[PATCH 0/4] ipset patches for nf-next

Tue, 05 Jun 2018 04:09:02 -0700 

Hi Pablo,

Please pull the next patches for nf-next:

- Check hook mask for unsupported hooks instead of supported ones in xt_set.
  (Serhey Popovych).
- List/save just timing out entries with "timeout 1" instead of "timeout 0":
  zero timeout value means permanent entries. When restoring the elements,
  we'd add non-timing out entries. Fixes netfilter bugzilla id #1258.
- Limit max timeout value to (UINT_MAX >> 1)/MSEC_PER_SEC due to the negative
  value condition in msecs_to_jiffies(). msecs_to_jiffies() should be revised:
  if one wants to set the timeout above 2147483, msecs_to_jiffies() sets
  the value to 4294967. (Reported by Maxim Masiutin).
- Forbid family for hash:mac sets in the kernel module: ipset userspace tool
  enforces it but third party tools could create sets with this parameter. Such
  sets then cannot be listed/saved with ipset itself. (Florent Fourcot)

Best regards,
Jozsef

The following changes since commit f624434a0ec96ac338f10f3f7f5a2ef287dd597e:

  Merge tag 'wireless-drivers-next-for-davem-2018-05-31' of 
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next 
(2018-06-03 11:03:10 -0400)

are available in the git repository at:

  git://blackhole.kfki.hu/nf-next 96569e20b

for you to fetch changes up to 96569e20b472394072c40c41548a37f14bc10882:

  netfilter: ipset: forbid family for hash:mac sets (2018-06-05 12:41:29 +0200)

----------------------------------------------------------------
Florent Fourcot (1):
      netfilter: ipset: forbid family for hash:mac sets

Jozsef Kadlecsik (2):
      netfilter: ipset: List timing out entries with "timeout 1" instead of zero
      netfilter: ipset: Limit max timeout value

Serhey Popovych (1):
      netfilter: xt_set: Check hook mask correctly

 include/linux/netfilter/ipset/ip_set_timeout.h | 20 ++++++++++++++------
 net/netfilter/ipset/ip_set_hash_gen.h          |  5 ++++-
 net/netfilter/xt_set.c                         | 10 +++++-----
 3 files changed, 23 insertions(+), 12 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to