lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  4 Aug 2020 22:02:03 +0200
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/5] Netfilter fixes for net

Hi,

The following patchset contains Netfilter fixes for net:

1) Flush the cleanup xtables worker to make sure destructors
   have completed, from Florian Westphal.

2) iifgroup is matching erroneously, also from Florian.

3) Add selftest for meta interface matching, from Florian Westphal.

4) Move nf_ct_offload_timeout() to header, from Roi Dayan.

5) Call nf_ct_offload_timeout() from flow_offload_add() to
   make sure garbage collection does not evict offloaded flow,
   from Roi Dayan.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thank you!

----------------------------------------------------------------

The following changes since commit 85496a29224188051b6135eb38da8afd4c584765:

  net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (2020-07-30 17:45:13 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 4203b19c27967d9eff6928f6a733f81892ffc592:

  netfilter: flowtable: Set offload timeout when adding flow (2020-08-03 12:37:24 +0200)

----------------------------------------------------------------
Florian Westphal (3):
      netfilter: nft_compat: make sure xtables destructors have run
      netfilter: nft_meta: fix iifgroup matching
      selftests: netfilter: add meta iif/oif match test

Roi Dayan (2):
      netfilter: conntrack: Move nf_ct_offload_timeout to header file
      netfilter: flowtable: Set offload timeout when adding flow

 include/net/netfilter/nf_conntrack.h          |  12 +++
 include/net/netfilter/nf_tables.h             |   2 +
 net/netfilter/nf_conntrack_core.c             |  12 ---
 net/netfilter/nf_flow_table_core.c            |   2 +
 net/netfilter/nf_tables_api.c                 |  10 ++-
 net/netfilter/nft_compat.c                    |  36 +++++++-
 net/netfilter/nft_meta.c                      |   2 +-
 tools/testing/selftests/netfilter/Makefile    |   2 +-
 tools/testing/selftests/netfilter/nft_meta.sh | 124 ++++++++++++++++++++++++++
 9 files changed, 182 insertions(+), 20 deletions(-)
 create mode 100755 tools/testing/selftests/netfilter/nft_meta.sh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ