From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/6] Netfilter fixes for net
Date: Tue, 16 Feb 2016 18:02:31 +0100 [thread overview]
Message-ID: <1455642157-6864-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contain a rather large batch for your net that
includes accumulated bugfixes, they are:
1) Run conntrack cleanup from workqueue process context to avoid hitting
soft lockup via watchdog for large tables. This is required by the
IPv6 masquerading extension. From Florian Westphal.
2) Use original skbuff from nfnetlink batch when calling netlink_ack()
on error since this needs to access the skb->sk pointer.
3) Incremental fix on top of recent Sasha Levin's lock fix for conntrack
resizing.
4) Fix several problems in nfnetlink batch message header sanitization
and error handling, from Phil Turnbull.
5) Select NF_DUP_IPV6 based on CONFIG_IPV6, from Arnd Bergmann.
6) Fix wrong signess in return values on nf_tables counter expression,
from Anton Protopopov.
Due to the NetDev 1.1 organization burden, I had no chance to pass up
this to you any sooner in this release cycle, sorry about that.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 53729eb174c1589f9185340ffe8c10b3f39f3ef3:
Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth (2016-01-30 15:32:42 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 5cc6ce9ff27565949a1001a2889a8dd9fd09e772:
netfilter: nft_counter: fix erroneous return values (2016-02-08 13:05:02 +0100)
----------------------------------------------------------------
Anton Protopopov (1):
netfilter: nft_counter: fix erroneous return values
Arnd Bergmann (1):
netfilter: tee: select NF_DUP_IPV6 unconditionally
Florian Westphal (2):
netfilter: conntrack: resched in nf_ct_iterate_cleanup
netfilter: cttimeout: fix deadlock due to erroneous unlock/lock conversion
Pablo Neira Ayuso (1):
netfilter: nfnetlink: use original skbuff when acking batches
Phil Turnbull (1):
netfilter: nfnetlink: correctly validate length of batch messages
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c | 74 +++++++++++++++++++++++++++--
net/netfilter/Kconfig | 2 +-
net/netfilter/nf_conntrack_core.c | 5 ++
net/netfilter/nfnetlink.c | 16 ++++---
net/netfilter/nfnetlink_cttimeout.c | 2 +-
net/netfilter/nft_counter.c | 4 +-
net/netfilter/xt_TEE.c | 4 +-
7 files changed, 91 insertions(+), 16 deletions(-)
next reply other threads:[~2016-02-16 17:02 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-16 17:02 Pablo Neira Ayuso [this message]
2016-02-16 17:02 ` [PATCH 1/6] netfilter: conntrack: resched in nf_ct_iterate_cleanup Pablo Neira Ayuso
2016-02-16 17:02 ` [PATCH 2/6] netfilter: nfnetlink: use original skbuff when acking batches Pablo Neira Ayuso
2016-02-16 17:02 ` [PATCH 3/6] netfilter: cttimeout: fix deadlock due to erroneous unlock/lock conversion Pablo Neira Ayuso
2016-02-16 17:02 ` [PATCH 4/6] netfilter: nfnetlink: correctly validate length of batch messages Pablo Neira Ayuso
2016-02-16 17:02 ` [PATCH 5/6] netfilter: tee: select NF_DUP_IPV6 unconditionally Pablo Neira Ayuso
2016-02-16 17:02 ` [PATCH 6/6] netfilter: nft_counter: fix erroneous return values Pablo Neira Ayuso
2016-02-16 17:56 ` [PATCH 0/6] Netfilter fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2020-08-24 11:39 Pablo Neira Ayuso
2020-08-24 13:37 ` David Miller
2020-05-14 12:19 Pablo Neira Ayuso
2020-05-14 20:15 ` David Miller
2020-02-26 22:54 Pablo Neira Ayuso
2020-02-27 0:32 ` David Miller
2020-01-31 19:24 Pablo Neira Ayuso
2020-02-01 20:59 ` Jakub Kicinski
2019-02-05 19:04 Pablo Neira Ayuso
2019-02-05 19:23 ` David Miller
2018-10-01 22:37 Pablo Neira Ayuso
2018-10-01 22:41 ` David Miller
2018-07-09 17:18 Pablo Neira Ayuso
2018-07-09 21:24 ` David Miller
2018-06-27 15:22 Pablo Neira Ayuso
2018-06-28 4:33 ` David Miller
2018-02-01 18:02 Pablo Neira Ayuso
2018-02-01 19:45 ` David Miller
2017-02-27 11:35 Pablo Neira Ayuso
2017-02-27 14:19 ` David Miller
2017-01-05 11:19 Pablo Neira Ayuso
2017-01-05 16:52 ` David Miller
2016-08-18 17:29 Pablo Neira Ayuso
2016-08-19 1:49 ` David Miller
2016-01-20 17:03 Pablo Neira Ayuso
2016-01-21 2:57 ` David Miller
2015-12-14 11:25 [PATCH 0/6] netfilter " Pablo Neira Ayuso
2015-12-14 16:09 ` David Miller
2015-09-03 9:50 [PATCH 0/6] Netfilter " Pablo Neira Ayuso
2015-09-06 4:59 ` David Miller
2015-03-22 18:46 Pablo Neira Ayuso
2015-03-22 20:57 ` David Miller
2014-05-09 10:56 Pablo Neira Ayuso
2014-05-09 17:17 ` David Miller
2014-02-19 11:41 Pablo Neira Ayuso
2014-02-19 18:16 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455642157-6864-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).