From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
To: netfilter-devel@vger.kernel.org
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 0/3] ipset patches for nf
Date: Sat, 7 Nov 2015 13:42:22 +0100 [thread overview]
Message-ID: <1446900145-14190-1-git-send-email-kadlec@blackhole.kfki.hu> (raw)
Hi Pablo,
Please apply the next bugfixes against the nf tree.
- Fix extensions alignment in ipset: Gerhard Wiesinger reported
that the missing data aligments lead to crash on non-intel
architecture. The patch was tested on armv7h by Gerhard Wiesinger
and on x86_64 and sparc64 by me.
- An incorrect index at the hash:* types could lead to
falsely early expired entries and memory leak when the comment
extension was used too.
- Release empty hash bucket block when all entries are expired or
all slots are empty instead of shrinkig the data part to zero.
Best regards,
Jozsef
----
The following changes since commit 212cd0895330b775f2db49451f046a5ca4e5704b:
selinux: fix random read in selinux_ip_postroute_compat() (2015-11-05 16:45:51 -0500)
are available in the git repository at:
git://blackhole.kfki.hu/nf master
for you to fetch changes up to 0aae24eb409fc429f54ca3809f904f1b91e295e0:
netfilter: ipset: Fix hash type expire: release empty hash bucket block (2015-11-07 11:28:49 +0100)
----------------------------------------------------------------
Jozsef Kadlecsik (3):
netfilter: ipset: Fix extension alignment
netfilter: ipset: Fix hash:* type expiration
netfilter: ipset: Fix hash type expire: release empty hash bucket block
include/linux/netfilter/ipset/ip_set.h | 2 +-
net/netfilter/ipset/ip_set_bitmap_gen.h | 17 +++++----------
net/netfilter/ipset/ip_set_bitmap_ip.c | 14 ++++--------
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 64 +++++++++++++++++++++++++-----------------------------
net/netfilter/ipset/ip_set_bitmap_port.c | 18 ++++++---------
net/netfilter/ipset/ip_set_core.c | 14 +++++++-----
net/netfilter/ipset/ip_set_hash_gen.h | 26 ++++++++++++++--------
net/netfilter/ipset/ip_set_list_set.c | 5 +++--
8 files changed, 75 insertions(+), 85 deletions(-)
next reply other threads:[~2015-11-07 12:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-07 12:42 Jozsef Kadlecsik [this message]
2015-11-07 12:42 ` [PATCH 1/3] netfilter: ipset: Fix extension alignment Jozsef Kadlecsik
2015-11-07 12:42 ` [PATCH 2/3] netfilter: ipset: Fix hash:* type expiration Jozsef Kadlecsik
2015-11-07 12:42 ` [PATCH 3/3] netfilter: ipset: Fix hash type expire: release empty hash bucket block Jozsef Kadlecsik
2015-11-08 21:42 ` [PATCH 0/3] ipset patches for nf Pablo Neira Ayuso
2019-11-01 16:35 Jozsef Kadlecsik
2019-11-04 19:15 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1446900145-14190-1-git-send-email-kadlec@blackhole.kfki.hu \
--to=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.