[PATCH -stable,6.5 0/5] Netfilter stable fixes for 6.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Greg, Sasha,

The following list shows patches that you can cherry-pick to -stable 6.5.
I am using original commit IDs for reference:

1) 7ab9d0827af8 ("netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention")

2) 4e5f5b47d8de ("netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC")

3) 1d16d80d4230 ("netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails")

4) 7606622f20da ("netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration")

5) 44a76f08f7ca ("netfilter: nf_tables: fix memleak when more than 255 elements expired")

Please, apply.

Thanks.

Florian Westphal (1):
  netfilter: nf_tables: fix memleak when more than 255 elements expired

Pablo Neira Ayuso (4):
  netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
  netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC
  netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails
  netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration

 include/net/netfilter/nf_tables.h |  7 ++++---
 net/netfilter/nf_tables_api.c     | 32 ++++++++++++++++++++++++++-----
 net/netfilter/nft_set_hash.c      | 11 ++++-------
 net/netfilter/nft_set_pipapo.c    |  4 ++--
 net/netfilter/nft_set_rbtree.c    |  8 +++-----
 5 files changed, 40 insertions(+), 22 deletions(-)

-- 
2.30.2




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux