https://github.com/torvalds/linux
Revision 15d703921f0618a212567d06bca767f3f1c25681 authored by Jakub Kicinski on 14 March 2022, 22:51:10 UTC, committed by Jakub Kicinski on 14 March 2022, 22:51:10 UTC
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net coming late in the 5.17-rc process: 1) Revert port remap to mitigate shadowing service ports, this is causing problems in existing setups and this mitigation can be achieved with explicit ruleset, eg. ... tcp sport < 16386 tcp dport >= 32768 masquerade random This patches provided a built-in policy similar to the one described above. 2) Disable register tracking infrastructure in nf_tables. Florian reported two issues: - Existing expressions with no implemented .reduce interface that causes data-store on register should cancel the tracking. - Register clobbering might be possible storing data on registers that are larger than 32-bits. This might lead to generating incorrect ruleset bytecode. These two issues are scheduled to be addressed in the next release cycle. * git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_tables: disable register tracking Revert "netfilter: conntrack: tag conntracks picked up in local out hook" Revert "netfilter: nat: force port remap to prevent shadowing well-known ports" ==================== Link: https://lore.kernel.org/r/20220312220315.64531-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Tip revision: 15d703921f0618a212567d06bca767f3f1c25681 authored by Jakub Kicinski on 14 March 2022, 22:51:10 UTC
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Tip revision: 15d7039
File | Mode | Size |
---|---|---|
Documentation | ||
LICENSES | ||
arch | ||
block | ||
certs | ||
crypto | ||
drivers | ||
fs | ||
include | ||
init | ||
ipc | ||
kernel | ||
lib | ||
mm | ||
net | ||
samples | ||
scripts | ||
security | ||
sound | ||
tools | ||
usr | ||
virt | ||
.clang-format | -rw-r--r-- | 16.6 KB |
.cocciconfig | -rw-r--r-- | 59 bytes |
.get_maintainer.ignore | -rw-r--r-- | 71 bytes |
.gitattributes | -rw-r--r-- | 62 bytes |
.gitignore | -rw-r--r-- | 1.9 KB |
.mailmap | -rw-r--r-- | 21.8 KB |
COPYING | -rw-r--r-- | 496 bytes |
CREDITS | -rw-r--r-- | 98.9 KB |
Kbuild | -rw-r--r-- | 1.3 KB |
Kconfig | -rw-r--r-- | 555 bytes |
MAINTAINERS | -rw-r--r-- | 627.3 KB |
Makefile | -rw-r--r-- | 63.5 KB |
README | -rw-r--r-- | 727 bytes |
Computing file changes ...