From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 6 Jun 2018 13:04:37 +0000 (+0200)
Subject: Merge git://blackhole.kfki.hu/nf
X-Git-Tag: v4.18-rc1~8^2~30^2~4
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=5b94b2bec85f14d3c16d4edb698eae5ca8c3d7a0;p=users%2Fdwmw2%2Flinux.git

Merge git://blackhole.kfki.hu/nf

Jozsef Kadlecsik says:

====================
ipset patches for nf

- Check hook mask for unsupported hooks instead of supported ones in xt_set.
  (Serhey Popovych).

- List/save just timing out entries with "timeout 1" instead of "timeout 0":
  zero timeout value means permanent entries. When restoring the elements,
  we'd add non-timing out entries. Fixes netfilter bugzilla id #1258.

- Limit max timeout value to (UINT_MAX >> 1)/MSEC_PER_SEC due to the
  negative value condition in msecs_to_jiffies(). msecs_to_jiffies()
  should be revised: if one wants to set the timeout above 2147483,
  msecs_to_jiffies() sets the value to 4294967. (Reported by Maxim Masiutin).

- Forbid family for hash:mac sets in the kernel module: ipset userspace tool
  enforces it but third party tools could create sets with this parameter.
  Such sets then cannot be listed/saved with ipset itself. (Florent Fourcot)
====================

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

5b94b2bec85f14d3c16d4edb698eae5ca8c3d7a0