Hi,
The following patchset contains Netfilter fixes for net:
1) Refcount leak in ipt_CLUSTERIP rule loading path, from Xin Xiong.
2) Use socat in netfilter selftests, from Hangbin Liu.
3) Skip layer checksum 4 update for IP fragments.
4) Missing allocation of pcpu scratch maps on clone in
nft_set_pipapo, from Florian Westphal.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 1d5a474240407c38ca8c7484a656ee39f585399c:
sfc: The RX page_ring is optional (2022-01-04 18:14:21 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 23c54263efd7cb605e2f7af72717a2a951999217:
netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (2022-01-06 10:43:24 +0100)
----------------------------------------------------------------
Florian Westphal (1):
netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
Hangbin Liu (1):
selftests: netfilter: switch to socat for tests using -q option
Pablo Neira Ayuso (1):
netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
Xin Xiong (1):
netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
net/ipv4/netfilter/ipt_CLUSTERIP.c | 5 ++++-
net/netfilter/nft_payload.c | 3 +++
net/netfilter/nft_set_pipapo.c | 8 ++++++++
tools/testing/selftests/netfilter/ipip-conntrack-mtu.sh | 9 +++++----
tools/testing/selftests/netfilter/nf_nat_edemux.sh | 10 +++++-----
5 files changed, 25 insertions(+), 10 deletions(-)
