From: Pablo Neira Ayuso
Date: Tue, 8 Sep 2020 17:09:42 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) Allow conntrack entries with l3num == NFPROTO_IPV4 or == NFPROTO_IPV6
>only via ctnetlink, from Will McVicker.
>
> 2) Batch notifications to userspace to improve n
Hi,
The following patchset contains Netfilter fixes for net:
1) Allow conntrack entries with l3num == NFPROTO_IPV4 or == NFPROTO_IPV6
only via ctnetlink, from Will McVicker.
2) Batch notifications to userspace to improve netlink socket receive
utilization.
3) Restore mark based dump filte
From: Pablo Neira Ayuso
Date: Tue, 4 Aug 2020 22:02:03 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) Flush the cleanup xtables worker to make sure destructors
>have completed, from Florian Westphal.
>
> 2) iifgroup is matching erroneously, also from Florian.
>
>
Hi,
The following patchset contains Netfilter fixes for net:
1) Flush the cleanup xtables worker to make sure destructors
have completed, from Florian Westphal.
2) iifgroup is matching erroneously, also from Florian.
3) Add selftest for meta interface matching, from Florian Westphal.
4) Mov
From: Pablo Neira Ayuso
Date: Tue, 26 May 2020 22:10:23 +0200
> If it's still possible, it would be good to toss this pull request.
>
> Otherwise, I will send another pull request to address the kbuild
> reports.
Unfortunately I pushed it out already, please send me follow-ups.
Thanks.
On Mon, May 25, 2020 at 06:29:01PM -0700, David Miller wrote:
> From: Pablo Neira Ayuso
> Date: Mon, 25 May 2020 23:54:15 +0200
>
> > The following patchset contains Netfilter fixes for net:
> >
> > 1) Set VLAN tag in tcp reset/icmp unreachable packets to reject
> >connections in the bridge
From: Pablo Neira Ayuso
Date: Mon, 25 May 2020 23:54:15 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) Set VLAN tag in tcp reset/icmp unreachable packets to reject
>connections in the bridge family, from Michael Braun.
>
> 2) Incorrect subcounter flag update in ipse
Hi,
The following patchset contains Netfilter fixes for net:
1) Set VLAN tag in tcp reset/icmp unreachable packets to reject
connections in the bridge family, from Michael Braun.
2) Incorrect subcounter flag update in ipset, from Phil Sutter.
3) Possible buffer overflow in the pptp conntrack
From: Pablo Neira Ayuso
Date: Wed, 25 Sep 2019 22:29:58 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) Add NFT_CHAIN_POLICY_UNSET to replace hardcoded -1 to
>specify that the chain policy is unset. The chain policy
>field is actually defined as an 8-bit unsigned
Hi,
The following patchset contains Netfilter fixes for net:
1) Add NFT_CHAIN_POLICY_UNSET to replace hardcoded -1 to
specify that the chain policy is unset. The chain policy
field is actually defined as an 8-bit unsigned integer.
2) Remove always true condition reported by smatch in
ch
From: Pablo Neira Ayuso
Date: Wed, 4 Sep 2019 21:36:41 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) br_netfilter drops IPv6 packets if ipv6 is disabled, from Leonardo Bras.
>
> 2) nft_socket hits BUG() due to illegal skb->sk caching, patch from
>Fernando Fernande
Hi,
The following patchset contains Netfilter fixes for net:
1) br_netfilter drops IPv6 packets if ipv6 is disabled, from Leonardo Bras.
2) nft_socket hits BUG() due to illegal skb->sk caching, patch from
Fernando Fernandez Mancera.
3) nft_fib_netdev could be called with ipv6 disabled, leadi
From: Pablo Neira Ayuso
Date: Fri, 30 Aug 2019 14:06:59 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) Spurious warning when loading rules using the physdev match,
>from Todd Seidelmann.
>
> 2) Fix FTP conntrack helper debugging output, from Thomas Jarosch.
>
> 3)
Hi,
The following patchset contains Netfilter fixes for net:
1) Spurious warning when loading rules using the physdev match,
from Todd Seidelmann.
2) Fix FTP conntrack helper debugging output, from Thomas Jarosch.
3) Restore per-netns nf_conntrack_{acct,helper,timeout} sysctl knobs,
from
From: Pablo Neira Ayuso
Date: Mon, 19 Aug 2019 20:49:06 +0200
> The following patchset contains Netfilter fixes for net:
>
> 1) Remove IP MASQUERADING record in MAINTAINERS file,
>from Denis Efremov.
>
> 2) Counter arguments are swapped in ebtables, from
>Todd Seidelmann.
>
> 3) Missin
Hi,
The following patchset contains Netfilter fixes for net:
1) Remove IP MASQUERADING record in MAINTAINERS file,
from Denis Efremov.
2) Counter arguments are swapped in ebtables, from
Todd Seidelmann.
3) Missing netlink attribute validation in flow_offload
extension.
4) Incorrect al
From: Pablo Neira Ayuso
Date: Thu, 13 Dec 2018 02:06:26 +0100
> The following patchset contains Netfilter fixes for net:
>
> 1) Fix warnings suspicious rcu usage when handling base chain
>statistics, from Taehee Yoo.
>
> 2) Refetch pointer to tcp header from nf_ct_sack_adjust() since
>s
Hi David,
The following patchset contains Netfilter fixes for net:
1) Fix warnings suspicious rcu usage when handling base chain
statistics, from Taehee Yoo.
2) Refetch pointer to tcp header from nf_ct_sack_adjust() since
skb_make_writable() may reallocate data area, reported by Google
From: Pablo Neira Ayuso
Date: Mon, 12 Mar 2018 17:15:59 +0100
> The following patchset contains Netfilter fixes for your net tree, they are:
>
> 1) Fixed hashtable representation doesn't support timeout flag, skip it
>otherwise rules to add elements from the packet fail bogusly fail with
>
Hi David,
The following patchset contains Netfilter fixes for your net tree, they are:
1) Fixed hashtable representation doesn't support timeout flag, skip it
otherwise rules to add elements from the packet fail bogusly fail with
EOPNOTSUPP.
2) Fix bogus error with 32-bits ebtables userspa
From: Pablo Neira Ayuso
Date: Thu, 24 Aug 2017 16:43:26 +0200
> The following patchset contains Netfilter fixes for your net tree,
> they are:
...
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thanks.
Hi David,
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Fix use after free of struct proc_dir_entry in ipt_CLUSTERIP, patch
from Sabrina Dubroca.
2) Fix spurious EINVAL errors from iptables over nft compatibility layer.
3) Reload pointer to ip header only if
From: Florian Westphal
Date: Tue, 18 Jul 2017 23:11:57 +0200
> David Miller wrote:
>> What about that change Eric Dumazet was talking about with Florian
>> that stopped instantiating conntrack by default in new namespaces?
>
> Seems more appropriate for -next. If you prefer net instead, let me
David Miller wrote:
> What about that change Eric Dumazet was talking about with Florian
> that stopped instantiating conntrack by default in new namespaces?
Seems more appropriate for -next. If you prefer net instead, let me know
and I'll get to work.
From: Pablo Neira Ayuso
Date: Tue, 18 Jul 2017 12:13:54 +0200
> The following patchset contains Netfilter fixes for your net tree,
> they are:
>
> 1) Missing netlink message sanity check in nfnetlink, patch from
>Mateusz Jurczyk.
>
> 2) We now have netfilter per-netns hooks, so let's kill g
Hi David,
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Missing netlink message sanity check in nfnetlink, patch from
Mateusz Jurczyk.
2) We now have netfilter per-netns hooks, so let's kill global hook
infrastructure, this infrastructure is known to be ra
From: Pablo Neira Ayuso
Date: Thu, 6 Oct 2016 02:07:44 +0200
> This is a pull request to address fallout from previous nf-next pull
> request, only fixes going on here:
>
> 1) Address a potential null dereference in nf_unregister_net_hook()
>when becomes nf_hook_entry_head is NULL, from Aar
Hi David,
This is a pull request to address fallout from previous nf-next pull
request, only fixes going on here:
1) Address a potential null dereference in nf_unregister_net_hook()
when becomes nf_hook_entry_head is NULL, from Aaron Conole.
2) Missing ifdef for CONFIG_NETFILTER_INGRESS, also
From: Pablo Neira Ayuso
Date: Mon, 10 Aug 2015 19:58:34 +0200
> The following patchset contains five Netfilter fixes for your net tree,
> they are:
>
> 1) Silence a warning on falling back to vmalloc(). Since 88eab472ec21, we can
>easily hit this warning message, that gets users confused. So
Hi David,
The following patchset contains five Netfilter fixes for your net tree,
they are:
1) Silence a warning on falling back to vmalloc(). Since 88eab472ec21, we can
easily hit this warning message, that gets users confused. So let's get rid
of it.
2) Recently when porting the template
30 matches
Mail list logo
