Merge tag 'nf-23-07-26' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
authorJakub Kicinski <kuba@kernel.org>
Thu, 27 Jul 2023 05:18:00 +0000 (22:18 -0700)
committerJakub Kicinski <kuba@kernel.org>
Thu, 27 Jul 2023 05:18:00 +0000 (22:18 -0700)
commitff0df20827f6ac32822f9855998c4db3e99af47c
tree7e08492ebf72c4e257060fba9608b5c4d4f6b61f
parent25266128fe16d5632d43ada34c847d7b8daba539
parent0ebc1064e4874d5987722a2ddbc18f94aa53b211
Merge tag 'nf-23-07-26' of https://git./linux/kernel/git/netfilter/nf

Florian Westphal says:

====================
netfilter fixes for net

1. On-demand overlap detection in 'rbtree' set can cause memory leaks.
   This is broken since 6.2.

2. An earlier fix in 6.4 to address an imbalance in refcounts during
   transaction error unwinding was incomplete, from Pablo Neira.

3. Disallow adding a rule to a deleted chain, also from Pablo.
   Broken since 5.9.

* tag 'nf-23-07-26' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
  netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
  netfilter: nft_set_rbtree: fix overlap expiration walk
====================

Link: https://lore.kernel.org/r/20230726152524.26268-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>