[PATCH net 0/3] Netfilter fixes for net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

The following patchset contains Netfilter fixes for net:

1) Restore set counter when one of the CPU loses race to add elements
   to sets.

2) After NF_STOLEN, skb might be there no more, update nftables trace
   infra to avoid access to skb in this case. From Florian Westphal.

3) nftables bridge might register a prerouting hook with zero priority,
   br_netfilter incorrectly skips it. Also from Florian.

Florian Westphal (2):
  netfilter: nf_tables: avoid skb access on nf_stolen
  netfilter: br_netfilter: do not skip all hooks with 0 priority

Pablo Neira Ayuso (1):
  netfilter: nft_dynset: restore set element counter when failing to update

 include/net/netfilter/nf_tables.h | 16 ++++++-----
 net/bridge/br_netfilter_hooks.c   | 21 ++++++++++++---
 net/netfilter/nf_tables_core.c    | 24 ++++++++++++++---
 net/netfilter/nf_tables_trace.c   | 44 +++++++++++++++++--------------
 net/netfilter/nft_set_hash.c      |  2 ++
 5 files changed, 75 insertions(+), 32 deletions(-)

-- 
2.30.2

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git

Thanks.

----------------------------------------------------------------

The following changes since commit cb8092d70a6f5f01ec1490fce4d35efed3ed996c:

  tipc: move bc link creation back to tipc_node_create (2022-06-27 11:51:56 +0100)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD

for you to fetch changes up to c2577862eeb0be94f151f2f1fff662b028061b00:

  netfilter: br_netfilter: do not skip all hooks with 0 priority (2022-06-27 19:23:27 +0200)

----------------------------------------------------------------
Florian Westphal (2):
      netfilter: nf_tables: avoid skb access on nf_stolen
      netfilter: br_netfilter: do not skip all hooks with 0 priority

Pablo Neira Ayuso (1):
      netfilter: nft_dynset: restore set element counter when failing to update

 include/net/netfilter/nf_tables.h | 16 ++++++++------
 net/bridge/br_netfilter_hooks.c   | 21 ++++++++++++++++---
 net/netfilter/nf_tables_core.c    | 24 ++++++++++++++++++---
 net/netfilter/nf_tables_trace.c   | 44 +++++++++++++++++++++------------------
 net/netfilter/nft_set_hash.c      |  2 ++
 5 files changed, 75 insertions(+), 32 deletions(-)
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux