Hi,
The following patchset contains Netfilter fixes for net:
1) Add missing netfilter modules description to fix W=1, from Florian Westphal.
2) Fix catch-all element GC with timeout when use with the pipapo set
backend, this remained broken since I tried to fix it this summer,
then another attempt to fix it recently.
3) Add missing IPVS modules descriptions to fix W=1, also from Florian.
4) xt_recent allocated a too small buffer to store an IPv4-mapped IPv6
address which can be parsed by in6_pton(), from Maciej Zenczykowski.
Broken for many releases.
5) Skip IPv4-mapped IPv6, IPv4-compat IPv6, site/link local scoped IPv6
addressses to set up IPv6 NAT redirect, also from Florian. This is
broken since 2012.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-23-11-08
Thanks.
----------------------------------------------------------------
The following changes since commit d93f9528573e1d419b69ca5ff4130201d05f6b90:
nfsd: regenerate user space parsers after ynl-gen changes (2023-11-06 09:03:46 +0000)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-11-08
for you to fetch changes up to 80abbe8a8263106fe45a4f293b92b5c74cc9cc8a:
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (2023-11-08 16:40:30 +0100)
----------------------------------------------------------------
netfilter pull request 23-11-08
----------------------------------------------------------------
Florian Westphal (3):
netfilter: add missing module descriptions
ipvs: add missing module descriptions
netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
Maciej Żenczykowski (1):
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
Pablo Neira Ayuso (1):
netfilter: nf_tables: remove catchall element in GC sync path
net/bridge/netfilter/ebtable_broute.c | 1 +
net/bridge/netfilter/ebtable_filter.c | 1 +
net/bridge/netfilter/ebtable_nat.c | 1 +
net/bridge/netfilter/ebtables.c | 1 +
net/bridge/netfilter/nf_conntrack_bridge.c | 1 +
net/ipv4/netfilter/iptable_nat.c | 1 +
net/ipv4/netfilter/iptable_raw.c | 1 +
net/ipv4/netfilter/nf_defrag_ipv4.c | 1 +
net/ipv4/netfilter/nf_reject_ipv4.c | 1 +
net/ipv6/netfilter/ip6table_nat.c | 1 +
net/ipv6/netfilter/ip6table_raw.c | 1 +
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 1 +
net/ipv6/netfilter/nf_reject_ipv6.c | 1 +
net/netfilter/ipvs/ip_vs_core.c | 1 +
net/netfilter/ipvs/ip_vs_dh.c | 1 +
net/netfilter/ipvs/ip_vs_fo.c | 1 +
net/netfilter/ipvs/ip_vs_ftp.c | 1 +
net/netfilter/ipvs/ip_vs_lblc.c | 1 +
net/netfilter/ipvs/ip_vs_lblcr.c | 1 +
net/netfilter/ipvs/ip_vs_lc.c | 1 +
net/netfilter/ipvs/ip_vs_nq.c | 1 +
net/netfilter/ipvs/ip_vs_ovf.c | 1 +
net/netfilter/ipvs/ip_vs_pe_sip.c | 1 +
net/netfilter/ipvs/ip_vs_rr.c | 1 +
net/netfilter/ipvs/ip_vs_sed.c | 1 +
net/netfilter/ipvs/ip_vs_sh.c | 1 +
net/netfilter/ipvs/ip_vs_twos.c | 1 +
net/netfilter/ipvs/ip_vs_wlc.c | 1 +
net/netfilter/ipvs/ip_vs_wrr.c | 1 +
net/netfilter/nf_conntrack_broadcast.c | 1 +
net/netfilter/nf_conntrack_netlink.c | 1 +
net/netfilter/nf_conntrack_proto.c | 1 +
net/netfilter/nf_nat_core.c | 1 +
net/netfilter/nf_nat_redirect.c | 27 ++++++++++++++++++++++++++-
net/netfilter/nf_tables_api.c | 23 ++++++++++++++++++-----
net/netfilter/nfnetlink_osf.c | 1 +
net/netfilter/nft_chain_nat.c | 1 +
net/netfilter/nft_fib.c | 1 +
net/netfilter/nft_fwd_netdev.c | 1 +
net/netfilter/xt_recent.c | 2 +-
40 files changed, 82 insertions(+), 7 deletions(-)
