mbox

[net,0/2] Netfilter fixes for net

Message ID 20210209213511.23298-1-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show

Pull-request

git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

Message

Pablo Neira Ayuso Feb. 9, 2021, 9:35 p.m. UTC 
Hi,

The following patchset contains Netfilter fixes for net:

1) nf_conntrack_tuple_taken() needs to recheck zone for
   NAT clash resolution, from Florian Westphal.

2) Restore support for stateful expressions when set definition
   specifies no stateful expressions.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks!

----------------------------------------------------------------

The following changes since commit ce7536bc7398e2ae552d2fabb7e0e371a9f1fe46:

  vsock/virtio: update credit only if socket is not closed (2021-02-08 13:27:46 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 664899e85c1312e51d2761e7f8b2f25d053e8489:

  netfilter: nftables: relax check for stateful expressions in set definition (2021-02-09 00:50:14 +0100)

----------------------------------------------------------------
Florian Westphal (1):
      netfilter: conntrack: skip identical origin tuple in same zone only

Pablo Neira Ayuso (1):
      netfilter: nftables: relax check for stateful expressions in set definition

 net/netfilter/nf_conntrack_core.c |  3 ++-
 net/netfilter/nf_tables_api.c     | 28 +++++++++++++++-------------
 2 files changed, 17 insertions(+), 14 deletions(-)