| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Jun 2024 19:05:32 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net,
netdev@...r.kernel.org,
kuba@...nel.org,
pabeni@...hat.com,
edumazet@...gle.com,
fw@...len.de
Subject: [PATCH net 0/5] Netfilter fixes for net
Hi,
The following patchset contains Netfilter fixes for net:
Patch #1 fixes the suspicious RCU usage warning that resulted from the
recent fix for the race between namespace cleanup and gc in
ipset left out checking the pernet exit phase when calling
rcu_dereference_protected(), from Jozsef Kadlecsik.
Patch #2 fixes incorrect input and output netdevice in SRv6 prerouting
hooks, from Jianguo Wu.
Patch #3 moves nf_hooks_lwtunnel sysctl toggle to the netfilter core.
The connection tracking system is loaded on-demand, this
ensures availability of this knob regardless.
Patch #4-#5 adds selftests for SRv6 netfilter hooks also from Jianguo Wu.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-06-19
Thanks.
----------------------------------------------------------------
The following changes since commit a8763466669d21b570b26160d0a5e0a2ee529d22:
selftests: openvswitch: Set value to nla flags. (2024-06-19 13:10:53 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-06-19
for you to fetch changes up to 221200ffeb065c6bbd196760c168b42305961655:
selftests: add selftest for the SRv6 End.DX6 behavior with netfilter (2024-06-19 18:42:10 +0200)
----------------------------------------------------------------
netfilter pull request 24-06-19
----------------------------------------------------------------
Jianguo Wu (4):
seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core
selftests: add selftest for the SRv6 End.DX4 behavior with netfilter
selftests: add selftest for the SRv6 End.DX6 behavior with netfilter
Jozsef Kadlecsik (1):
netfilter: ipset: Fix suspicious rcu_dereference_protected()
include/net/netns/netfilter.h | 3 +
net/ipv6/seg6_local.c | 8 +-
net/netfilter/core.c | 13 +-
net/netfilter/ipset/ip_set_core.c | 11 +-
net/netfilter/nf_conntrack_standalone.c | 15 -
net/netfilter/nf_hooks_lwtunnel.c | 67 ++++
net/netfilter/nf_internals.h | 6 +
tools/testing/selftests/net/Makefile | 2 +
tools/testing/selftests/net/config | 2 +
.../selftests/net/srv6_end_dx4_netfilter_test.sh | 335 ++++++++++++++++++++
.../selftests/net/srv6_end_dx6_netfilter_test.sh | 340 +++++++++++++++++++++
11 files changed, 776 insertions(+), 26 deletions(-)
create mode 100755 tools/testing/selftests/net/srv6_end_dx4_netfilter_test.sh
create mode 100755 tools/testing/selftests/net/srv6_end_dx6_netfilter_test.sh
Powered by blists - more mailing lists