- 19 May, 2023 17 commits
-
-
Michal Swiatkowski authored
Add description for each meta data. Redefine tunnel mask to match only tunneled MAC and tunneled VLAN. It shouldn't try to match other flags (previously it was 0xff, it is redundant). VLAN mask was 0xd000, change it to 0xf000. 4 last bits are flags depending on the same field in packets (VLAN tag). Because of that, It isn't harmful to match also on ITAG. Group all MDID and MDID offsets into enums to keep things organized. Signed-off-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com> Reviewed-by: Piotr Raczynski <piotr.raczynski@intel.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
-
Uwe Kleine-König authored
The function returns zero unconditionally. Change it to return void instead which simplifies its callers as error handing becomes unnecessary. Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Mat Martineau says: ==================== mptcp: Refactor inet_accept() and MIB updates Patches 1 and 2 refactor inet_accept() to provide a new __inet_accept() that's usable with locked sockets, and then make use of that helper to simplify mptcp_stream_accept(). Patches 3 and 4 add some new MIBS related to MPTCP address advertisement and update related selftest scripts. Patch 5 modifies the selftests to ensure MIBS are only printed once when a test case fails. ==================== Link: https://lore.kernel.org/r/20230516-send-net-next-20220516-v1-0-e91822b7b6e0@kernel.orgSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Paolo Abeni authored
If a test case fails, the mptcp_join.sh script can dump the netns MIBs multiple times, leading to confusing output. Let's dump such info only once per test-case, when needed. This additionally allow removing some code duplication. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <martineau@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Paolo Abeni authored
Instead of duplicating the all existing TX check with the TX side, add the new ones on selected test cases. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <martineau@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Paolo Abeni authored
Currently we don't track explicitly a few events related to address management suboption handling; this patch adds new mibs for ADD_ADDR and RM_ADDR options tx and for missed tx events due to internal storage exhaustion. The self-tests must be updated to properly handle different mibs with the same/shared prefix. Additionally removes a couple of warning tracking the loss event. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/378Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <martineau@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Paolo Abeni authored
Rewrite the mptcp socket accept op, leveraging the new __inet_accept() helper. This way we can avoid acquiring the new socket lock twice and we can avoid a couple of indirect calls. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <martineau@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Paolo Abeni authored
No functional changes intended. The new helper will be used by the MPTCP protocol in the next patch to avoid duplicating a few LoC. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <martineau@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queueJakub Kicinski authored
Tony Nguyen says: ==================== Intel Wired LAN Driver Updates 2023-05-17 (ice, MAINTAINERS) This series contains updates to ice driver and MAINTAINERS file. Paul refactors PHY to link mode reporting and updates some PHY types to report more accurate link modes for ice. Dave removes mutual exclusion policy between LAG and SR-IOV in ice driver. Jesse updates link for Intel Wired LAN in the MAINTAINERS file. * '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue: MAINTAINERS: update Intel Ethernet links ice: Remove LAG+SRIOV mutual exclusion ice: update PHY type to ethtool link mode mapping ice: refactor PHY type to ethtool link mode ice: update ICE_PHY_TYPE_HIGH_MAX_INDEX ==================== Link: https://lore.kernel.org/r/20230517165530.3179965-1-anthony.l.nguyen@intel.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Russell King says: ==================== net: sfp: add support for control of rate selection This series introduces control of the rate selection SFP pins (or their soft state in the I2C diagnostics EEPROM). Several SNIA documents (referenced in the commits) describe the various different modes for these, and we implement them all for maximum compatibility, but as we know, SFP modules tend to do their own thing, so that may not be sufficient. In order to implement this, we need to change the locking arrangement in the SFP layer - we need to make st_mutex (state mutex) able to be taken from within the rtnl lock and sm_mutex (state machine mutex). Essentially, st_mutex protects the hard (gpio) and soft state signals. So, patches 2 through 5 rejig the locking so that st_mutex is only ever taken when we want to fiddle with the signal state variables, read or write the GPIOs, or read or write the soft state. Patch 1 adds a helper that makes the locking rejig a little easier as it combines the update of sfp->state with setting the updated control state to the module. Patch 6 adds code to phylink to give the signalling rate for various PHY interface modes that are relevant to SFPs - this is the baud rate of the encoded signal, not the data rate, which is what matters for SFPs. This rate is passed through the SFP bus layer into the SFP socket driver, which initially has a stub sfp_set_signal_rate(). Patch 7 adds the code to the SFP socket driver to parse the rate selection data in the EEPROM, configure which RS signals need to be driven, and the signalling rate threshold. We fill in sfp_set_signal_rate() to set the rate select pins as appropriate. ==================== Link: https://lore.kernel.org/r/ZGSuTY8GqjM+sqta@shell.armlinux.org.ukSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Russell King (Oracle) authored
Add support for parsing the rate select thresholds and switching of the RS0 and RS1 signals to the transceiver. This is complicated by various revisions of SFF-8472 and interaction of SFF-8431, SFF-8079 and INF-8074. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Russell King (Oracle) authored
Add support to the SFP layer to allow phylink to set the signalling rate for a SFP module. The rate given will be in units of kilo-baud (1000 baud). Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Russell King (Oracle) authored
Change st_mutex's use within SFP such that it only protects the various state members, as it was originally supposed to, and isn't held while making various calls outside the driver. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Russell King (Oracle) authored
Provide an unlocked version of sfp_sm_event() which can be used by sfp_check_state() to avoid having to keep re-taking the lock if several signals have changed state. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Russell King (Oracle) authored
Swap the order of the rtnl and st_mutex locks - st_mutex is now nested beneath rtnl lock instead of rtnl being beneath st_mutex. This will allow us to hold st_mutex only while manipulating the module's hardware or software control state. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Russell King (Oracle) authored
As preparation to moving st_mutex inside rtnl_lock, we need to first move the rtnl lock to cover reading the state. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Russell King (Oracle) authored
There are a couple of locations in the code where we modify sfp->state, and then call sfp_set_state(, sfp->state) to update the outputs/soft state to control the module. Provide a helper which takes a mask and new state so that this is encapsulated in one location. Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 18 May, 2023 23 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski authored
Conflicts: drivers/net/ethernet/freescale/fec_main.c 6ead9c98 ("net: fec: remove the xdp_return_frame when lack of tx BDs") 144470c8 ("net: fec: using the standard return codes when xdp xmit errors") Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-nextJakub Kicinski authored
Florian Westphal says: ==================== Netfilter updates for net-next nftables updates: 1. Allow key existence checks with maps. At the moment the kernel requires userspace to pass a destination register for the associated value, make this optional so userspace can query if the key exists, just like with normal sets. 2. nftables maintains a counter per set that holds the number of elements. This counter gets decremented on element removal, but its only incremented if the set has a upper maximum value. Increment unconditionally, this will allow us to update the maximum value later on. 3. At DCCP option maching, from Jeremy Sowden. 4. use struct_size macro, from Christophe JAILLET. Conntrack: 5. Squash holes in struct nf_conntrack_expect, also Christophe JAILLET. 6. Allow clash resolution for GRE Protocol to avoid a packet drop, from Faicker Mo. Flowtable: Simplify route logic and split large functions into smaller chunks, from Pablo Neira Ayuso. * tag 'nf-next-2023-05-18' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next: netfilter: flowtable: split IPv6 datapath in helper functions netfilter: flowtable: split IPv4 datapath in helper functions netfilter: flowtable: simplify route logic netfilter: conntrack: allow insertion clash of gre protocol netfilter: nft_set_pipapo: Use struct_size() netfilter: Reorder fields in 'struct nf_conntrack_expect' netfilter: nft_exthdr: add boolean DCCP option matching netfilter: nf_tables: always increment set element count netfilter: nf_tables: relax set/map validation checks ==================== Link: https://lore.kernel.org/r/20230518100759.84858-1-fw@strlen.deSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netLinus Torvalds authored
Pull networking fixes from Paolo Abeni: "Including fixes from can, xfrm, bluetooth and netfilter. Current release - regressions: - ipv6: fix RCU splat in ipv6_route_seq_show() - wifi: iwlwifi: disable RFI feature Previous releases - regressions: - tcp: fix possible sk_priority leak in tcp_v4_send_reset() - tipc: do not update mtu if msg_max is too small in mtu negotiation - netfilter: fix null deref on element insertion - devlink: change per-devlink netdev notifier to static one - phylink: fix ksettings_set() ethtool call - wifi: mac80211: fortify the spinlock against deadlock by interrupt - wifi: brcmfmac: check for probe() id argument being NULL - eth: ice: - fix undersized tx_flags variable - fix ice VF reset during iavf initialization - eth: hns3: fix sending pfc frames after reset issue Previous releases - always broken: - xfrm: release all offloaded policy memory - nsh: use correct mac_offset to unwind gso skb in nsh_gso_segment() - vsock: avoid to close connected socket after the timeout - dsa: rzn1-a5psw: enable management frames for CPU port - eth: virtio_net: fix error unwinding of XDP initialization - eth: tun: fix memory leak for detached NAPI queue. Misc: - MAINTAINERS: sctp: move Neil to CREDITS" * tag 'net-6.4-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (107 commits) MAINTAINERS: skip CCing netdev for Bluetooth patches mdio_bus: unhide mdio_bus_init prototype bridge: always declare tunnel functions atm: hide unused procfs functions net: isa: include net/Space.h Revert "ARM: dts: stm32: add CAN support on stm32f746" netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nf_tables: fix nft_trans type confusion netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT net: wwan: t7xx: Ensure init is completed before system sleep net: selftests: Fix optstring net: pcs: xpcs: fix C73 AN not getting enabled net: wwan: iosm: fix NULL pointer dereference when removing device vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() mailmap: add entries for Nikolay Aleksandrov igb: fix bit_shift to be in [1..8] range net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset cassini: Fix a memory leak in the error handling path of cas_init_one() tun: Fix memory leak for detached NAPI queue. can: kvaser_pciefd: Disable interrupts in probe error path ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-mediaLinus Torvalds authored
Pull media fixes from Mauro Carvalho Chehab: "Several fixes for the dvb core and drivers: - fix UAF and null pointer de-reference in DVB core - fix kernel runtime warning for blocking operation in wait_event*() in dvb core - fix write size bug in DVB conditional access core - fix dvb demux continuity counter debug check logic - randconfig build fixes in pvrusb2 and mn88443x - fix memory leak in ttusb-dec - fix netup_unidvb probe-time error check logic - improve error handling in dw2102 if it can't retrieve DVB MAC address" * tag 'media/v6.4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() media: dvb-core: Fix use-after-free due to race at dvb_register_device() media: dvb-core: Fix use-after-free due on race condition at dvb_net media: dvb-core: Fix use-after-free on race condition at dvb_frontend media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() media: dvb_ca_en50221: fix a size write bug media: netup_unidvb: fix irq init by register it at the end of probe media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() media: netup_unidvb: fix use-after-free at del_timer() media: dvb_demux: fix a bug for the continuity counter media: pvrusb2: fix DVB_CORE dependency
-
Paolo Abeni authored
Horatiu Vultur says: ==================== net: lan966x: Add support for PCP, DEI, DSCP This patch series extends lan966x to offload to the hardware the following features: - PCP: this configuration is per port both at ingress and egress. - App trust: which allows to specify a trust order of app selectors. This can be PCP or DSCP or DSCP/PCP. - default priority - DSCP: this configuration is shared between the ports both at ingress and egress. ==================== Link: https://lore.kernel.org/r/20230516201408.3172428-1-horatiu.vultur@microchip.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Horatiu Vultur authored
Add support for DSCP rewrite in lan966x driver. On egress DSCP is rewritten from either classified DSCP, or frame DSCP. Classified DSCP is determined by the Analyzer Classifier on ingress, and is mapped from classified QoS class and DP level. Classification of DSCP is by default enabled for all ports. It is required that DSCP is trusted for the egress port *and* rewrite table is not empty, in order to rewrite DSCP based on classified DSCP, otherwise DSCP is always rewritten from frame DSCP. Reviewed-by: Daniel Machon <daniel.machon@microchip.com> Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Horatiu Vultur authored
Add support for rewrite of PCP and DEI value, based on QoS and DP level. The DCB rewrite table is queried for mappings between priority and PCP/DEI. The classified DP level is then encoded in the DEI bit, if a mapping for DEI exists. Reviewed-by: Daniel Machon <daniel.machon@microchip.com> Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Horatiu Vultur authored
Add support for offloading default prio. Reviewed-by: Daniel Machon <daniel.machon@microchip.com> Reviewed-by: Piotr Raczynski <piotr.raczynski@intel.com> Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Horatiu Vultur authored
Add support for offloading dscp app entries. The dscp values are global for all lan966x ports. Reviewed-by: Daniel Machon <daniel.machon@microchip.com> Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Horatiu Vultur authored
Make use of set/getapptrust() to implement per-selector trust and trust order. Reviewed-by: Daniel Machon <daniel.machon@microchip.com> Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Horatiu Vultur authored
Add support for offloading pcp app entries. Lan966x has 8 priority queues per port and for each priority it also has a drop precedence. Reviewed-by: Daniel Machon <daniel.machon@microchip.com> Reviewed-by: Piotr Raczynski <piotr.raczynski@intel.com> Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Horatiu Vultur authored
Add the registers that are needed to configure the PCP, DEI and DSCP of the switch both at ingress and also at egress. Reviewed-by: Daniel Machon <daniel.machon@microchip.com> Reviewed-by: Piotr Raczynski <piotr.raczynski@intel.com> Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Paolo Abeni authored
Merge tag 'linux-can-fixes-for-6.4-20230518' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2023-05-18 this is a pull request of 7 patches for net/master. The first 6 patches are by Jimmy Assarsson and fix several bugs in the kvaser_pciefd driver. The latest patch is from me and reverts a change in stm32f746.dtsi that causes build errors due to a missing dependent patch. * tag 'linux-can-fixes-for-6.4-20230518' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can: Revert "ARM: dts: stm32: add CAN support on stm32f746" can: kvaser_pciefd: Disable interrupts in probe error path can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt can: kvaser_pciefd: Empty SRB buffer in probe can: kvaser_pciefd: Call request_irq() before enabling interrupts can: kvaser_pciefd: Clear listen-only bit if not explicitly requested can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() ==================== Link: https://lore.kernel.org/r/20230518073241.1110453-1-mkl@pengutronix.deSigned-off-by: Paolo Abeni <pabeni@redhat.com>
-
Pablo Neira Ayuso authored
Add context structure and helper functions to look up for a matching IPv6 entry in the flowtable and to forward packets. No functional changes are intended. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
-
Pablo Neira Ayuso authored
Add context structure and helper functions to look up for a matching IPv4 entry in the flowtable and to forward packets. No functional changes are intended. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
-
Pablo Neira Ayuso authored
Grab reference to dst from skbuff earlier to simplify route caching. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
-
Faicker Mo authored
NVGRE tunnel is used in the VM-to-VM communications. The VM packets are encapsulated in NVGRE and sent from the host. For NVGRE there are two tuples(outer sip and outer dip) in the host conntrack item. Insertion clashes are more likely to happen if the concurrent connections are sent from the VM. Signed-off-by: Faicker Mo <faicker.mo@ucloud.cn> Signed-off-by: Florian Westphal <fw@strlen.de>
-
Christophe JAILLET authored
Use struct_size() instead of hand writing it. This is less verbose and more informative. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Florian Westphal <fw@strlen.de>
-
Christophe JAILLET authored
Group some variables based on their sizes to reduce holes. On x86_64, this shrinks the size of 'struct nf_conntrack_expect' from 264 to 256 bytes. This structure deserve a dedicated cache, so reducing its size looks nice. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Florian Westphal <fw@strlen.de>
-
Jeremy Sowden authored
The xt_dccp iptables module supports the matching of DCCP packets based on the presence or absence of DCCP options. Extend nft_exthdr to add this functionality to nftables. Link: https://bugzilla.netfilter.org/show_bug.cgi?id=930Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Florian Westphal <fw@strlen.de>
-
Florian Westphal authored
At this time, set->nelems counter only increments when the set has a maximum size. All set elements decrement the counter unconditionally, this is confusing. Increment the counter unconditionally to make this symmetrical. This would also allow changing the set maximum size after set creation in a later patch. Signed-off-by: Florian Westphal <fw@strlen.de>
-
Florian Westphal authored
Its currently not allowed to perform queries on a map, for example: table t { map m { typeof ip saddr : meta mark .. chain c { ip saddr @M counter will fail, because kernel requires that userspace provides a destination register when the referenced set is a map. However, internally there is no real distinction between sets and maps, maps are just sets where each key is associated with a value. Relax this so that maps can be used just like sets. This allows to have rules that query if a given key exists without making use of the associated value. This also permits != checks which don't work for map lookups. When no destination reg is given for a map, then permit this for named maps. Data and dump paths need to be updated to consider priv->dreg_set instead of the 'set-is-a-map' check. Checks in reduce and validate callbacks are not changed, this can be relaxed later if a need arises. Signed-off-by: Florian Westphal <fw@strlen.de>
-
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nfJakub Kicinski authored
Florian Westphal says: ==================== Netfilter fixes for net 1. Silence warning about unused variable when CONFIG_NF_NAT=n, from Tom Rix. 2. nftables: Fix possible out-of-bounds access, from myself. 3. nftables: fix null deref+UAF during element insertion into rbtree, also from myself. * tag 'nf-23-05-17' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nf_tables: fix nft_trans type confusion netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT ==================== Link: https://lore.kernel.org/r/20230517123756.7353-1-fw@strlen.deSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-