From: Alakesh Haloi <alakeshh@amazon.com>
To: Florian Westphal <fw@strlen.de>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Greg KH <gregkh@linuxfoundation.org>, <stable@vger.kernel.org>,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH] netfilter: xt_connlimit: fix race in connection counting
Date: Tue, 27 Nov 2018 22:22:38 +0000 [thread overview]
Message-ID: <20181127222237.GA103860@dev-dsk-alakeshh-2c-f8a3e6e0.us-west-2.amazon.com> (raw)
In-Reply-To: <20181121005131.eux4kzzmexij4qwt@breakpoint.cc>
On Wed, Nov 21, 2018 at 01:51:31AM +0100, Florian Westphal wrote:
> Alakesh Haloi <alakeshh@amazon.com> wrote:
> > Thanks Greg and Pablo for your suggestions! We found this issue on 4.14
> > stable kernel and hence the fix is based on 4.14. The xt_connlimit module
> > source seemed to have been refactored. At one point I tested 4.18-rc1 and
> > the issue was still present. However I have not tested the most recent
> > one. I will follow your suggestions and try to reproduce the issue in
> > master branch of nf.git tree and in linus's tree and if i cannot reproduce
> > it then I will go ahead and pick the relevant patches for backporting.
> > This patch fixes the issue without bringing in any refactor patches. But
> > that is probably not the right way to go for it.
>
> Actually it might be needed, the changes in upstream are pretty invasive.
>
> So, in case you can reproduce this with nf.git or linus tree it would
> be great if you could send a fix for nf.git.
>
> But In case you can't reproduce, its possible your patch is still needed
> for stable.
Thanks Florian! I have tested linus's tree and i do not see the issue happening
there. I have not been able to test nf.git yet. Do you suggest that I should
start working on backporting relevant patches from mainline or it should be
possible to apply this patch to stable branches directly?
next prev parent reply other threads:[~2018-11-28 9:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 22:17 [PATCH] netfilter: xt_connlimit: fix race in connection counting Alakesh Haloi
2018-11-20 7:48 ` Greg KH
2018-11-20 9:44 ` Pablo Neira Ayuso
2018-11-21 0:21 ` Alakesh Haloi
2018-11-21 0:51 ` Florian Westphal
2018-11-27 22:22 ` Alakesh Haloi [this message]
2018-11-27 22:38 ` Florian Westphal
2018-11-28 23:33 ` Alakesh Haloi
2018-11-29 0:28 ` Florian Westphal
2018-12-07 0:49 ` Alakesh Haloi
2019-01-03 0:01 ` Alakesh Haloi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181127222237.GA103860@dev-dsk-alakeshh-2c-f8a3e6e0.us-west-2.amazon.com \
--to=alakeshh@amazon.com \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=gregkh@linuxfoundation.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.