-
- Downloads
Merge tag 'nf-24-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: Patch #1 fixes insufficient sanitization of netlink attributes for the inner expression which can trigger nul-pointer dereference, from Davide Ornaghi. Patch #2 address a report that there is a race condition between namespace cleanup and the garbage collection of the list:set type. This patch resolves this issue with other minor issues as well, from Jozsef Kadlecsik. Patch #3 ip6_route_me_harder() ignores flowlabel/dsfield when ip dscp has been mangled, this unbreaks ip6 dscp set $v, from Florian Westphal. All of these patches address issues that are present in several releases. * tag 'nf-24-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: Use flowlabel flow key when re-routing mangled packets netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type netfilter: nft_inner: validate mandatory meta and payload ==================== Link: https://lore.kernel.org/r/20240611220323.413713-1-pablo@netfilter.org Signed-off-by:Jakub Kicinski <kuba@kernel.org>
Showing
- net/ipv6/netfilter.c 1 addition, 0 deletionsnet/ipv6/netfilter.c
- net/netfilter/ipset/ip_set_core.c 46 additions, 35 deletionsnet/netfilter/ipset/ip_set_core.c
- net/netfilter/ipset/ip_set_list_set.c 14 additions, 16 deletionsnet/netfilter/ipset/ip_set_list_set.c
- net/netfilter/nft_meta.c 3 additions, 0 deletionsnet/netfilter/nft_meta.c
- net/netfilter/nft_payload.c 4 additions, 0 deletionsnet/netfilter/nft_payload.c
Loading
Please register or sign in to comment