From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Tue, 18 Jul 2017 12:13:54 +0200 > The following patchset contains Netfilter fixes for your net tree, > they are: > > 1) Missing netlink message sanity check in nfnetlink, patch from > Mateusz Jurczyk. > > 2) We now have netfilter per-netns hooks, so let's kill global hook > infrastructure, this infrastructure is known to be racy with netns. > We don't care about out of tree modules. Patch from Florian Westphal. > > 3) find_appropriate_src() is buggy when colissions happens after the > conversion of the nat bysource to rhashtable. Also from Florian. > > 4) Remove forward chain in nf_tables arp family, it's useless and it is > causing quite a bit of confusion, from Florian Westphal. > > 5) nf_ct_remove_expect() is called with the wrong parameter, causing > kernel oops, patch from Florian Westphal. > > You can pull these changes from: > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git Pulled, thanks a lot. What about that change Eric Dumazet was talking about with Florian that stopped instantiating conntrack by default in new namespaces? Just curious. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
