/netfilter/Kconfig                     |  1 +
 net/netfilter/nf_conntrack_sip.c          | 37 +++++++++++++------------------
 net/netfilter/nf_tables_api.c             |  5 ++++-
 net/netfilter/nft_objref.c                | 19 +++++++++++++---
 net/netfilter/nft_redir.c                 |  2 +-
 net/netfilter/nft_set_rbtree.c            |  7 +++---
 10 files changed, 54 insertions(+), 34 deletions(-)

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, back to index

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-21 11:28 [PATCH 0/9] Netfilter fixes for net Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 1/9] netfilter: nf_conntrack_sip: remove direct dependency on IPv6 Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 2/9] netfilter: nft_set_rbtree: check for inactive element after flag mismatch Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 3/9] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 4/9] netfilter: fix NETFILTER_XT_TARGET_TEE dependencies Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 5/9] netfilter: ip6t_srh: fix NULL pointer dereferences Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 6/9] netfilter: nf_tables: bogus EBUSY in helper removal from transaction Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 7/9] netfilter: nft_redir: fix module autoload with ip4 Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 8/9] netfilter: nf_flowtable: remove duplicated transition in diagram Pablo Neira Ayuso
2019-03-21 11:28 ` [PATCH 9/9] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() Pablo Neira Ayuso
2019-03-21 17:07 ` [PATCH 0/9] Netfilter fixes for net David Miller

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git