Eric Woudstra <[email protected]> wrote: > > include/net/netfilter/nf_tables_ipv4.h | 21 +++-- > > include/net/netfilter/nf_tables_ipv6.h | 21 +++-- > > net/bridge/netfilter/nf_conntrack_bridge.c | 92 ++++++++++++++++++---- > > net/netfilter/nft_chain_filter.c | 59 ++++++++++++-- > > net/netfilter/utils.c | 28 +++++-- > > 5 files changed, 176 insertions(+), 45 deletions(-) > > > > Can I kindly ask, what is the status of this patch-set?
Rotting, sorry. At this time most of the patchwork queue management is done by me, there are several other patchsets also vying for attention and syzbot just reported UaF regression in rbtree, so I will be busy with that for a while. I decided to defer this: 1. There were no other 'Please lets apply this' reviews so far 2. We are close to a new kernel release, hence time window to accept features as opposed to fixes is shrinking. 3. You patchset changes how packets get processed both by conntrack and nf_tables bridge family. Yes, its done as-advertised but still, this has known impact. Hence I would prefer to apply this early in the cycle not at the last minute. Futhermore its a change that, if it causes issues down the road, might back us into a corner where we can neither fix things in a backwards compatible way without breaking the new feature. In case there is no further feedback by the time the next development cycle starts I will apply this series as-is (or ask for a rebase in case its no longer applicable). I apologize for the inconvenience.
