[PATCH 0/5] ipset patches for nf-next

Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> · Mon, 10 Dec 2018 14:39:33 +0100

Hi Pablo,

Please consider to pull the next patches for nf-next:

- Replace a strncpy() with strscpy() from Qian Cai.
- Do not call ipset_nest_end() after nla_nest_cancel() in the error
  path in list_set_list() from Pan Bian.
- Introduction of new commands and thus protocol version 7. The
  new commands makes possible to eliminate the getsockopt interface
  of ipset and use solely netlink to communicate with the kernel.
  Due to the strict attribute checking both in user/kernel space,
  a new protocol number was introduced. Both the kernel/userspace is
  fully backward compatible. The "fix ip_set_byindex function" patch
  in the ipset git tree from Florent Fourcot is merged into the patch.
- Make invalid MAC address checks consisten, from Stefano Brivio.
  The patch depends on the next one.
- Allow matching on destination MAC address for mac and ipmac sets,
  also from Stefano Brivio.

Best regards,
Jozsef

The following changes since commit 30beabb3c32122d533ce0e2fc712f9d720a82f9f:

  net: phy: marvell: remove set but not used variable 'pause' (2018-11-11 18:19:50 -0800)

are available in the git repository at:

  git://blackhole.kfki.hu/nf-next c8770d8908fd

for you to fetch changes up to c8770d8908fd5a5abc5061f5c57d55593ba86d8b:

  netfilter: ipset: replace a strncpy() with strscpy() (2018-12-10 14:12:50 +0100)

----------------------------------------------------------------
Jozsef Kadlecsik (1):
      netfilter: ipset: Introduction of new commands and protocol version 7

Pan Bian (1):
      netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel

Qian Cai (1):
      netfilter: ipset: replace a strncpy() with strscpy()

Stefano Brivio (2):
      netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
      netfilter: ipset: Make invalid MAC address checks consistent

 include/linux/netfilter/ipset/ip_set.h      |   2 +-
 include/uapi/linux/netfilter/ipset/ip_set.h |  19 ++--
 net/netfilter/ipset/ip_set_bitmap_ipmac.c   |  13 ++-
 net/netfilter/ipset/ip_set_core.c           | 170 ++++++++++++++++++++++++----
 net/netfilter/ipset/ip_set_hash_ipmac.c     |  27 ++---
 net/netfilter/ipset/ip_set_hash_mac.c       |  10 +-
 net/netfilter/ipset/ip_set_list_set.c       |   2 +-
 7 files changed, 192 insertions(+), 51 deletions(-)