[PATCH -stable,5.15.x 0/5] Netfilter fixes for -stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Greg, Sasha,

This batch contains a backport for recent fixes already upstream for 5.15.x.

The following list shows the backported patches, I am using original commit
IDs for reference:

1) b53c11664250 ("netfilter: nf_tables: set element extended ACK reporting support")

   This improves error reporting when adding more than one single element to set,
   it is not specifically fixing up a crash.

2) 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout")

3) 3c13725f43dc ("netfilter: nf_tables: bail out if stateful expression provides no .clone")

4) fa23e0d4b756 ("netfilter: nf_tables: allow clone callbacks to sleep")

5) cff3bd012a95 ("netfilter: nf_tables: prefer nft_chain_validate")

Please, apply,
Thanks

Florian Westphal (2):
  netfilter: nf_tables: allow clone callbacks to sleep
  netfilter: nf_tables: prefer nft_chain_validate

Pablo Neira Ayuso (3):
  netfilter: nf_tables: set element extended ACK reporting support
  netfilter: nf_tables: use timestamp to check for set element timeout
  netfilter: nf_tables: bail out if stateful expression provides no .clone

 include/net/netfilter/nf_tables.h |  20 +++-
 net/netfilter/nf_tables_api.c     | 188 ++++++------------------------
 net/netfilter/nft_connlimit.c     |   4 +-
 net/netfilter/nft_counter.c       |   4 +-
 net/netfilter/nft_dynset.c        |   2 +-
 net/netfilter/nft_last.c          |   4 +-
 net/netfilter/nft_limit.c         |  14 ++-
 net/netfilter/nft_quota.c         |   4 +-
 net/netfilter/nft_set_hash.c      |   8 +-
 net/netfilter/nft_set_pipapo.c    |  18 +--
 net/netfilter/nft_set_rbtree.c    |   6 +-
 11 files changed, 90 insertions(+), 182 deletions(-)

--
2.30.2





[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux