Hi Greg, Sasha,
This batch contains a backport fix for 6.6-stable.
The following list shows the backported patches, I am using original commit IDs for reference:
1) 82cfd785c7b3 ("netfilter: nf_tables: bail out if stateful expression provides no .clone")
This is a stable dependency for the next patch.
2) 56fac3c36c8f ("netfilter: nf_tables: allow clone callbacks to sleep")
Please, apply, Thanks
without this fix, the default set expression is silently ignored when used from dynamic sets.
Florian Westphal (1): netfilter: nf_tables: allow clone callbacks to sleep
Pablo Neira Ayuso (1): netfilter: nf_tables: use timestamp to check for set element timeout
include/net/netfilter/nf_tables.h | 20 ++++++++++++++++---- net/netfilter/nf_tables_api.c | 12 +++++++----- net/netfilter/nft_connlimit.c | 4 ++-- net/netfilter/nft_counter.c | 4 ++-- net/netfilter/nft_dynset.c | 2 +- net/netfilter/nft_last.c | 4 ++-- net/netfilter/nft_limit.c | 14 ++++++++------ net/netfilter/nft_quota.c | 4 ++-- net/netfilter/nft_set_hash.c | 8 +++++++- net/netfilter/nft_set_pipapo.c | 18 +++++++++++------- net/netfilter/nft_set_rbtree.c | 11 +++++++---- 11 files changed, 65 insertions(+), 36 deletions(-)