This is a v2 including a extended PR with one more fix.
-o-
Hi,
This patchset contains Netfilter fixes for net:
1) syzkaller managed to triger UaF due to missing reference on netns in
bpf infrastructure, from Florian Westphal.
2) Fix incorrect conversion from NFPROTO_UNSPEC to NFPROTO_{IPV4,IPV6}
in the following xtables targets: MARK and NFLOG. Moreover, add
missing
I have my half share in this mistake, I did not take the necessary time
to review this: For several years I have been struggling to keep working
on Netfilter, juggling a myriad of side consulting projects to stop
burning my own savings.
I have extended the iptables-tests.py test infrastructure to improve the
coverage of ip6tables and detect similar problems in the future.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-10-21
Thanks.
----------------------------------------------------------------
The following changes since commit cb560795c8c2ceca1d36a95f0d1b2eafc4074e37:
Merge branch 'mlx5-misc-fixes-2024-10-15' (2024-10-17 12:14:11 +0200)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-10-21
for you to fetch changes up to 306ed1728e8438caed30332e1ab46b28c25fe3d8:
netfilter: xtables: fix typo causing some targets not to load on IPv6 (2024-10-21 11:31:26 +0200)
----------------------------------------------------------------
netfilter pull request 24-10-21
----------------------------------------------------------------
Florian Westphal (1):
netfilter: bpf: must hold reference on net namespace
Pablo Neira Ayuso (1):
netfilter: xtables: fix typo causing some targets not to load on IPv6
net/netfilter/nf_bpf_link.c | 4 ++++
net/netfilter/xt_NFLOG.c | 2 +-
net/netfilter/xt_TRACE.c | 1 +
net/netfilter/xt_mark.c | 2 +-
4 files changed, 7 insertions(+), 2 deletions(-)
