[PATCH 0/4] Netfilter fixes for net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

The following patchset contains Netfilter fixes for net:

1) Fix bogus EEXIST on element insertions to the rbtree with timeouts,
   from Stefano Brivio.

2) Preempt BUG splat in the pipapo element insertion path, also from
   Stefano.

3) Release filter from the ctnetlink error path.

4) Release flowtable hooks from the deletion path.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thank you.

----------------------------------------------------------------

The following changes since commit af7b4801030c07637840191c69eb666917e4135d:

  Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2020-06-07 17:27:45 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 3003055f50663095472144994dac0339076031a8:

  netfilter: nf_tables: hook list memleak in flowtable deletion (2020-06-12 17:48:21 +0200)

----------------------------------------------------------------
Pablo Neira Ayuso (2):
      netfilter: ctnetlink: memleak in filter initialization error path
      netfilter: nf_tables: hook list memleak in flowtable deletion

Stefano Brivio (2):
      netfilter: nft_set_rbtree: Don't account for expired elements on insertion
      netfilter: nft_set_pipapo: Disable preemption before getting per-CPU pointer

 net/netfilter/nf_conntrack_netlink.c | 32 ++++++++++++++++++++++----------
 net/netfilter/nf_tables_api.c        | 31 ++++++++++++++++++++++++-------
 net/netfilter/nft_set_pipapo.c       |  6 +++++-
 net/netfilter/nft_set_rbtree.c       | 21 ++++++++++++++-------
 4 files changed, 65 insertions(+), 25 deletions(-)
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux