| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241009213858.3565808-1-pablo@netfilter.org>
Date: Wed, 9 Oct 2024 23:38:55 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net,
netdev@...r.kernel.org,
kuba@...nel.org,
pabeni@...hat.com,
edumazet@...gle.com,
fw@...len.de
Subject: [PATCH net 0/3] Netfilter fixes for net
Hi,
The following patchset contains Netfilter fixes for net:
1) Restrict xtables extensions to families that are safe, syzbot found
a way to combine ebtables with extensions that are never used by
userspace tools. From Florian Westphal.
2) Set l3mdev inconditionally whenever possible in nft_fib to fix lookup
mismatch, also from Florian.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-10-09
Thanks.
----------------------------------------------------------------
The following changes since commit 983e35ce2e1ee4037f6f5d5398dfc107b22ad569:
net: hns3/hns: Update the maintainer for the HNS3/HNS ethernet driver (2024-10-09 13:40:42 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-10-09
for you to fetch changes up to c6a0862bee696cfb236a4e160a7f376c0ecdcf0c:
selftests: netfilter: conntrack_vrf.sh: add fib test case (2024-10-09 23:31:15 +0200)
----------------------------------------------------------------
netfilter pull request 24-10-09
----------------------------------------------------------------
Florian Westphal (3):
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
netfilter: fib: check correct rtable in vrf setups
selftests: netfilter: conntrack_vrf.sh: add fib test case
net/ipv4/netfilter/nft_fib_ipv4.c | 4 +-
net/ipv6/netfilter/nft_fib_ipv6.c | 5 +-
net/netfilter/xt_CHECKSUM.c | 33 +++++--
net/netfilter/xt_CLASSIFY.c | 16 +++-
net/netfilter/xt_CONNSECMARK.c | 36 ++++---
net/netfilter/xt_CT.c | 106 ++++++++++++++-------
net/netfilter/xt_IDLETIMER.c | 59 ++++++++----
net/netfilter/xt_LED.c | 39 +++++---
net/netfilter/xt_NFLOG.c | 36 ++++---
net/netfilter/xt_RATEEST.c | 39 +++++---
net/netfilter/xt_SECMARK.c | 27 +++++-
net/netfilter/xt_TRACE.c | 35 ++++---
net/netfilter/xt_addrtype.c | 15 ++-
net/netfilter/xt_cluster.c | 33 +++++--
net/netfilter/xt_connbytes.c | 4 +-
net/netfilter/xt_connlimit.c | 39 +++++---
net/netfilter/xt_connmark.c | 28 +++++-
net/netfilter/xt_mark.c | 42 ++++++--
.../selftests/net/netfilter/conntrack_vrf.sh | 33 +++++++
19 files changed, 459 insertions(+), 170 deletions(-)
Powered by blists - more mailing lists