Hi,
The following patchset contains Netfilter fixes for net:
1) Missing netlink attribute sanity check for NFTA_OSF_DREG,
from Florian Westphal.
2) Use bitmap infrastructure in ipset to fix KASAN slab-out-of-bounds
reads, from Jozsef Kadlecsik.
3) Missing initial CLOSED state in new sctp connection through
ctnetlink events, from Jiri Wiesner.
4) Missing check for NFT_CHAIN_HW_OFFLOAD in nf_tables offload
indirect block infrastructure, from wenxu.
5) Add __nft_chain_type_get() to sanity check family and chain type.
6) Autoload modules from the nf_tables abort path to fix races
reported by syzbot.
7) Remove unnecessary skb->csum update on inet_proto_csum_replace16(),
from Praveen Chaudhary.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thank you.
----------------------------------------------------------------
The following changes since commit e02d9c4c68dc0ca08ded9487720bba775c09669b:
Merge branch 'bnxt_en-fixes' (2020-01-18 14:38:30 +0100)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 189c9b1e94539b11c80636bc13e9cf47529e7bba:
net: Fix skb->csum update in inet_proto_csum_replace16(). (2020-01-24 20:54:30 +0100)
----------------------------------------------------------------
Florian Westphal (1):
netfilter: nft_osf: add missing check for DREG attribute
Jiri Wiesner (1):
netfilter: conntrack: sctp: use distinct states for new SCTP connections
Kadlecsik József (1):
netfilter: ipset: use bitmap infrastructure completely
Pablo Neira Ayuso (2):
netfilter: nf_tables: add __nft_chain_type_get()
netfilter: nf_tables: autoload modules from the abort path
Praveen Chaudhary (1):
net: Fix skb->csum update in inet_proto_csum_replace16().
wenxu (1):
netfilter: nf_tables_offload: fix check the chain offload flag
include/linux/netfilter/ipset/ip_set.h | 7 --
include/linux/netfilter/nfnetlink.h | 2 +-
include/net/netns/nftables.h | 1 +
net/core/utils.c | 20 +++-
net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +-
net/netfilter/ipset/ip_set_bitmap_ip.c | 6 +-
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 6 +-
net/netfilter/ipset/ip_set_bitmap_port.c | 6 +-
net/netfilter/nf_conntrack_proto_sctp.c | 6 +-
net/netfilter/nf_tables_api.c | 155 +++++++++++++++++++++---------
net/netfilter/nf_tables_offload.c | 2 +-
net/netfilter/nfnetlink.c | 6 +-
net/netfilter/nft_osf.c | 3 +
13 files changed, 146 insertions(+), 76 deletions(-)
