From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/9] Netfilter fixes for net
Date: Fri, 14 Apr 2017 02:26:42 +0200 [thread overview]
Message-ID: <1492129611-29336-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Missing TCP header sanity check in TCPMSS target, from Eric Dumazet.
2) Incorrect event message type for related conntracks created via
ctnetlink, from Liping Zhang.
3) Fix incorrect rcu locking when handling helpers from ctnetlink,
from Gao feng.
4) Fix missing rcu locking when updating helper, from Liping Zhang.
5) Fix missing read_lock_bh when iterating over list of device addresses
from TPROXY and redirect, also from Liping.
6) Fix crash when trying to dump expectations from conntrack with no
helper via ctnetlink, from Liping.
7) Missing RCU protection to expecation list update given ctnetlink
iterates over the list under rcu read lock side, from Liping too.
8) Don't dump autogenerated seed in nft_hash to userspace, this is
very confusing to the user, again from Liping.
9) Fix wrong conntrack netns module refcount in ipt_CLUSTERIP,
from Gao feng.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 0b9aefea860063bb39e36bd7fe6c7087fed0ba87:
tcp: minimize false-positives on TCP/GRO check (2017-04-03 18:43:41 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to fe50543c194e2e1aee2f3eba41fcafd187b3dbde:
netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage (2017-04-13 23:21:40 +0200)
----------------------------------------------------------------
Eric Dumazet (1):
netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
Gao Feng (2):
netfilter: helper: Add the rcu lock when call __nf_conntrack_helper_find
netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage
Liping Zhang (6):
netfilter: ctnetlink: using bit to represent the ct event
netfilter: ctnetlink: make it safer when checking the ct helper name
netfilter: make it safer during the inet6_dev->addr_list traversal
netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL
netfilter: nf_ct_expect: use proper RCU list traversal/update APIs
netfilter: nft_hash: do not dump the auto generated seed
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
net/netfilter/nf_conntrack_expect.c | 4 ++--
net/netfilter/nf_conntrack_helper.c | 17 ++++++++++-----
net/netfilter/nf_conntrack_netlink.c | 41 +++++++++++++++++++++++++-----------
net/netfilter/nf_nat_redirect.c | 2 ++
net/netfilter/nft_hash.c | 10 ++++++---
net/netfilter/xt_TCPMSS.c | 6 +++++-
net/netfilter/xt_TPROXY.c | 5 ++++-
8 files changed, 62 insertions(+), 25 deletions(-)
next reply other threads:[~2017-04-14 0:27 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-14 0:26 Pablo Neira Ayuso [this message]
2017-04-14 0:26 ` [PATCH 1/9] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 2/9] netfilter: ctnetlink: using bit to represent the ct event Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 3/9] netfilter: helper: Add the rcu lock when call __nf_conntrack_helper_find Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 4/9] netfilter: ctnetlink: make it safer when checking the ct helper name Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 5/9] netfilter: make it safer during the inet6_dev->addr_list traversal Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 6/9] netfilter: ctnetlink: skip dumping expect when nfct_help(ct) is NULL Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 7/9] netfilter: nf_ct_expect: use proper RCU list traversal/update APIs Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 8/9] netfilter: nft_hash: do not dump the auto generated seed Pablo Neira Ayuso
2017-04-14 0:26 ` [PATCH 9/9] netfilter: ipt_CLUSTERIP: Fix wrong conntrack netns refcnt usage Pablo Neira Ayuso
2017-04-14 14:59 ` [PATCH 0/9] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-02-18 22:20 Pablo Neira Ayuso
2020-02-18 23:45 ` David Miller
2020-01-08 23:17 Pablo Neira Ayuso
2020-01-08 23:22 ` David Miller
2019-11-06 11:12 Pablo Neira Ayuso
2019-11-07 5:17 ` David Miller
2019-03-21 11:28 Pablo Neira Ayuso
2019-03-21 17:07 ` David Miller
2018-12-29 12:57 Pablo Neira Ayuso
2018-12-29 22:33 ` David Miller
2018-07-24 16:31 Pablo Neira Ayuso
2018-07-24 17:00 ` David Miller
2018-06-13 10:56 Pablo Neira Ayuso
2018-06-13 21:05 ` David Miller
2016-08-10 19:16 Pablo Neira Ayuso
2016-08-10 18:56 Pablo Neira Ayuso
2016-08-10 21:54 ` David Miller
2016-03-28 17:57 Pablo Neira Ayuso
2016-03-28 19:43 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1492129611-29336-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.