From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/8] netfilter fixes for net
Date: Sat, 5 Apr 2014 18:21:14 +0200 [thread overview]
Message-ID: <1396714874-4426-1-git-send-email-pablo@netfilter.org> (raw)
Resending the cover letter, sent the wrong template, sorry
-o-
Hi,
The following patchset contains Netfilter fixes for your net tree, they
are:
* Use 16-bits offset and length fields instead of 8-bits in the conntrack
extension to avoid an overflow when many conntrack extension are used,
from Andrey Vagin.
* Allow to use cgroup match from LOCAL_IN, there is no apparent reason
for not allowing this, from Alexey Perevalov.
* Fix build of the connlimit match after recent changes to let it scale
up that result in a divide by zero compilation error in UP, from
Florian Westphal.
* Move the lock out of the structure connlimit_data to avoid a false
sharing spotted by Eric Dumazet and Jesper D. Brouer, this needed as
part of the recent connlimit scalability improvements, also from
Florian Westphal.
* Add missing module aliases in xt_osf to fix loading of rules using
this match, from Kirill Tkhai.
* Restrict set names in nf_tables to 15 characters instead of silently
trimming them off, from me.
* Fix wrong format in nf_tables request module call for chain types,
spotted by Florian Westphal, patch from me.
* Fix crash in xtables when it fails to copy the counters back to userspace
after having replaced the table already.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
Thanks.
----------------------------------------------------------------
The following changes since commit e33d0ba8047b049c9262fdb1fcafb93cb52ceceb:
net-gro: reset skb->truesize in napi_reuse_skb() (2014-04-03 16:17:52 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
for you to fetch changes up to c58dd2dd443c26d856a168db108a0cd11c285bf3:
netfilter: Can't fail and free after table replacement (2014-04-05 17:46:22 +0200)
----------------------------------------------------------------
Alexey Perevalov (1):
netfilter: x_tables: allow to use cgroup match for LOCAL_IN nf hooks
Andrey Vagin (1):
netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
Florian Westphal (2):
netfilter: connlimit: fix UP build
netfilter: connlimit: move lock array out of struct connlimit_data
Kirill Tkhai (1):
netfilter: Add {ipt,ip6t}_osf aliases for xt_osf
Pablo Neira Ayuso (2):
netfilter: nf_tables: set names cannot be larger than 15 bytes
netfilter: nf_tables: fix wrong format in request_module()
Thomas Graf (1):
netfilter: Can't fail and free after table replacement
include/net/netfilter/nf_conntrack_extend.h | 4 ++--
net/bridge/netfilter/ebtables.c | 5 ++---
net/ipv4/netfilter/arp_tables.c | 6 ++++--
net/ipv4/netfilter/ip_tables.c | 6 ++++--
net/ipv6/netfilter/ip6_tables.c | 6 ++++--
net/netfilter/nf_tables_api.c | 7 ++++---
net/netfilter/xt_cgroup.c | 3 ++-
net/netfilter/xt_connlimit.c | 25 ++++++++++++++++---------
net/netfilter/xt_osf.c | 2 ++
9 files changed, 40 insertions(+), 24 deletions(-)
next reply other threads:[~2014-04-05 16:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-05 16:21 Pablo Neira Ayuso [this message]
-- strict thread matches above, loose matches on Subject: below --
2020-08-31 9:36 [PATCH 0/8] Netfilter fixes for net Pablo Neira Ayuso
2020-08-31 18:22 ` David Miller
2020-08-15 10:31 Pablo Neira Ayuso
2020-08-16 23:05 ` David Miller
2019-07-31 11:51 [PATCH 0/8] netfilter " Pablo Neira Ayuso
2019-07-31 15:50 ` David Miller
2018-10-22 20:07 [PATCH 0/8] Netfilter " Pablo Neira Ayuso
2018-10-23 3:21 ` David Miller
2017-03-29 12:14 Pablo Neira Ayuso
2017-03-29 21:39 ` David Miller
2017-02-23 11:14 Pablo Neira Ayuso
2017-02-23 16:00 ` David Miller
2014-10-27 21:37 Pablo Neira Ayuso
2014-10-27 22:49 ` David Miller
2014-04-05 16:03 [PATCH 0/8] netfilter " Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1396714874-4426-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).