Hi David,
The following patchset contain a rather large batch for your net that
includes accumulated bugfixes, they are:
1) Run conntrack cleanup from workqueue process context to avoid hitting
soft lockup via watchdog for large tables. This is required by the
IPv6 masquerading extension. F
Hi David,
The following patchset contains Netfilter updates for your net tree,
they are:
1) Dump only conntrack that belong to this namespace via /proc file.
This is some fallout from the conversion to single conntrack table
for all netns, patch from Liping Zhang.
2) Missing MODULE_ALIAS_N
Hi David,
The following patchset contains Netfilter fixes for your net tree:
1) Missing netlink attribute validation in nf_queue, uncovered by KASAN,
from Eric Dumazet.
2) Use pointer to sysctl table, save us 192 bytes of memory per netns.
Also from Eric.
3) Possible use-after-free when r
Hi David,
The following patchset contains Netfilter fixes for your net tree:
1) Missing module autoloadfor icmp and icmpv6 x_tables matches,
from Florian Westphal.
2) Possible non-linear access to TCP header from tproxy, from
Mate Eckl.
3) Do not allow rbtree to be used for single element
Hi David,
The following patchset contains Netfilter fixes for your net tree:
1) Skip ip_sabotage_in() for packet making into the VRF driver,
otherwise packets are dropped, from David Ahern.
2) Clang compilation warning uncovering typo in the
nft_validate_register_store() call from nft_osf,
Hi David,
The following patchset contains Netfilter fixes for net:
1) Use CONFIG_NF_TABLES_INET from seltests, not NF_TABLES_INET.
From Naresh Kamboju.
2) Add a test to cover masquerading and redirect case, from Florian
Westphal.
3) Two packets coming from the same socket may race to set
Hi David,
The following patchset contains accumulated Netfilter fixes for your
net tree:
1) Ensure quota dump and reset happens iff we can deliver numbers to
userspace.
2) Silence splat on incorrect use of smp_processor_id() from nft_queue.
3) Fix an out-of-bound access reported by KASAN in
Hi David,
The following patchset contains netfilter fixes for you net tree,
they are:
1) Missing ct zone size in the nft_ct initialization path, patch
from Florian Westphal.
2) Two patches for netfilter uapi headers, one to remove unnecessary
sysctl.h inclusion and another to fix compilati
Hi David,
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Fix OOM that syskaller triggers with ipt_replace.size = -1 and
IPT_SO_SET_REPLACE socket option, from Dmitry Vyukov.
2) Check for too long extension name in xt_request_find_{match|target}
that result
From: Pablo Neira Ayuso
Date: Wed, 20 Jan 2016 18:03:58 +0100
> The following patchset contains Netfilter fixes for your net tree, they
> are:
>
> 1) Fix accidental 3-times le/be conversion for 64-bits in nft_byteorder,
>from Florian Westphal.
>
> 2) Get rid of defensive cidr = 0 check in t
From: Pablo Neira Ayuso
Date: Tue, 16 Feb 2016 18:02:31 +0100
> The following patchset contain a rather large batch for your net that
> includes accumulated bugfixes, they are:
...
> Due to the NetDev 1.1 organization burden, I had no chance to pass up
> this to you any sooner in this release cy
From: Pablo Neira Ayuso
Date: Thu, 18 Aug 2016 19:29:02 +0200
> The following patchset contains Netfilter updates for your net tree,
> they are:
...
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thanks a lot Pablo.
--
To unsubscribe
From: Pablo Neira Ayuso
Date: Wed, 27 Jun 2018 17:22:17 +0200
> The following patchset contains Netfilter fixes for your net tree:
>
> 1) Missing netlink attribute validation in nf_queue, uncovered by KASAN,
>from Eric Dumazet.
>
> 2) Use pointer to sysctl table, save us 192 bytes of memory
From: Pablo Neira Ayuso
Date: Mon, 9 Jul 2018 19:18:58 +0200
> The following patchset contains Netfilter fixes for your net tree:
>
> 1) Missing module autoloadfor icmp and icmpv6 x_tables matches,
>from Florian Westphal.
>
> 2) Possible non-linear access to TCP header from tproxy, from
>
From: Pablo Neira Ayuso
Date: Tue, 2 Oct 2018 00:37:39 +0200
> The following patchset contains Netfilter fixes for your net tree:
...
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thanks.
From: Pablo Neira Ayuso
Date: Tue, 5 Feb 2019 20:04:09 +0100
> The following patchset contains Netfilter fixes for net:
...
> Diffstat look rather larger than usual because of the new selftest, but
> Florian and I consider that having tests soon into the tree is good to
> improve coverage. If t
From: Pablo Neira Ayuso
Date: Thu, 5 Jan 2017 12:19:47 +0100
> The following patchset contains accumulated Netfilter fixes for your
> net tree:
>
> 1) Ensure quota dump and reset happens iff we can deliver numbers to
>userspace.
>
> 2) Silence splat on incorrect use of smp_processor_id() f
From: Pablo Neira Ayuso
Date: Mon, 27 Feb 2017 12:35:36 +0100
> The following patchset contains netfilter fixes for you net tree,
> they are:
>
> 1) Missing ct zone size in the nft_ct initialization path, patch
>from Florian Westphal.
>
> 2) Two patches for netfilter uapi headers, one to re
From: Pablo Neira Ayuso
Date: Thu, 1 Feb 2018 19:02:11 +0100
> The following patchset contains Netfilter fixes for your net tree,
> they are:
>
> 1) Fix OOM that syskaller triggers with ipt_replace.size = -1 and
>IPT_SO_SET_REPLACE socket option, from Dmitry Vyukov.
>
> 2) Check for too lo
19 matches
Mail list logo