From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Wed, 15 Mar 2017 18:01:02 +0100 > The following patchset contains Netfilter fixes for your net tree, a > rather large batch of fixes targeted to nf_tables, conntrack and bridge > netfilter. More specifically, they are: > > 1) Don't track fragmented packets if the socket option IP_NODEFRAG is set. > From Florian Westphal. > > 2) SCTP protocol tracker assumes that ICMP error messages contain the > checksum field, what results in packet drops. From Ying Xue. > > 3) Fix inconsistent handling of AH traffic from nf_tables. > > 4) Fix new bitmap set representation with big endian. Fix mismatches in > nf_tables due to incorrect big endian handling too. Both patches > from Liping Zhang. > > 5) Bridge netfilter doesn't honor maximum fragment size field, cap to > largest fragment seen. From Florian Westphal. > > 6) Fake conntrack entry needs to be aligned to 8 bytes since the 3 LSB > bits are now used to store the ctinfo. From Steven Rostedt. > > 7) Fix element comments with the bitmap set type. Revert the flush > field in the nft_set_iter structure, not required anymore after > fixing up element comments. > > 8) Missing error on invalid conntrack direction from nft_ct, also from > Liping Zhang. > > You can pull these changes from: > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git Pulled, thanks Pablo! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
