| Message ID | 20191106111237.3183-1-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
From: Pablo Neira Ayuso <pablo@netfilter.org> Date: Wed, 6 Nov 2019 12:12:28 +0100 > The following patchset contains Netfilter fixes for net: > > 1) Missing register size validation in bitwise and cmp offloads. > > 2) Fix error code in ip_set_sockfn_get() when copy_to_user() fails, > from Dan Carpenter. > > 3) Oneliner to copy MAC address in IPv6 hash:ip,mac sets, from > Stefano Brivio. > > 4) Missing policy validation in ipset with NL_VALIDATE_STRICT, > from Jozsef Kadlecsik. > > 5) Fix unaligned access to private data area of nf_tables instructions, > from Lukas Wunner. > > 6) Relax check for object updates, reported as a regression by > Eric Garver, patch from Fernando Fernandez Mancera. > > 7) Crash on ebtables dnat extension when used from the output path. > From Florian Westphal. > > 8) Fix bogus EOPNOTSUPP when updating basechain flags. > > 9) Fix bogus EBUSY when updating a basechain that is already offloaded. > > You can pull these changes from: > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git Pulled, thanks Pablo.
Hi David, The following patchset contains Netfilter fixes for net: 1) Missing register size validation in bitwise and cmp offloads. 2) Fix error code in ip_set_sockfn_get() when copy_to_user() fails, from Dan Carpenter. 3) Oneliner to copy MAC address in IPv6 hash:ip,mac sets, from Stefano Brivio. 4) Missing policy validation in ipset with NL_VALIDATE_STRICT, from Jozsef Kadlecsik. 5) Fix unaligned access to private data area of nf_tables instructions, from Lukas Wunner. 6) Relax check for object updates, reported as a regression by Eric Garver, patch from Fernando Fernandez Mancera. 7) Crash on ebtables dnat extension when used from the output path. From Florian Westphal. 8) Fix bogus EOPNOTSUPP when updating basechain flags. 9) Fix bogus EBUSY when updating a basechain that is already offloaded. You can pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git Thanks. ---------------------------------------------------------------- The following changes since commit 1204c70d9dcba31164f78ad5d8c88c42335d51f8: Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2019-11-01 17:48:11 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD for you to fetch changes up to 774e4d34dbebc9dc441535c4712794d336a9478c: Merge branch 'master' of git://blackhole.kfki.hu/nf (2019-11-04 20:59:00 +0100) ---------------------------------------------------------------- Dan Carpenter (1): netfilter: ipset: Fix an error code in ip_set_sockfn_get() Fernando Fernandez Mancera (1): netfilter: nf_tables: fix unexpected EOPNOTSUPP error Florian Westphal (1): bridge: ebtables: don't crash when using dnat target in output chains Jozsef Kadlecsik (1): netfilter: ipset: Fix nla_policies to fully support NL_VALIDATE_STRICT Lukas Wunner (1): netfilter: nf_tables: Align nft_expr private data to 64-bit Pablo Neira Ayuso (4): netfilter: nf_tables_offload: check for register data length mismatches netfilter: nf_tables: bogus EOPNOTSUPP on basechain update netfilter: nf_tables_offload: skip EBUSY on chain update Merge branch 'master' of git://blackhole.kfki.hu/nf Stefano Brivio (1): netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets include/net/netfilter/nf_tables.h | 3 +- net/bridge/netfilter/ebt_dnat.c | 19 ++++++++++--- net/netfilter/ipset/ip_set_core.c | 49 +++++++++++++++++++++----------- net/netfilter/ipset/ip_set_hash_ipmac.c | 2 +- net/netfilter/ipset/ip_set_hash_net.c | 1 + net/netfilter/ipset/ip_set_hash_netnet.c | 1 + net/netfilter/nf_tables_api.c | 7 ++--- net/netfilter/nf_tables_offload.c | 3 +- net/netfilter/nft_bitwise.c | 5 ++-- net/netfilter/nft_cmp.c | 2 +- 10 files changed, 62 insertions(+), 30 deletions(-)