On Sat, Oct 22, 2016 at 06:51:23PM +0800, Liping Zhang wrote:
> From: Liping Zhang <zlpnobody@xxxxxxxxx>
>
> Suppose that the user input the following nft rules, then a dynset expr is
> created:
> # nft add rule filter output flow table test { ip daddr counter }
>
> But actually, there are some bugs exist in kernel:
> 1. If CONFIG_NFT_SET_HASH is not enabled, kernel panic will happen
> 2. In extreme case, i.e. memory is exhausted, then expr clone will
> fail, this will cause module refcnt leak, memory leak and incorrect
> set's nelems
> 3. Packets may race when create the new element, and these *racing*
> packets will not be handled properly.
>
> This patch set is aimed to fix these problems.
Series applied, thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
