Hi,
1) Missing proper sanitization for nft_set_desc_concat_parse().
2) Missing mutex in nf_tables pre_exit path.
3) Possible double hook unregistration from clean_net path.
4) Missing FLOWI_FLAG_ANYSRC flag in flowtable route lookup.
Fix incorrect source and destination address in case of NAT.
Patch from wenxu.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 09e545f7381459c015b6fa0cd0ac6f010ef8cc25:
xen/netback: fix incorrect usage of RING_HAS_UNCONSUMED_REQUESTS() (2022-05-31 12:22:22 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to 97629b237a8cb7ac655c3969b8d5e57300ff6598:
netfilter: flowtable: fix nft_flow_route source address for nat case (2022-05-31 23:32:53 +0200)
----------------------------------------------------------------
Pablo Neira Ayuso (3):
netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
netfilter: nf_tables: hold mutex on netns pre_exit path
netfilter: nf_tables: double hook unregistration in netns path
wenxu (2):
netfilter: flowtable: fix missing FLOWI_FLAG_ANYSRC flag
netfilter: flowtable: fix nft_flow_route source address for nat case
net/netfilter/nf_tables_api.c | 75 +++++++++++++++++++++++++++++++---------
net/netfilter/nft_flow_offload.c | 6 ++--
2 files changed, 62 insertions(+), 19 deletions(-)
