lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250902133549.15945-1-fw@strlen.de>
Date: Tue,  2 Sep 2025 15:35:42 +0200
From: Florian Westphal <fw@...len.de>
To: <netdev@...r.kernel.org>
Cc: Paolo Abeni <pabeni@...hat.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	<netfilter-devel@...r.kernel.org>,
	pablo@...filter.org
Subject: [PATCH v2 net-next 0/7] netfilter: updates for net-next

v2: drop patch 5, to be routed via net tree. No other changes.

Hi,

The following patchset contains Netfilter fixes for *net-next*:

1) prefer vmalloc_array in ebtables, from  Qianfeng Rong.
2) Use csum_replace4 instead of open-coding it, from Christophe Leroy.
3+4) Get rid of GFP_ATOMIC in transaction object allocations, those
     cause silly failures with large sets under memory pressure, from
     myself.
5) Remove test for AVX cpu feature in nftables pipapo set type,
   testing for AVX2 feature is sufficient.
6) Unexport a few function in nf_reject infra: no external callers.
7) Extend payload offset to u16, this was restricted to values <=255
   so far, from Fernando Fernandez Mancera.

Please, pull these changes from:
The following changes since commit cd8a4cfa6bb43a441901e82f5c222dddc75a18a3:

  Merge branch 'e-switch-vport-sharing-delegation' (2025-09-02 15:18:19 +0200)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-09-02

for you to fetch changes up to 077dc4a275790b09e8a2ce80822ba8970e9dfb99:

  netfilter: nft_payload: extend offset to 65535 bytes (2025-09-02 15:28:18 +0200)

----------------------------------------------------------------
netfilter pull request nf-next-25-09-02

----------------------------------------------------------------
Christophe Leroy (1):
      netfilter: nft_payload: Use csum_replace4() instead of opencoding

Fernando Fernandez Mancera (1):
      netfilter: nft_payload: extend offset to 65535 bytes

Florian Westphal (4):
      netfilter: nf_tables: allow iter callbacks to sleep
      netfilter: nf_tables: all transaction allocations can now sleep
      netfilter: nft_set_pipapo: remove redundant test for avx feature bit
      netfilter: nf_reject: remove unneeded exports

Qianfeng Rong (1):
      netfilter: ebtables: Use vmalloc_array() to improve code

 include/net/netfilter/ipv4/nf_reject.h |   8 ---
 include/net/netfilter/ipv6/nf_reject.h |  10 ----
 include/net/netfilter/nf_tables.h      |   2 +
 include/net/netfilter/nf_tables_core.h |   2 +-
 net/bridge/netfilter/ebtables.c        |  14 ++---
 net/ipv4/netfilter/nf_reject_ipv4.c    |  27 +++++----
 net/ipv6/netfilter/nf_reject_ipv6.c    |  37 ++++++++----
 net/netfilter/nf_tables_api.c          |  47 +++++++---------
 net/netfilter/nft_payload.c            |  20 ++++---
 net/netfilter/nft_set_hash.c           | 100 ++++++++++++++++++++++++++++++++-
 net/netfilter/nft_set_pipapo.c         |   3 +-
 net/netfilter/nft_set_pipapo_avx2.c    |   2 +-
 net/netfilter/nft_set_rbtree.c         |  35 +++++++++---
 13 files changed, 209 insertions(+), 98 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ