Hi,
The following patchset contains Netfilter fixes for net:
1) Fix UAF when releasing netnamespace, from Florian Westphal.
2) Fix possible BUG_ON when nf_conntrack is enabled with enable_hooks,
from Florian Westphal.
3) Fixes for nft_flowtable.sh selftest, from Boris Sukholitko.
4) Extend nft_flowtable.sh selftest to cover integration with
ingress/egress hooks, from Florian Westphal.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-23-05-10
Thanks.
----------------------------------------------------------------
The following changes since commit 582dbb2cc1a0a7427840f5b1e3c65608e511b061:
net: phy: bcm7xx: Correct read from expansion register (2023-05-09 20:25:52 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-05-10
for you to fetch changes up to 3acf8f6c14d0e42b889738d63b6d9cb63348fc94:
selftests: nft_flowtable.sh: check ingress/egress chain too (2023-05-10 09:31:07 +0200)
----------------------------------------------------------------
netfilter pull request 23-05-10
----------------------------------------------------------------
Boris Sukholitko (4):
selftests: nft_flowtable.sh: use /proc for pid checking
selftests: nft_flowtable.sh: no need for ps -x option
selftests: nft_flowtable.sh: wait for specific nc pids
selftests: nft_flowtable.sh: monitor result file sizes
Florian Westphal (3):
netfilter: nf_tables: always release netdev hooks from notifier
netfilter: conntrack: fix possible bug_on with enable_hooks=1
selftests: nft_flowtable.sh: check ingress/egress chain too
net/netfilter/core.c | 6 +-
net/netfilter/nf_conntrack_standalone.c | 3 +-
net/netfilter/nft_chain_filter.c | 9 +-
tools/testing/selftests/netfilter/nft_flowtable.sh | 145 ++++++++++++++++++++-
4 files changed, 151 insertions(+), 12 deletions(-)
