[SRU X][PATCH 0/6] netfilter: nf_conncount: fix for LP#1811094

[Mauricio Faria de Oliveira]

Hi Stefan,

Thanks for reviewing.

On Thu, Jan 10, 2019 at 8:25 AM Stefan Bader <stefan.bader at canonical.com> wrote:
>
> On 10.01.19 04:31, Mauricio Faria de Oliveira wrote:
> > BugLink: https://bugs.launchpad.net/bugs/1811094
[snip]
> > Mauricio Faria de Oliveira (1):
> >   UBUNTU: SAUCE: netfilter: xt_connlimit: remove the 'addr' parameter in
> >     add_hlist()
>
> Just double checking since I do not see this set on 4.4.y right now: you are
> positive that this does affect 4.4 the same? [snip]

Yes, it does affect 4.4 the same. It's actually been originally
reported against a
Xenial 4.4-based kernel, and the reported had an interest in 4.14.y, that's why.
(I realize that sending it to 4.4.y would land it in Xenial 4.4
eventually, but for
timing reasons, I done the SRU first.  I can send it to 4.4.y as well,
if required.)

> [snip] If yes, think we could just take
> the patches from 4.14.y and try to get those into our Xenial tree. Just in case,
> this is an acceptable approach and has been done before (I mean instead of
> working with the upstream changes, take those which were applied to a closer
> upstream stable).

I didn't know it, thanks for mentioning!

> [snip] I did a quick test with "netfilter: xt_connlimit: don't store
> address in the conn nodes" and it looks like that could just become a
>
> (cherry-picked from commit 5e614e212a6359af78b6034ceb12c56f71d5b423 linux-4.14.y)

The reason I didn't do it (i.e., squash this SAUCE in the commit as in
4.14.y) is to have a
more equivalent backport between Xenial and Cosmic, because that patch
is already applied
in Cosmic -- so I wanted to avoid the difference of 1) a backport with
this SAUCE squashed
for Xenial, and 2) SAUCE commit only for Bionic -- so I did the same
SAUCE patch for both
(on top of the cherry-pick in Xenial, and the applied commit in Bionic).

Hope this helps.
Thanks!




-- 
Mauricio Faria de Oliveira