From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>
Subject: [PATCH net 0/5] Netfilter fixes for net:
Date: Thu, 20 Jul 2023 18:51:32 +0200 [thread overview]
Message-ID: <20230720165143.30208-1-fw@strlen.de> (raw)
The following patchset contains Netfilter fixes for net:
1. Fix spurious -EEXIST error from userspace due to
padding holes, this was broken since 4.9 days
when 'ignore duplicate entries on insert' feature was
added.
2. Fix a sched-while-atomic bug, present since 5.19.
3. Properly remove elements if they lack an "end range".
nft userspace always sets an end range attribute, even
when its the same as the start, but the abi doesn't
have such a restriction. Always broken since it was
added in 5.6, all three from myself.
4 + 5: Bound chain needs to be skipped in netns release
and on rule flush paths, from Pablo Neira.
The following changes since commit ac528649f7c63bc233cc0d33cff11f767cc666e3:
Merge branch 'net-support-stp-on-bridge-in-non-root-netns' (2023-07-20 10:46:33 +0200)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-07-20
for you to fetch changes up to 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8:
netfilter: nf_tables: skip bound chain on rule flush (2023-07-20 17:21:11 +0200)
----------------------------------------------------------------
netfilter pull request 2023-07-20
----------------------------------------------------------------
Florian Westphal (3):
netfilter: nf_tables: fix spurious set element insertion failure
netfilter: nf_tables: can't schedule in nft_chain_validate
netfilter: nft_set_pipapo: fix improper element removal
Pablo Neira Ayuso (2):
netfilter: nf_tables: skip bound chain in netns release path
netfilter: nf_tables: skip bound chain on rule flush
net/netfilter/nf_tables_api.c | 12 ++++++++++--
net/netfilter/nft_set_pipapo.c | 6 +++++-
2 files changed, 15 insertions(+), 3 deletions(-)
next reply other threads:[~2023-07-20 16:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-20 16:51 Florian Westphal [this message]
2023-07-20 16:51 ` [PATCH net 1/5] netfilter: nf_tables: fix spurious set element insertion failure Florian Westphal
2023-07-20 20:00 ` patchwork-bot+netdevbpf
2023-07-20 16:51 ` [PATCH net 2/5] netfilter: nf_tables: can't schedule in nft_chain_validate Florian Westphal
2023-07-20 16:51 ` [PATCH net 3/5] netfilter: nft_set_pipapo: fix improper element removal Florian Westphal
2023-07-20 16:51 ` [PATCH net 4/5] netfilter: nf_tables: skip bound chain in netns release path Florian Westphal
2023-07-20 16:51 ` [PATCH net 5/5] netfilter: nf_tables: skip bound chain on rule flush Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230720165143.30208-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.