summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJakub Kicinski <kuba@kernel.org>2022-06-08 03:49:47 +0300
committerJakub Kicinski <kuba@kernel.org>2022-06-08 03:49:48 +0300
commit91ffb0893291ff80cb3695f87e397533abc26823 (patch)
tree7b0513e1c7e5bfe684c2e6b97319a323607e7a17 /security
parentcf67838c4422eab826679b076dad99f96152b4de (diff)
parent3a41c64d9c1185a2f3a184015e2a9b78bfc99c71 (diff)
downloadlinux-91ffb0893291ff80cb3695f87e397533abc26823.tar.xz
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Pablo Neira Ayuso says: ==================== Netfilter fixes for net 1) Fix NAT support for NFPROTO_INET without layer 3 address, from Florian Westphal. 2) Use kfree_rcu(ptr, rcu) variant in nf_tables clean_net path. 3) Use list to collect flowtable hooks to be deleted. 4) Initialize list of hook field in flowtable transaction. 5) Release hooks on error for flowtable updates. 6) Memleak in hardware offload rule commit and abort paths. 7) Early bail out in case device does not support for hardware offload. This adds a new interface to net/core/flow_offload.c to check if the flow indirect block list is empty. * git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: bail out early if hardware offload is not supported netfilter: nf_tables: memleak flow rule from commit path netfilter: nf_tables: release new hooks on unsupported flowtable flags netfilter: nf_tables: always initialize flowtable hook list in transaction netfilter: nf_tables: delete flowtable hooks via transaction list netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks in clean_net path netfilter: nat: really support inet nat without l3 address ==================== Link: https://lore.kernel.org/r/20220606212055.98300-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions