Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/4] netfilter fixes for net
Date: Fri, 12 Apr 2013 12:13:15 +0200
Message-ID: <1365761599-6990-1-git-send-email-pablo@netfilter.org> (raw)

Hi David,

The following patchset contains late netfilter fixes for your net
tree, they are:

* Don't drop segmented TCP packets in the SIP helper, we've got reports
  from users that this was breaking communications when the SIP phone
  messages are larger than the MTU, from Patrick McHardy.

* Fix refcount leak in the ipset list set, from Jozsef Kadlecsik.

* On hash set resizing, the nomatch flag was lost, thus entirely inverting
  the logic of the set matching, from Jozsef Kadlecsik.

* Fix crash on NAT modules removal. Timer expiration may race with the
  module cleanup exit path while deleting conntracks, from Florian
  Westphal.

The following changes since commit 53f63189b1110559dce8c1ee29e8abc3e31f7630:

  Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (2013-04-05 14:04:10 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master

for you to fetch changes up to c2d421e171868586939c328dfb91bab840fe4c49:

  netfilter: nf_nat: fix race when unloading protocol modules (2013-04-12 11:46:31 +0200)

Please, consider pulling this.
Thanks!

P.S: Jozsef has several updates for net-next that depend on these fixes,
could you pull from your net tree into your net-next tree, please? Thanks.

----------------------------------------------------------------
Florian Westphal (1):
      netfilter: nf_nat: fix race when unloading protocol modules

Jozsef Kadlecsik (2):
      netfilter: ipset: list:set: fix reference counter update
      netfilter: ipset: hash:*net*: nomatch flag not excluded on set resize

Patrick McHardy (1):
      netfilter: nf_ct_sip: don't drop packets with offsets pointing outside the packet

 include/linux/netfilter/ipset/ip_set_ahash.h |   30 ++++++++++++++-----
 net/netfilter/ipset/ip_set_hash_ipportnet.c  |   18 ++++++++++++
 net/netfilter/ipset/ip_set_hash_net.c        |   22 ++++++++++++--
 net/netfilter/ipset/ip_set_hash_netiface.c   |   22 ++++++++++++--
 net/netfilter/ipset/ip_set_hash_netport.c    |   18 ++++++++++++
 net/netfilter/ipset/ip_set_list_set.c        |   10 +++++--
 net/netfilter/nf_conntrack_sip.c             |    6 ++--
 net/netfilter/nf_nat_core.c                  |   40 +++++---------------------
 8 files changed, 115 insertions(+), 51 deletions(-)


             reply index

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-12 10:13 Pablo Neira Ayuso [this message]
2013-04-12 10:13 ` [PATCH 1/4] netfilter: nf_ct_sip: don't drop packets with offsets pointing outside the packet Pablo Neira Ayuso
2013-04-12 10:13 ` [PATCH 2/4] netfilter: ipset: list:set: fix reference counter update Pablo Neira Ayuso
2013-04-12 10:13 ` [PATCH 3/4] netfilter: ipset: hash:*net*: nomatch flag not excluded on set resize Pablo Neira Ayuso
2013-04-12 10:13 ` [PATCH 4/4] netfilter: nf_nat: fix race when unloading protocol modules Pablo Neira Ayuso
2013-04-12 18:28 ` [PATCH 0/4] netfilter fixes for net David Miller
2014-08-11 17:06 [PATCH 0/4] Netfilter " Pablo Neira Ayuso
2015-05-16 18:47 Pablo Neira Ayuso
2015-05-16 20:45 ` David Miller
2015-09-18  9:17 Pablo Neira Ayuso
2015-09-21  5:32 ` David Miller
2015-10-19 18:22 Pablo Neira Ayuso
2015-10-22  2:27 ` David Miller
2016-09-13  9:05 Pablo Neira Ayuso
2016-09-13 15:17 ` David Miller
2017-03-03 19:22 Pablo Neira Ayuso
2017-03-04  4:41 ` David Miller
2017-05-29 11:34 Pablo Neira Ayuso
2017-05-30  3:20 ` David Miller
2019-12-26 16:39 Pablo Neira Ayuso
2019-12-26 21:11 ` David Miller
2020-03-20 13:51 Pablo Neira Ayuso
2020-03-21  2:34 ` David Miller
2020-06-14 21:52 Pablo Neira Ayuso
2020-06-15 20:27 ` David Miller
2020-10-07  0:10 Pablo Neira Ayuso
2020-10-09 19:19 ` Jakub Kicinski
2020-10-13 23:45 Pablo Neira Ayuso
2020-10-14  3:07 ` Jakub Kicinski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1365761599-6990-1-git-send-email-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git