Hi,
The following patchset contains Netfilter fixes for net:
1) Unbreak br_netfilter physdev match support, from Florian Westphal.
2) Use GFP_KERNEL_ACCOUNT for stateful/policy objects, from Chen Aotian.
3) Use IS_ENABLED() in nf_reset_trace(), from Florian Westphal.
4) Fix validation of catch-all set element.
5) Tighten requirements for catch-all set elements.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 24e3fce00c0b557491ff596c0682a29dee6fe848:
net: stmmac: Add queue reset into stmmac_xdp_open() function (2023-04-05 19:02:56 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to d4eb7e39929a3b1ff30fb751b4859fc2410702a0:
netfilter: nf_tables: tighten netlink attribute requirements for catch-all elements (2023-04-18 09:30:21 +0200)
----------------------------------------------------------------
Chen Aotian (1):
netfilter: nf_tables: Modify nla_memdup's flag to GFP_KERNEL_ACCOUNT
Florian Westphal (2):
netfilter: br_netfilter: fix recent physdev match breakage
netfilter: nf_tables: fix ifdef to also consider nf_tables=m
Pablo Neira Ayuso (2):
netfilter: nf_tables: validate catch-all set elements
netfilter: nf_tables: tighten netlink attribute requirements for catch-all elements
include/linux/skbuff.h | 5 +--
include/net/netfilter/nf_tables.h | 4 +++
net/bridge/br_netfilter_hooks.c | 17 ++++++----
net/netfilter/nf_tables_api.c | 69 ++++++++++++++++++++++++++++++++++-----
net/netfilter/nft_lookup.c | 36 +++-----------------
5 files changed, 83 insertions(+), 48 deletions(-)
