| Message ID | 20210202152156.25979-1-pablo@netfilter.org |
|---|---|
| State | Not Applicable |
| Delegated to: | Pablo Neira |
| Headers | show |
Please, scratch this. My robot resent an old pull request that was stale on my submission folder. Sorry for the noise. On Tue, Feb 02, 2021 at 04:21:52PM +0100, Pablo Neira Ayuso wrote: > Hi, > > The following patchset contains Netfilter fixes for net: > > 1) Honor stateful expressions defined in the set from the dynset > extension. The set definition provides a stateful expression > that must be used by the dynset expression in case it is specified. > > 2) Missing timeout extension in the set element in the dynset > extension leads to inconsistent ruleset listing, not allowing > the user to restore timeout and expiration on ruleset reload. > > 3) Do not dump the stateful expression from the dynset extension > if it coming from the set definition. > > Please, pull these changes from: > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git > > Thanks! > > ---------------------------------------------------------------- > > The following changes since commit c8a8ead01736419a14c3106e1f26a79d74fc84c7: > > Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf (2021-01-12 20:25:29 -0800) > > are available in the Git repository at: > > git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD > > for you to fetch changes up to ce5379963b2884e9d23bea0c5674a7251414c84b: > > netfilter: nft_dynset: dump expressions when set definition contains no expressions (2021-01-16 19:54:42 +0100) > > ---------------------------------------------------------------- > Pablo Neira Ayuso (3): > netfilter: nft_dynset: honor stateful expressions in set definition > netfilter: nft_dynset: add timeout extension to template > netfilter: nft_dynset: dump expressions when set definition contains no expressions > > include/net/netfilter/nf_tables.h | 2 ++ > net/netfilter/nf_tables_api.c | 5 ++--- > net/netfilter/nft_dynset.c | 41 +++++++++++++++++++++++++-------------- > 3 files changed, 30 insertions(+), 18 deletions(-)
Hi, The following patchset contains Netfilter fixes for net: 1) Honor stateful expressions defined in the set from the dynset extension. The set definition provides a stateful expression that must be used by the dynset expression in case it is specified. 2) Missing timeout extension in the set element in the dynset extension leads to inconsistent ruleset listing, not allowing the user to restore timeout and expiration on ruleset reload. 3) Do not dump the stateful expression from the dynset extension if it coming from the set definition. Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git Thanks! ---------------------------------------------------------------- The following changes since commit c8a8ead01736419a14c3106e1f26a79d74fc84c7: Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf (2021-01-12 20:25:29 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD for you to fetch changes up to ce5379963b2884e9d23bea0c5674a7251414c84b: netfilter: nft_dynset: dump expressions when set definition contains no expressions (2021-01-16 19:54:42 +0100) ---------------------------------------------------------------- Pablo Neira Ayuso (3): netfilter: nft_dynset: honor stateful expressions in set definition netfilter: nft_dynset: add timeout extension to template netfilter: nft_dynset: dump expressions when set definition contains no expressions include/net/netfilter/nf_tables.h | 2 ++ net/netfilter/nf_tables_api.c | 5 ++--- net/netfilter/nft_dynset.c | 41 +++++++++++++++++++++++++-------------- 3 files changed, 30 insertions(+), 18 deletions(-)