Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/9] Netfilter fixes for net
@ 2018-06-13 10:56 Pablo Neira Ayuso
  2018-06-13 10:56 ` [PATCH 1/9] netfilter: fix null-ptr-deref in nf_nat_decode_session Pablo Neira Ayuso
                   ` (9 more replies)
  0 siblings, 10 replies; 11+ messages in thread
From: Pablo Neira Ayuso @ 2018-06-13 10:56 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev

Hi David,

The following patchset contains Netfilter patches for your net tree:

1) Fix NULL pointer dereference from nf_nat_decode_session() if NAT is
   not loaded, from Prashant Bhole.

2) Fix socket extension module autoload.

3) Don't bogusly reject sets with the NFT_SET_EVAL flag set on from
   the dynset extension.

4) Fix races with nf_tables module removal and netns exit path,
   patches from Florian Westphal.

5) Don't hit BUG_ON if jumpstack goes too deep, instead hit
   WARN_ON_ONCE, from Taehee Yoo.

6) Another NULL pointer dereference from ctnetlink, again if NAT is
   not loaded, from Florian Westphal.

7) Fix x_tables match list corruption in xt_connmark module removal
   path, also from Florian.

8) nf_conncount doesn't properly deal with conntrack zones, hence
   garbage collector may get rid of entries in a different zone.
   From Yi-Hung Wei.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks.

----------------------------------------------------------------

The following changes since commit 6892286e9c09925780fe2cb6db3585b56b71fe8e:

  tcp: Do not reload skb pointer after skb_gro_receive(). (2018-06-11 20:00:56 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 21ba8847f857028dc83a0f341e16ecc616e34740:

  netfilter: nf_conncount: Fix garbage collection with zones (2018-06-12 20:07:07 +0200)

----------------------------------------------------------------
Florian Westphal (4):
      netfilter: nf_tables: fix module unload race
      netfilter: nf_tables: close race between netns exit and rmmod
      netfilter: ctnetlink: avoid null pointer dereference
      netfilter: xt_connmark: fix list corruption on rmmod

Pablo Neira Ayuso (2):
      netfilter: nft_socket: fix module autoload
      netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL

Prashant Bhole (1):
      netfilter: fix null-ptr-deref in nf_nat_decode_session

Taehee Yoo (1):
      netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()

Yi-Hung Wei (1):
      netfilter: nf_conncount: Fix garbage collection with zones

 include/linux/netfilter.h                  |  2 +-
 include/net/netfilter/nf_conntrack_count.h |  3 ++-
 include/uapi/linux/netfilter/nf_tables.h   |  2 +-
 net/netfilter/nf_conncount.c               | 13 +++++++++----
 net/netfilter/nf_conntrack_netlink.c       |  3 ++-
 net/netfilter/nf_tables_api.c              | 25 +++++++++++++++++++------
 net/netfilter/nf_tables_core.c             |  3 ++-
 net/netfilter/nfnetlink.c                  | 10 +++++++---
 net/netfilter/nft_chain_filter.c           |  5 +++++
 net/netfilter/nft_connlimit.c              |  2 +-
 net/netfilter/nft_dynset.c                 |  4 +---
 net/netfilter/nft_socket.c                 |  1 +
 net/netfilter/xt_connmark.c                |  2 +-
 13 files changed, 52 insertions(+), 23 deletions(-)

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, back to index

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-13 10:56 [PATCH 0/9] Netfilter fixes for net Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 1/9] netfilter: fix null-ptr-deref in nf_nat_decode_session Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 2/9] netfilter: nft_socket: fix module autoload Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 3/9] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 4/9] netfilter: nf_tables: fix module unload race Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 5/9] netfilter: nf_tables: close race between netns exit and rmmod Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 6/9] netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 7/9] netfilter: ctnetlink: avoid null pointer dereference Pablo Neira Ayuso
2018-06-13 10:56 ` [PATCH 8/9] netfilter: xt_connmark: fix list corruption on rmmod Pablo Neira Ayuso
2018-06-13 10:57 ` [PATCH 9/9] netfilter: nf_conncount: Fix garbage collection with zones Pablo Neira Ayuso
2018-06-13 21:05 ` [PATCH 0/9] Netfilter fixes for net David Miller

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git