Hi,
The following patchset contains Netfilter fixes for net:
1) Fix incorrect documentation in uapi/linux/netfilter/nf_tables.h
regarding flowtable hooks, from Phil Sutter.
2) Fix nft_audit.sh selftests with newer nft binaries, due to different
(valid) audit output, also from Phil.
3) Disable BH when duplicating packets via nf_dup infrastructure,
otherwise race on nf_skb_duplicated for locally generated traffic.
From Eric.
4) Missing return in callback of selftest C program, from zhang jiao.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-10-02
Thanks.
----------------------------------------------------------------
The following changes since commit aef3a58b06fa9d452ba863999ac34be1d0c65172:
Merge tag 'nf-24-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf (2024-09-26 15:47:11 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-10-02
for you to fetch changes up to 10dbd23633f0433f8d13c2803d687b36a675ef60:
selftests: netfilter: Add missing return value (2024-09-27 13:59:12 +0200)
----------------------------------------------------------------
netfilter pull request 24-10-02
----------------------------------------------------------------
Eric Dumazet (1):
netfilter: nf_tables: prevent nf_skb_duplicated corruption
Phil Sutter (2):
netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED
selftests: netfilter: Fix nft_audit.sh for newer nft binaries
zhang jiao (1):
selftests: netfilter: Add missing return value
include/uapi/linux/netfilter/nf_tables.h | 2 +-
net/ipv4/netfilter/nf_dup_ipv4.c | 7 ++-
net/ipv6/netfilter/nf_dup_ipv6.c | 7 ++-
.../selftests/net/netfilter/conntrack_dump_flush.c | 1 +
tools/testing/selftests/net/netfilter/nft_audit.sh | 57 +++++++++++-----------
5 files changed, 41 insertions(+), 33 deletions(-)
