Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/9] Netfilter fixes for net
Date: Wed,  6 Nov 2019 12:12:28 +0100
Message-ID: <20191106111237.3183-1-pablo@netfilter.org> (raw)

Hi David,

The following patchset contains Netfilter fixes for net:

1) Missing register size validation in bitwise and cmp offloads.

2) Fix error code in ip_set_sockfn_get() when copy_to_user() fails,
   from Dan Carpenter.

3) Oneliner to copy MAC address in IPv6 hash:ip,mac sets, from
   Stefano Brivio.

4) Missing policy validation in ipset with NL_VALIDATE_STRICT,
   from Jozsef Kadlecsik.

5) Fix unaligned access to private data area of nf_tables instructions,
   from Lukas Wunner.

6) Relax check for object updates, reported as a regression by
   Eric Garver, patch from Fernando Fernandez Mancera.

7) Crash on ebtables dnat extension when used from the output path.
   From Florian Westphal.

8) Fix bogus EOPNOTSUPP when updating basechain flags.

9) Fix bogus EBUSY when updating a basechain that is already offloaded.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks.

----------------------------------------------------------------

The following changes since commit 1204c70d9dcba31164f78ad5d8c88c42335d51f8:

  Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2019-11-01 17:48:11 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 774e4d34dbebc9dc441535c4712794d336a9478c:

  Merge branch 'master' of git://blackhole.kfki.hu/nf (2019-11-04 20:59:00 +0100)

----------------------------------------------------------------
Dan Carpenter (1):
      netfilter: ipset: Fix an error code in ip_set_sockfn_get()

Fernando Fernandez Mancera (1):
      netfilter: nf_tables: fix unexpected EOPNOTSUPP error

Florian Westphal (1):
      bridge: ebtables: don't crash when using dnat target in output chains

Jozsef Kadlecsik (1):
      netfilter: ipset: Fix nla_policies to fully support NL_VALIDATE_STRICT

Lukas Wunner (1):
      netfilter: nf_tables: Align nft_expr private data to 64-bit

Pablo Neira Ayuso (4):
      netfilter: nf_tables_offload: check for register data length mismatches
      netfilter: nf_tables: bogus EOPNOTSUPP on basechain update
      netfilter: nf_tables_offload: skip EBUSY on chain update
      Merge branch 'master' of git://blackhole.kfki.hu/nf

Stefano Brivio (1):
      netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets

 include/net/netfilter/nf_tables.h        |  3 +-
 net/bridge/netfilter/ebt_dnat.c          | 19 ++++++++++---
 net/netfilter/ipset/ip_set_core.c        | 49 +++++++++++++++++++++-----------
 net/netfilter/ipset/ip_set_hash_ipmac.c  |  2 +-
 net/netfilter/ipset/ip_set_hash_net.c    |  1 +
 net/netfilter/ipset/ip_set_hash_netnet.c |  1 +
 net/netfilter/nf_tables_api.c            |  7 ++---
 net/netfilter/nf_tables_offload.c        |  3 +-
 net/netfilter/nft_bitwise.c              |  5 ++--
 net/netfilter/nft_cmp.c                  |  2 +-
 10 files changed, 62 insertions(+), 30 deletions(-)

             reply index

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-06 11:12 Pablo Neira Ayuso [this message]
2019-11-06 11:12 ` [PATCH 1/9] netfilter: nf_tables_offload: check for register data length mismatches Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 2/9] netfilter: ipset: Fix an error code in ip_set_sockfn_get() Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 3/9] netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 4/9] netfilter: ipset: Fix nla_policies to fully support NL_VALIDATE_STRICT Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 5/9] netfilter: nf_tables: Align nft_expr private data to 64-bit Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 6/9] netfilter: nf_tables: fix unexpected EOPNOTSUPP error Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 7/9] bridge: ebtables: don't crash when using dnat target in output chains Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 8/9] netfilter: nf_tables: bogus EOPNOTSUPP on basechain update Pablo Neira Ayuso
2019-11-06 11:12 ` [PATCH 9/9] netfilter: nf_tables_offload: skip EBUSY on chain update Pablo Neira Ayuso
2019-11-07  5:17 ` [PATCH 0/9] Netfilter fixes for net David Miller
  -- strict thread matches above, loose matches on Subject: below --
2020-02-18 22:20 Pablo Neira Ayuso
2020-02-18 23:45 ` David Miller
2020-01-08 23:17 Pablo Neira Ayuso
2020-01-08 23:22 ` David Miller
2019-03-21 11:28 Pablo Neira Ayuso
2019-03-21 17:07 ` David Miller
2018-12-29 12:57 Pablo Neira Ayuso
2018-12-29 22:33 ` David Miller
2018-07-24 16:31 Pablo Neira Ayuso
2018-07-24 17:00 ` David Miller
2018-06-13 10:56 Pablo Neira Ayuso
2018-06-13 21:05 ` David Miller
2017-04-14  0:26 Pablo Neira Ayuso
2017-04-14 14:59 ` David Miller
2016-08-10 19:16 Pablo Neira Ayuso
2016-08-10 18:56 Pablo Neira Ayuso
2016-08-10 21:54 ` David Miller
2016-03-28 17:57 Pablo Neira Ayuso
2016-03-28 19:43 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191106111237.3183-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git