Patch 1/2 fixes false positive cases resulting from a flawed assumption highlighted by https://bugzilla.netfilter.org/show_bug.cgi?id=1449 and is addressed for stable (5.6.x). Patch 2/2 fixes a false negative case I noticed while skipping different interval overlap checks in nft. Stefano Brivio (2): nft_set_rbtree: Handle outcomes of tree rotations in overlap detection nft_set_rbtree: Detect partial overlap with start endpoint match net/netfilter/nft_set_rbtree.c | 57 ++++++++++++++++++++++++++++------ 1 file changed, 47 insertions(+), 10 deletions(-) -- 2.28.0
