diff options
author | David S. Miller <davem@davemloft.net> | 2017-07-18 21:01:39 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-07-18 21:01:39 +0200 |
commit | 3e16afd33f8fdad0a39586d670ade3cad67e1360 (patch) | |
tree | 7eea35bbdda174859e39c306d78f35b95a557048 /net/ipv4 | |
parent | udp: preserve skb->dst if required for IP options processing (diff) | |
parent | netfilter: expect: fix crash when putting uninited expectation (diff) | |
download | linux-3e16afd33f8fdad0a39586d670ade3cad67e1360.tar.xz linux-3e16afd33f8fdad0a39586d670ade3cad67e1360.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Missing netlink message sanity check in nfnetlink, patch from
Mateusz Jurczyk.
2) We now have netfilter per-netns hooks, so let's kill global hook
infrastructure, this infrastructure is known to be racy with netns.
We don't care about out of tree modules. Patch from Florian Westphal.
3) find_appropriate_src() is buggy when colissions happens after the
conversion of the nat bysource to rhashtable. Also from Florian.
4) Remove forward chain in nf_tables arp family, it's useless and it is
causing quite a bit of confusion, from Florian Westphal.
5) nf_ct_remove_expect() is called with the wrong parameter, causing
kernel oops, patch from Florian Westphal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/nf_tables_arp.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/nf_tables_arp.c b/net/ipv4/netfilter/nf_tables_arp.c index 805c8ddfe860..4bbc273b45e8 100644 --- a/net/ipv4/netfilter/nf_tables_arp.c +++ b/net/ipv4/netfilter/nf_tables_arp.c @@ -72,8 +72,7 @@ static const struct nf_chain_type filter_arp = { .family = NFPROTO_ARP, .owner = THIS_MODULE, .hook_mask = (1 << NF_ARP_IN) | - (1 << NF_ARP_OUT) | - (1 << NF_ARP_FORWARD), + (1 << NF_ARP_OUT), }; static int __init nf_tables_arp_init(void) |