| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250725170340.21327-1-pablo@netfilter.org>
Date: Fri, 25 Jul 2025 19:03:21 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net,
netdev@...r.kernel.org,
kuba@...nel.org,
pabeni@...hat.com,
edumazet@...gle.com,
fw@...len.de,
horms@...nel.org
Subject: [PATCH net-next 00/19] Netfilter/IPVS updates for net-next
Hi,
The following series contains Netfilter/IPVS updates for net-next:
1) Display netns inode in conntrack table full log, from lvxiafei.
2) Autoload nf_log_syslog in case no logging backend is available,
from Lance Yang.
3) Three patches to remove unused functions in x_tables, nf_tables and
conntrack. From Yue Haibing.
4) Exclude LEGACY TABLES on PREEMPT_RT: Add NETFILTER_XTABLES_LEGACY
to exclude xtables legacy infrastructure.
5) Restore selftests by toggling NETFILTER_XTABLES_LEGACY where needed.
From Florian Westphal.
6) Use CONFIG_INET_SCTP_DIAG in tools/testing/selftests/net/netfilter/config,
from Sebastian Andrzej Siewior.
7) Use timer_delete in comment in IPVS codebase, from WangYuli.
8) Dump flowtable information in nfnetlink_hook, this includes an initial
patch to consolidate common code in helper function, from Phil Sutter.
9) Remove unused arguments in nft_pipapo set backend, from Florian Westphal.
10) Return nft_set_ext instead of boolean in set lookup function,
from Florian Westphal.
11) Remove indirection in dynamic set infrastructure, also from Florian.
12) Consolidate pipapo_get/lookup, from Florian.
13) Use kvmalloc in nft_pipapop, from Florian Westphal.
14) syzbot reports slab-out-of-bounds in xt_nfacct log message,
fix from Florian Westphal.
15) Ignored tainted kernels in selftest nft_interface_stress.sh,
from Phil Sutter.
16) Fix IPVS selftest by disabling rp_filter with ipip tunnel device,
from Yi Chen.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-25-07-25
Thanks.
----------------------------------------------------------------
The following changes since commit faa60990a5414e5a1957adc9434ca0e804ad700b:
Merge branch 'selftests-drv-net-fix-and-improve-command-requirement-checking' (2025-07-24 18:52:03 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-07-25
for you to fetch changes up to 8b4a1a46e84a17f5d6fde5c506cc6bb141a24772:
selftests: netfilter: ipvs.sh: Explicity disable rp_filter on interface tunl0 (2025-07-25 18:41:04 +0200)
----------------------------------------------------------------
netfilter pull request 25-07-25
----------------------------------------------------------------
Florian Westphal (7):
selftests: net: Enable legacy netfilter legacy options.
netfilter: nft_set_pipapo: remove unused arguments
netfilter: nft_set: remove one argument from lookup and update functions
netfilter: nft_set: remove indirection from update API call
netfilter: nft_set_pipapo: merge pipapo_get/lookup
netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps
netfilter: xt_nfacct: don't assume acct name is null-terminated
Lance Yang (1):
netfilter: load nf_log_syslog on enabling nf_conntrack_log_invalid
Pablo Neira Ayuso (1):
netfilter: Exclude LEGACY TABLES on PREEMPT_RT.
Phil Sutter (3):
netfilter: nfnetlink: New NFNLA_HOOK_INFO_DESC helper
netfilter: nfnetlink_hook: Dump flowtable info
selftests: netfilter: Ignore tainted kernels in interface stress test
Sebastian Andrzej Siewior (1):
selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG
WangYuli (1):
ipvs: Rename del_timer in comment in ip_vs_conn_expire_now()
Yi Chen (1):
selftests: netfilter: ipvs.sh: Explicity disable rp_filter on interface tunl0
Yue Haibing (3):
netfilter: x_tables: Remove unused functions xt_{in|out}name()
netfilter: nf_tables: Remove unused nft_reduce_is_readonly()
netfilter: conntrack: Remove unused net in nf_conntrack_double_lock()
lvxiafei (1):
netfilter: conntrack: table full detailed log
include/linux/netfilter.h | 1 +
include/linux/netfilter/x_tables.h | 10 -
include/net/netfilter/nf_log.h | 3 +
include/net/netfilter/nf_tables.h | 19 +-
include/net/netfilter/nf_tables_core.h | 50 +++--
include/uapi/linux/netfilter/nfnetlink_hook.h | 2 +
net/bridge/netfilter/Kconfig | 10 +-
net/ipv4/netfilter/Kconfig | 24 +--
net/ipv6/netfilter/Kconfig | 19 +-
net/netfilter/Kconfig | 10 +
net/netfilter/ipvs/ip_vs_conn.c | 2 +-
net/netfilter/nf_conntrack_core.c | 16 +-
net/netfilter/nf_conntrack_standalone.c | 26 ++-
net/netfilter/nf_log.c | 26 +++
net/netfilter/nf_tables_api.c | 24 +--
net/netfilter/nfnetlink_hook.c | 76 ++++++--
net/netfilter/nft_dynset.c | 10 +-
net/netfilter/nft_lookup.c | 27 +--
net/netfilter/nft_objref.c | 5 +-
net/netfilter/nft_set_bitmap.c | 11 +-
net/netfilter/nft_set_hash.c | 54 +++---
net/netfilter/nft_set_pipapo.c | 204 +++++++--------------
net/netfilter/nft_set_pipapo_avx2.c | 26 +--
net/netfilter/nft_set_rbtree.c | 40 ++--
net/netfilter/x_tables.c | 16 +-
net/netfilter/xt_nfacct.c | 4 +-
tools/testing/selftests/bpf/config | 1 +
tools/testing/selftests/hid/config.common | 1 +
tools/testing/selftests/net/config | 11 ++
tools/testing/selftests/net/mptcp/config | 2 +
tools/testing/selftests/net/netfilter/config | 7 +-
tools/testing/selftests/net/netfilter/ipvs.sh | 4 +-
.../net/netfilter/nft_interface_stress.sh | 5 +-
.../testing/selftests/wireguard/qemu/kernel.config | 4 +
34 files changed, 402 insertions(+), 348 deletions(-)
Powered by blists - more mailing lists