Hi,
The following patchset contains Netfilter fixes for net:
1) Add NFT_CHAIN_POLICY_UNSET to replace hardcoded -1 to
specify that the chain policy is unset. The chain policy
field is actually defined as an 8-bit unsigned integer.
2) Remove always true condition reported by smatch in
chain policy check.
3) Fix element lookup on dynamic sets, from Florian Westphal.
4) Use __u8 in ebtables uapi header, from Masahiro Yamada.
5) Bogus EBUSY when removing flowtable after chain flush,
from Laura Garcia Liebana.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 864668bfc374dfbf4851ec828b9049e08f9057b1:
selftests: Add test cases for `ip nexthop flush proto XX` (2019-09-19 18:35:55 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 9b05b6e11d5e93a3a517cadc12b9836e0470c255:
netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (2019-09-25 11:01:19 +0200)
----------------------------------------------------------------
Florian Westphal (1):
netfilter: nf_tables: allow lookups in dynamic sets
Laura Garcia Liebana (1):
netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush
Masahiro Yamada (1):
netfilter: ebtables: use __u8 instead of uint8_t in uapi header
Pablo Neira Ayuso (2):
netfilter: nf_tables: add NFT_CHAIN_POLICY_UNSET and use it
netfilter: nf_tables_offload: fix always true policy is unset check
include/net/netfilter/nf_tables.h | 6 ++++++
include/uapi/linux/netfilter_bridge/ebtables.h | 6 +++---
net/netfilter/nf_tables_api.c | 25 ++++++++++++++++++++++---
net/netfilter/nf_tables_offload.c | 2 +-
net/netfilter/nft_flow_offload.c | 19 +++++++++++++++++++
net/netfilter/nft_lookup.c | 3 ---
usr/include/Makefile | 1 -
7 files changed, 51 insertions(+), 11 deletions(-)
