Please, scratch this. My robot resent an old pull request that was stale on my submission folder. Sorry for the noise. On Tue, Feb 02, 2021 at 04:21:52PM +0100, Pablo Neira Ayuso wrote: > Hi, > > The following patchset contains Netfilter fixes for net: > > 1) Honor stateful expressions defined in the set from the dynset > extension. The set definition provides a stateful expression > that must be used by the dynset expression in case it is specified. > > 2) Missing timeout extension in the set element in the dynset > extension leads to inconsistent ruleset listing, not allowing > the user to restore timeout and expiration on ruleset reload. > > 3) Do not dump the stateful expression from the dynset extension > if it coming from the set definition. > > Please, pull these changes from: > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git > > Thanks! > > ---------------------------------------------------------------- > > The following changes since commit c8a8ead01736419a14c3106e1f26a79d74fc84c7: > > Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf (2021-01-12 20:25:29 -0800) > > are available in the Git repository at: > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD > > for you to fetch changes up to ce5379963b2884e9d23bea0c5674a7251414c84b: > > netfilter: nft_dynset: dump expressions when set definition contains no expressions (2021-01-16 19:54:42 +0100) > > ---------------------------------------------------------------- > Pablo Neira Ayuso (3): > netfilter: nft_dynset: honor stateful expressions in set definition > netfilter: nft_dynset: add timeout extension to template > netfilter: nft_dynset: dump expressions when set definition contains no expressions > > include/net/netfilter/nf_tables.h | 2 ++ > net/netfilter/nf_tables_api.c | 5 ++--- > net/netfilter/nft_dynset.c | 41 +++++++++++++++++++++++++-------------- > 3 files changed, 30 insertions(+), 18 deletions(-)
