From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/14] Netfilter fixes for net
Date: Fri, 19 Jul 2019 18:45:03 +0200 [thread overview]
Message-ID: <20190719164517.29496-1-pablo@netfilter.org> (raw)
The following patchset contains Netfilter fixes for net:
1) Fix a deadlock when module is requested via netlink_bind()
in nfnetlink, from Florian Westphal.
2) Fix ipt_rpfilter and ip6t_rpfilter with VRF, from Miaohe Lin.
3) Skip master comparison in SIP helper to fix expectation clash
under two valid scenarios, from xiao ruizhu.
4) Remove obsolete comments in nf_conntrack codebase, from
Yonatan Goldschmidt.
5) Fix redirect extension module autoload, from Christian Hesse.
6) Fix incorrect mssg option sent to client in synproxy,
from Fernando Fernandez.
7) Fix incorrect window calculations in TCP conntrack, from
Florian Westphal.
8) Don't bail out when updating basechain policy due to recent
offload works, also from Florian.
9) Allow symhash to use modulus 1 as other hash extensions do,
from Laura.Garcia.
10) Missing NAT chain module autoload for the inet family,
from Phil Sutter.
11) Fix missing adjustment of TCP RST packet in synproxy,
from Fernando Fernandez.
12) Skip EAGAIN path when nft_meta_bridge is built-in or
not selected.
13) Conntrack bridge does not depend on nf_tables_bridge.
14) Turn NF_TABLES_BRIDGE into tristate to fix possible
link break of nft_meta_bridge, from Arnd Bergmann.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 76104862cccaeaa84fdd23e39f2610a96296291c:
sky2: Disable MSI on P5W DH Deluxe (2019-07-14 13:45:54 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to dfee0e99bcff718fa14d973c41f161220fdcb7d5:
netfilter: bridge: make NF_TABLES_BRIDGE tristate (2019-07-19 18:08:14 +0200)
----------------------------------------------------------------
Arnd Bergmann (1):
netfilter: bridge: make NF_TABLES_BRIDGE tristate
Christian Hesse (1):
netfilter: nf_tables: fix module autoload for redir
Fernando Fernandez Mancera (2):
netfilter: synproxy: fix erroneous tcp mss option
netfilter: synproxy: fix rst sequence number mismatch
Florian Westphal (3):
netfilter: nfnetlink: avoid deadlock due to synchronous request_module
netfilter: conntrack: always store window size un-scaled
netfilter: nf_tables: don't fail when updating base chain policy
Laura Garcia Liebana (1):
netfilter: nft_hash: fix symhash with modulus one
Miaohe Lin (1):
netfilter: Fix rpfilter dropping vrf packets by mistake
Pablo Neira Ayuso (2):
netfilter: nft_meta: skip EAGAIN if nft_meta_bridge is not a module
netfilter: bridge: NF_CONNTRACK_BRIDGE does not depend on NF_TABLES_BRIDGE
Phil Sutter (1):
netfilter: nf_tables: Support auto-loading for inet nat
Yonatan Goldschmidt (1):
netfilter: Update obsolete comments referring to ip_conntrack
xiao ruizhu (1):
netfilter: nf_conntrack_sip: fix expectation clash
include/linux/netfilter/nf_conntrack_h323_asn1.h | 3 +--
include/net/netfilter/nf_conntrack_expect.h | 12 ++++++++---
include/net/netfilter/nf_conntrack_synproxy.h | 1 +
net/bridge/netfilter/Kconfig | 6 +++---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 ++--
net/ipv4/netfilter/ipt_SYNPROXY.c | 2 ++
net/ipv4/netfilter/ipt_rpfilter.c | 1 +
net/ipv4/netfilter/nf_nat_h323.c | 12 +++++------
net/ipv6/netfilter/ip6t_SYNPROXY.c | 2 ++
net/ipv6/netfilter/ip6t_rpfilter.c | 8 ++++++--
net/netfilter/Kconfig | 6 ++----
net/netfilter/ipvs/ip_vs_nfct.c | 2 +-
net/netfilter/nf_conntrack_amanda.c | 2 +-
net/netfilter/nf_conntrack_broadcast.c | 2 +-
net/netfilter/nf_conntrack_core.c | 4 +---
net/netfilter/nf_conntrack_expect.c | 26 +++++++++++++++++-------
net/netfilter/nf_conntrack_ftp.c | 2 +-
net/netfilter/nf_conntrack_h323_asn1.c | 5 ++---
net/netfilter/nf_conntrack_h323_main.c | 18 ++++++++--------
net/netfilter/nf_conntrack_irc.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 4 ++--
net/netfilter/nf_conntrack_pptp.c | 4 ++--
net/netfilter/nf_conntrack_proto_gre.c | 2 --
net/netfilter/nf_conntrack_proto_icmp.c | 2 +-
net/netfilter/nf_conntrack_proto_tcp.c | 8 +++++---
net/netfilter/nf_conntrack_sane.c | 2 +-
net/netfilter/nf_conntrack_sip.c | 10 ++++++---
net/netfilter/nf_conntrack_tftp.c | 2 +-
net/netfilter/nf_nat_amanda.c | 2 +-
net/netfilter/nf_nat_core.c | 2 +-
net/netfilter/nf_nat_ftp.c | 2 +-
net/netfilter/nf_nat_irc.c | 2 +-
net/netfilter/nf_nat_sip.c | 8 +++++---
net/netfilter/nf_nat_tftp.c | 2 +-
net/netfilter/nf_synproxy_core.c | 8 ++++----
net/netfilter/nf_tables_api.c | 2 ++
net/netfilter/nfnetlink.c | 2 +-
net/netfilter/nft_chain_filter.c | 2 +-
net/netfilter/nft_chain_nat.c | 3 +++
net/netfilter/nft_ct.c | 2 +-
net/netfilter/nft_hash.c | 2 +-
net/netfilter/nft_meta.c | 2 +-
net/netfilter/nft_redir.c | 2 +-
net/netfilter/nft_synproxy.c | 2 ++
44 files changed, 117 insertions(+), 82 deletions(-)
next reply other threads:[~2019-07-19 16:45 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-19 16:45 Pablo Neira Ayuso [this message]
2019-07-19 16:45 ` [PATCH 01/14] netfilter: nfnetlink: avoid deadlock due to synchronous request_module Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 02/14] netfilter: Fix rpfilter dropping vrf packets by mistake Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 03/14] netfilter: nf_conntrack_sip: fix expectation clash Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 04/14] netfilter: Update obsolete comments referring to ip_conntrack Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 05/14] netfilter: nf_tables: fix module autoload for redir Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 06/14] netfilter: synproxy: fix erroneous tcp mss option Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 07/14] netfilter: conntrack: always store window size un-scaled Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 08/14] netfilter: nf_tables: don't fail when updating base chain policy Pablo Neira Ayuso
2019-07-19 16:45 ` [PATCH 09/14] netfilter: nft_hash: fix symhash with modulus one Pablo Neira Ayuso
2019-07-20 4:25 ` [PATCH 00/14] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2018-11-05 23:28 Pablo Neira Ayuso
2018-11-06 1:19 ` David Miller
2017-01-26 16:37 Pablo Neira Ayuso
2017-01-26 17:59 ` David Miller
2016-11-10 0:23 Pablo Neira Ayuso
2016-11-10 1:38 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190719164517.29496-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).