From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/7] Netfilter/IPVS fixes for net
Date: Mon, 28 Jan 2019 15:03:58 +0100 [thread overview]
Message-ID: <20190128140405.15020-1-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter/IPVS fixes for your net tree:
1) The nftnl mutex is now per-netns, therefore use reference counter
for matches and targets to deal with concurrent updates from netns.
Moreover, place extensions in a pernet list. Patches from Florian Westphal.
2) Bail out with EINVAL in case of negative timeouts via setsockopt()
through ip_vs_set_timeout(), from ZhangXiaoxu.
3) Spurious EINVAL on ebtables 32bit binary with 64bit kernel, also
from Florian.
4) Reset TCP option header parser in case of fingerprint mismatch,
otherwise follow up overlapping fingerprint definitions including
TCP options do not work, from Fernando Fernandez Mancera.
5) Compilation warning in ipt_CLUSTER with CONFIG_PROC_FS unset.
From Anders Roxell.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 88a8121dc1d3d0dbddd411b79ed236b6b6ea415c:
af_packet: fix raw sockets over 6in4 tunnel (2019-01-17 15:54:45 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 206b8cc514d7ff2b79dd2d5ad939adc7c493f07a:
netfilter: ipt_CLUSTERIP: fix warning unused variable cn (2019-01-28 11:09:12 +0100)
----------------------------------------------------------------
Anders Roxell (1):
netfilter: ipt_CLUSTERIP: fix warning unused variable cn
Fernando Fernandez Mancera (1):
netfilter: nfnetlink_osf: add missing fmatch check
Florian Westphal (4):
netfilter: nft_compat: use refcnt_t type for nft_xt reference count
netfilter: nft_compat: make lists per netns
netfilter: nft_compat: destroy function must not have side effects
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
ZhangXiaoxu (1):
ipvs: Fix signed integer overflow when setsockopt timeout
net/bridge/netfilter/ebtables.c | 9 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
net/netfilter/ipvs/ip_vs_ctl.c | 12 +++
net/netfilter/nfnetlink_osf.c | 4 +
net/netfilter/nft_compat.c | 189 ++++++++++++++++++++++++++++---------
5 files changed, 165 insertions(+), 51 deletions(-)
next reply other threads:[~2019-01-28 14:03 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-28 14:03 Pablo Neira Ayuso [this message]
2019-01-28 14:03 ` [PATCH 1/7] netfilter: nft_compat: use refcnt_t type for nft_xt reference count Pablo Neira Ayuso
2019-01-28 14:04 ` [PATCH 2/7] netfilter: nft_compat: make lists per netns Pablo Neira Ayuso
2019-01-28 14:04 ` [PATCH 3/7] netfilter: nft_compat: destroy function must not have side effects Pablo Neira Ayuso
2019-01-28 14:04 ` [PATCH 4/7] ipvs: Fix signed integer overflow when setsockopt timeout Pablo Neira Ayuso
2019-01-28 14:04 ` [PATCH 5/7] netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present Pablo Neira Ayuso
2019-01-28 14:04 ` [PATCH 6/7] netfilter: nfnetlink_osf: add missing fmatch check Pablo Neira Ayuso
2019-01-28 14:04 ` [PATCH 7/7] netfilter: ipt_CLUSTERIP: fix warning unused variable cn Pablo Neira Ayuso
2019-01-28 18:52 ` [PATCH 0/7] Netfilter/IPVS fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2015-03-05 20:48 Pablo Neira Ayuso
2015-03-06 2:51 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190128140405.15020-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).