Hi, The following patch contains another round of Netfilter fixes for net: 1) Fix regression in ipset hash:ip with IPv4 range, from Vishwanath Pai. This is fixing up a bug introduced in the 6.0 release. 2) The "netfilter: ipset: enforce documented limit to prevent allocating huge memory" patch contained a wrong condition which makes impossible to add up to 64 clashing elements to a hash:net,iface type of set while it is the documented feature of the set type. The patch fixes the condition and thus makes possible to add the elements while keeps preventing allocating huge memory, from Jozsef Kadlecsik. This has been broken for several releases. 3) Missing locking when updating the flow block list which might lead a reader to crash. This has been broken since the introduction of the flowtable hardware offload support. Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git Thanks. ---------------------------------------------------------------- The following changes since commit badbda1a01860c80c6ab60f329ef46c713653a27: octeontx2-af: cn10k: mcs: Fix copy and paste bug in mcs_bbe_intr_handler() (2022-11-21 13:04:28 +0000) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD for you to fetch changes up to bcd9e3c1656d0f7dd9743598c65c3ae24efb38d0: netfilter: flowtable_offload: add missing locking (2022-11-22 22:17:12 +0100) ---------------------------------------------------------------- Felix Fietkau (1): netfilter: flowtable_offload: add missing locking Jozsef Kadlecsik (1): netfilter: ipset: restore allowing 64 clashing elements in hash:net,iface Vishwanath Pai (1): netfilter: ipset: regression in ip_set_hash_ip.c net/netfilter/ipset/ip_set_hash_gen.h | 2 +- net/netfilter/ipset/ip_set_hash_ip.c | 8 +++----- net/netfilter/nf_flow_table_offload.c | 4 ++++ 3 files changed, 8 insertions(+), 6 deletions(-)