All of lore.kernel.org
 help / color / mirror / Atom feed
From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	<netfilter-devel@vger.kernel.org>
Subject: [PATCH net 0/6] netfilter patches for net
Date: Wed,  4 Oct 2023 16:13:44 +0200	[thread overview]
Message-ID: <20231004141405.28749-1-fw@strlen.de> (raw)

Hello,

The following batch contains netfilter fixes and selftests for the *net* tree.

First patch resolves a regression with vlan header matching, this was
broken since 6.5 release.  From myself.

Second patch fixes an ancient problem with sctp connection tracking in
case INIT_ACK packets are delayed.  This comes with a selftest, both
patches from Xin Long.

Patch 4 extends the existing nftables audit selftest, from
Phil Sutter.

Patch 5, also from Phil, avoids a situation where nftables
would emit an audit record twice. This was broken since 5.13 days.

Patch 6, from myself, avoids spurious insertion failure if we encounter an
overlapping but expired range during element insertion with the
'nft_set_rbtree' backend. This problem exists since 6.2.

The following changes since commit 51e7a66666e0ca9642c59464ef8359f0ac604d41:

  ibmveth: Remove condition to recompute TCP header checksum. (2023-10-04 11:19:57 +0100)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-10-04

for you to fetch changes up to 087388278e0f301f4c61ddffb1911d3a180f84b8:

  netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (2023-10-04 15:57:28 +0200)

----------------------------------------------------------------
netfilter pull request 2023-10-04

----------------------------------------------------------------
Florian Westphal (2):
      netfilter: nft_payload: rebuild vlan header on h_proto access
      netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure

Phil Sutter (2):
      selftests: netfilter: Extend nft_audit.sh
      netfilter: nf_tables: Deduplicate nft_register_obj audit logs

Xin Long (2):
      netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp
      selftests: netfilter: test for sctp collision processing in nf_conntrack

 include/linux/netfilter/nf_conntrack_sctp.h        |   1 +
 net/netfilter/nf_conntrack_proto_sctp.c            |  43 ++++++--
 net/netfilter/nf_tables_api.c                      |  44 +++++---
 net/netfilter/nft_payload.c                        |  13 ++-
 net/netfilter/nft_set_rbtree.c                     |  46 +++++---
 tools/testing/selftests/netfilter/Makefile         |   5 +-
 .../netfilter/conntrack_sctp_collision.sh          |  89 ++++++++++++++++
 tools/testing/selftests/netfilter/nft_audit.sh     | 117 ++++++++++++++++++---
 tools/testing/selftests/netfilter/sctp_collision.c |  99 +++++++++++++++++
 9 files changed, 395 insertions(+), 62 deletions(-)
 create mode 100755 tools/testing/selftests/netfilter/conntrack_sctp_collision.sh
 create mode 100644 tools/testing/selftests/netfilter/sctp_collision.c

             reply	other threads:[~2023-10-04 14:14 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-04 14:13 Florian Westphal [this message]
2023-10-04 14:13 ` [PATCH net 1/6] netfilter: nft_payload: rebuild vlan header on h_proto access Florian Westphal
2023-10-04 22:10   ` patchwork-bot+netdevbpf
2023-10-04 14:13 ` [PATCH net 2/6] netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp Florian Westphal
2023-10-04 14:13 ` [PATCH net 3/6] selftests: netfilter: test for sctp collision processing in nf_conntrack Florian Westphal
2023-10-04 14:13 ` [PATCH net 4/6] selftests: netfilter: Extend nft_audit.sh Florian Westphal
2023-10-04 14:13 ` [PATCH net 5/6] netfilter: nf_tables: Deduplicate nft_register_obj audit logs Florian Westphal
2023-10-04 14:13 ` [PATCH net 6/6] netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure Florian Westphal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231004141405.28749-1-fw@strlen.de \
    --to=fw@strlen.de \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.