mbox

[0/5] ipset patches for nf

Message ID 1540656343-822-1-git-send-email-kadlec@blackhole.kfki.hu
State Accepted
Delegated to: Pablo Neira
Headers show

Pull-request

git://blackhole.kfki.hu/nf ccf966c9418db9

Message

Jozsef Kadlecsik Oct. 27, 2018, 4:05 p.m. UTC 
Hi Pablo,

Please pull the next patches for the nf tree:

- Decrease refcount synchronously on deletion and replace by
  Stefano Brivio, which fixes the reference counter shown in
  userspace.
- Allow CIDR 0 in hash:net,port,net, which is documented but
  was unnecessarily disabled, from Eric Westbrook.
- Fix allocation failure when memory is fragmented, from Andrey Ryabinin.
- Correct rcu_dereference() call in ip_set_put_comment().
- Also, correct ip_set() macro calling at dumping with respect of held
  mutex or lock.

Best regards,
Jozsef

The following changes since commit a3fb3698cadf27dc142b24394c401625e14d80d0:

  netfilter: nf_flow_table: do not remove offload when other netns's interface is down (2018-10-19 13:30:48 +0200)

are available in the git repository at:

  git://blackhole.kfki.hu/nf ccf966c9418db9

for you to fetch changes up to ccf966c9418db93579b7fec4e1e7cfdd3a57a05c:

  netfilter: ipset: Fix calling ip_set() macro at dumping (2018-10-22 23:33:57 +0200)

----------------------------------------------------------------
Andrey Ryabinin (1):
      netfilter: ipset: fix ip_set_list allocation failure

Eric Westbrook (1):
      netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net

Jozsef Kadlecsik (2):
      netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
      netfilter: ipset: Fix calling ip_set() macro at dumping

Stefano Brivio (1):
      netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace

 include/linux/netfilter/ipset/ip_set.h         |  2 +-
 include/linux/netfilter/ipset/ip_set_comment.h |  4 +-
 net/netfilter/ipset/ip_set_core.c              | 54 ++++++++++++++++----------
 net/netfilter/ipset/ip_set_hash_netportnet.c   |  8 ++--
 net/netfilter/ipset/ip_set_list_set.c          | 17 +++++---
 5 files changed, 52 insertions(+), 33 deletions(-)

Comments

Pablo Neira Ayuso Oct. 29, 2018, 9:20 p.m. UTC | #1 
On Sat, Oct 27, 2018 at 06:05:38PM +0200, Jozsef Kadlecsik wrote:
> Hi Pablo,
> 
> Please pull the next patches for the nf tree:
> 
> - Decrease refcount synchronously on deletion and replace by
>   Stefano Brivio, which fixes the reference counter shown in
>   userspace.
> - Allow CIDR 0 in hash:net,port,net, which is documented but
>   was unnecessarily disabled, from Eric Westbrook.
> - Fix allocation failure when memory is fragmented, from Andrey Ryabinin.
> - Correct rcu_dereference() call in ip_set_put_comment().
> - Also, correct ip_set() macro calling at dumping with respect of held
>   mutex or lock.

Pulled, thanks Jozsef!