lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230420170657.45373-1-pablo@netfilter.org>
Date:   Thu, 20 Apr 2023 19:06:55 +0200
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org,
        pabeni@...hat.com, edumazet@...gle.com
Subject: [PATCH net 0/2] Netfilter fixes for net

Hi,

The following patchset contains late Netfilter fixes for net:

1) Set on IPS_CONFIRMED before change_status() otherwise EBUSY is
   bogusly hit. This bug was introduced in the 6.3 release cycle.

2) Fix nfnetlink_queue conntrack support: Set/dump timeout
   accordingly for unconfirmed conntrack entries. Make sure this
   is done after IPS_CONFIRMED is set on. This is an old bug, it
   happens since the introduction of this feature.

Please, pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git

Thanks.

----------------------------------------------------------------

The following changes since commit 92e8c732d8518588ac34b4cb3feaf37d2cb87555:

  Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf (2023-04-18 20:46:31 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD

for you to fetch changes up to 73db1b8f2bb6725b7391e85aab41fdf592b3c0c1:

  netfilter: conntrack: fix wrong ct->timeout value (2023-04-19 12:08:38 +0200)

----------------------------------------------------------------
Pablo Neira Ayuso (1):
      netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert()

Tzung-Bi Shih (1):
      netfilter: conntrack: fix wrong ct->timeout value

 include/net/netfilter/nf_conntrack_core.h |  6 +++++-
 net/netfilter/nf_conntrack_bpf.c          |  1 +
 net/netfilter/nf_conntrack_core.c         |  1 -
 net/netfilter/nf_conntrack_netlink.c      | 16 ++++++++++++----
 4 files changed, 18 insertions(+), 6 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ