git.ipfire.org Git - thirdparty/kernel/stable.git/commit

Merge tag 'nf-next-23-12-22' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next

Pablo Neira Ayuso says:

====================
netfilter pull request 23-12-22

The following patchset contains Netfilter updates for net-next:

1) Add locking for NFT_MSG_GETSETELEM_RESET requests, to address a
   race scenario with two concurrent processes running a dump-and-reset
   which exposes negative counters to userspace, from Phil Sutter.

2) Use GFP_KERNEL in pipapo GC, from Florian Westphal.

3) Reorder nf_flowtable struct members, place the read-mostly parts
   accessed by the datapath first. From Florian Westphal.

4) Set on dead flag for NFT_MSG_NEWSET in abort path,
   from Florian Westphal.

5) Support filtering zone in ctnetlink, from Felix Huettner.

6) Bail out if user tries to redefine an existing chain with different
   type in nf_tables.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

author	David S. Miller <davem@davemloft.net>
	Mon, 1 Jan 2024 16:15:40 +0000 (16:15 +0000)
committer	David S. Miller <davem@davemloft.net>
	Mon, 1 Jan 2024 16:15:40 +0000 (16:15 +0000)
commit	109bf4cfe112d8260aac75dbab393f2ae7eb7495
tree	49cbe2d4ced6c7c6b00bdbcc27122b20d3ddf5c0	tree \| snapshot
parent	240436c06ce992879d59e504b0df3d32deebb43e	commit \| diff
parent	aaba7ddc8507f4ad5bbd07988573967632bc2385	commit \| diff