| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250911143819.14753-1-fw@strlen.de>
Date: Thu, 11 Sep 2025 16:38:14 +0200
From: Florian Westphal <fw@...len.de>
To: <netdev@...r.kernel.org>
Cc: Paolo Abeni <pabeni@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
<netfilter-devel@...r.kernel.org>,
pablo@...filter.org
Subject: [PATCH net-next 0/5] netfilter: updates for net-next
The following patchset contains Netfilter changes for *net-next*:
1) Don't respond to ICMP_UNREACH errors with another ICMP_UNREACH
error.
2) Support fetching the current bridge ethernet address.
This allows a more flexible approach to packet redirection
on bridges without need to use hardcoded addresses. From
Fernando Fernandez Mancera.
3) Zap a few no-longer needed conditionals from ipvs packet path
and convert to READ/WRITE_ONCE to avoid KCSAN warnings.
From Zhang Tengfei.
4) Remove a no-longer-used macro argument in ipset, from Zhen Ni.
Please, pull these changes from:
The following changes since commit 5adf6f2b9972dbb69f4dd11bae52ba251c64ecb7:
Merge branch 'ipv4-icmp-fix-source-ip-derivation-in-presence-of-vrfs' (2025-09-11 12:22:40 +0200)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-09-11
for you to fetch changes up to db99b2f2b3e2cd8227ac9990ca4a8a31a1e95e56:
netfilter: nf_reject: don't reply to icmp error messages (2025-09-11 15:40:55 +0200)
----------------------------------------------------------------
netfilter pull request nf-next-25-09-11
----------------------------------------------------------------
Andres Urian Florez (1):
selftest:net: fixed spelling mistakes
Fernando Fernandez Mancera (1):
netfilter: nft_meta_bridge: introduce NFT_META_BRI_IIFHWADDR support
Florian Westphal (1):
netfilter: nf_reject: don't reply to icmp error messages
Zhang Tengfei (1):
ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable
Zhen Ni (1):
netfilter: ipset: Remove unused htable_bits in macro ahash_region
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/bridge/netfilter/nft_meta_bridge.c | 11 +++++++++
net/ipv4/netfilter/nf_reject_ipv4.c | 25 ++++++++++++++++++++
net/ipv6/netfilter/nf_reject_ipv6.c | 30 ++++++++++++++++++++++++
net/netfilter/ipset/ip_set_hash_gen.h | 8 +++----
net/netfilter/ipvs/ip_vs_conn.c | 4 ++--
net/netfilter/ipvs/ip_vs_core.c | 11 ++++-----
net/netfilter/ipvs/ip_vs_ctl.c | 6 ++---
net/netfilter/ipvs/ip_vs_est.c | 16 ++++++-------
tools/testing/selftests/net/netfilter/nft_nat.sh | 4 ++--
10 files changed, 91 insertions(+), 26 deletions(-)
Powered by blists - more mailing lists