From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net 0/6] Netfilter fixes for net
Date: Fri, 4 Feb 2022 16:18:56 +0100 [thread overview]
Message-ID: <20220204151903.320786-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains Netfilter fixes for net:
1) Don't refresh timeout for SCTP flows in CLOSED state.
2) Don't allow access to transport header if fragment offset is set on.
3) Reinitialize internal conntrack state for retransmitted TCP
syn-ack packet.
4) Update MAINTAINER file to add the Netfilter group tree. Moving
forward, Florian Westphal has access to this tree so he can also
send pull requests.
5) Set on IPS_HELPER for entries created via ctnetlink, otherwise NAT
might zap it.
All patches from Florian Westphal.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit ed14fc7a79ab43e9f2cb1fa9c1733fdc133bba30:
net: sparx5: Fix get_stat64 crash in tcpdump (2022-02-03 19:01:15 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to d1ca60efc53d665cf89ed847a14a510a81770b81:
netfilter: ctnetlink: disable helper autoassign (2022-02-04 05:39:57 +0100)
----------------------------------------------------------------
Florian Westphal (6):
netfilter: conntrack: don't refresh sctp entries in closed state
netfilter: nft_payload: don't allow th access for fragments
netfilter: conntrack: move synack init code to helper
netfilter: conntrack: re-init state for retransmitted syn-ack
MAINTAINERS: netfilter: update git links
netfilter: ctnetlink: disable helper autoassign
MAINTAINERS | 4 +-
include/uapi/linux/netfilter/nf_conntrack_common.h | 2 +-
net/netfilter/nf_conntrack_netlink.c | 3 +-
net/netfilter/nf_conntrack_proto_sctp.c | 9 ++++
net/netfilter/nf_conntrack_proto_tcp.c | 59 +++++++++++++++-------
net/netfilter/nft_exthdr.c | 2 +-
net/netfilter/nft_payload.c | 9 ++--
7 files changed, 61 insertions(+), 27 deletions(-)
next reply other threads:[~2022-02-04 15:19 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-04 15:18 Pablo Neira Ayuso [this message]
2022-02-04 15:18 ` [PATCH net 1/6] netfilter: conntrack: don't refresh sctp entries in closed state Pablo Neira Ayuso
2022-02-04 17:40 ` patchwork-bot+netdevbpf
2022-02-04 15:18 ` [PATCH nf-next] netfilter: nft_cmp: optimize comparison for up to 16-bytes Pablo Neira Ayuso
2022-02-05 1:17 ` kernel test robot
2022-02-04 15:18 ` [PATCH net 2/6] netfilter: nft_payload: don't allow th access for fragments Pablo Neira Ayuso
2022-02-04 15:19 ` [PATCH net 3/6] netfilter: conntrack: move synack init code to helper Pablo Neira Ayuso
2022-02-04 15:19 ` [PATCH net 4/6] netfilter: conntrack: re-init state for retransmitted syn-ack Pablo Neira Ayuso
2022-02-04 15:19 ` [PATCH net 5/6] MAINTAINERS: netfilter: update git links Pablo Neira Ayuso
2022-02-04 15:19 ` [PATCH net 6/6] netfilter: ctnetlink: disable helper autoassign Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2024-12-05 0:28 [PATCH net 0/6] Netfilter fixes for net Pablo Neira Ayuso
2024-05-22 23:13 Pablo Neira Ayuso
2024-04-04 10:43 Pablo Neira Ayuso
2024-01-31 22:59 Pablo Neira Ayuso
2024-01-24 19:12 Pablo Neira Ayuso
2023-12-06 18:03 Pablo Neira Ayuso
2023-11-15 18:45 Pablo Neira Ayuso
2023-07-05 23:04 Pablo Neira Ayuso
2023-06-27 6:52 Pablo Neira Ayuso
2022-02-10 23:10 Pablo Neira Ayuso
2021-07-23 15:54 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220204151903.320786-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).