[PATCH 00/13] netfilter: nf_tables: bug fixes and minor cleanups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following patches fix a couple of bugs related to chain types module
references, chain modification atomicity, chain type module loading
and unloading of modules that are still in use. Detailed descriptions
are in the individual changelogs.

The patches obviously also affect the current -rc, but I think its a bit
late in the release cycle for bigger fixes like this, so I based them
on your nftables.git tree.

Please apply, thanks.


Patrick McHardy (13):
      netfilter: nf_tables: split chain policy validation from actually setting it
      netfilter: nf_tables: restore chain change atomicity
      netfilter: nf_tables: fix check for table overflow
      netfilter: nf_tables: fix chain type module reference handling
      netfilter: nf_tables: add missing module references to chain types
      netfilter: nf_tables: replay request after dropping locks to load chain type
      netfilter: nf_tables: constify chain type definitions and pointers
      netfilter: nf_tables: minor nf_chain_type cleanups
      netfilter: nf_tables: perform flags validation before table allocation
      netfilter: nf_tables: take AF module reference when creating a table
      netfilter: nf_tables: prohibit deletion of a table with existing sets
      netfilter: nf_tables: unininline nft_trace_packet()
      netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain()


 include/net/netfilter/nf_tables.h         |  32 +++--
 net/bridge/netfilter/nf_tables_bridge.c   |   7 +-
 net/ipv4/netfilter/nf_tables_arp.c        |   7 +-
 net/ipv4/netfilter/nf_tables_ipv4.c       |   7 +-
 net/ipv4/netfilter/nft_chain_nat_ipv4.c   |  10 +-
 net/ipv4/netfilter/nft_chain_route_ipv4.c |  10 +-
 net/ipv6/netfilter/nf_tables_ipv6.c       |   7 +-
 net/ipv6/netfilter/nft_chain_nat_ipv6.c   |  10 +-
 net/ipv6/netfilter/nft_chain_route_ipv6.c |  10 +-
 net/netfilter/nf_tables_api.c             | 192 ++++++++++++++----------------
 net/netfilter/nf_tables_core.c            |  10 +-
 net/netfilter/nf_tables_inet.c            |   5 +-
 12 files changed, 157 insertions(+), 150 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux