netfilter: P2 backports from upstream (!430) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Florian Westphal requested to merge fwestpha/centos-stream-9-fw:bz2044272 into main Jan 26, 2022

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2044272 Tested: iptables, nftables test suite, netfilter kernel selftests Conflicts: none

Most severe bugs fixed here are wrt. matching concatenated ranges such as "10.2.3.4 . 1-1024".

One corner case causes wrong matching, another corner case results in a set to become non-matching until next element add or removal when a set is flushed and re-created as-before in the same transaction.

Another bug fix worth mentioning is data corruption for stateless nat with ip fragmentation; before the fix the layer 4 checksum was updated not only for the first fragment, causing payload to be overwritten with the l4 checksum.

Signed-off-by: Florian Westphal fwestpha@redhat.com

netfilter: P2 backports from upstream

Merge request reports