[PATCH 0/7] Netfilter fixes for net

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Thu, 22 Oct 2020 19:29:18 +0200

Hi Jakub,

The following patchset contains Netfilter fixes for net:

1) Update debugging in IPVS tcp protocol handler to make it easier
   to understand, from longguang.yue

2) Update TCP tracker to deal with keepalive packet after
   re-registration, from Franceso Ruggeri.

3) Missing IP6SKB_FRAGMENTED from netfilter fragment reassembly,
   from Georg Kohmann.

4) Fix bogus packet drop in ebtables nat extensions, from
   Thimothee Cocault.

5) Fix typo in flowtable documentation.

6) Reset skb timestamp in nft_fwd_netdev.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks.

----------------------------------------------------------------

The following changes since commit df6afe2f7c19349de2ee560dc62ea4d9ad3ff889:

  nexthop: Fix performance regression in nexthop deletion (2020-10-19 20:07:15 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to c77761c8a59405cb7aa44188b30fffe13fbdd02d:

  netfilter: nf_fwd_netdev: clear timestamp in forwarding path (2020-10-22 14:49:36 +0200)

----------------------------------------------------------------
Francesco Ruggeri (1):
      netfilter: conntrack: connection timeout after re-register

Georg Kohmann (1):
      netfilter: Drop fragmented ndisc packets assembled in netfilter

Jeremy Sowden (1):
      docs: nf_flowtable: fix typo.

Pablo Neira Ayuso (1):
      netfilter: nf_fwd_netdev: clear timestamp in forwarding path

Saeed Mirzamohammadi (1):
      netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create

Timothée COCAULT (1):
      netfilter: ebtables: Fixes dropping of small packets in bridge nat

longguang.yue (1):
      ipvs: adjust the debug info in function set_tcp_state

 Documentation/networking/nf_flowtable.rst |  2 +-
 include/net/netfilter/nf_tables.h         |  6 ++++++
 net/bridge/netfilter/ebt_dnat.c           |  2 +-
 net/bridge/netfilter/ebt_redirect.c       |  2 +-
 net/bridge/netfilter/ebt_snat.c           |  2 +-
 net/ipv6/netfilter/nf_conntrack_reasm.c   |  1 +
 net/netfilter/ipvs/ip_vs_proto_tcp.c      | 10 ++++++----
 net/netfilter/nf_conntrack_proto_tcp.c    | 19 +++++++++++++------
 net/netfilter/nf_dup_netdev.c             |  1 +
 net/netfilter/nf_tables_api.c             |  6 +++---
 net/netfilter/nf_tables_offload.c         |  4 ++--
 net/netfilter/nft_fwd_netdev.c            |  1 +
 12 files changed, 37 insertions(+), 19 deletions(-)