| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251216190904.14507-1-fw@strlen.de>
Date: Tue, 16 Dec 2025 20:08:58 +0100
From: Florian Westphal <fw@...len.de>
To: <netdev@...r.kernel.org>
Cc: Paolo Abeni <pabeni@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
<netfilter-devel@...r.kernel.org>,
pablo@...filter.org
Subject: [PATCH net 0/6] netfilter: updates for net
Hi,
The following patchset contains Netfilter fixes for *net*:
1) Jozsef Kadlecsik is retiring. Fortunately Jozsef will still keep an
eye on ipset patches.
2) remove a bogus direction check from nat core, this caused spurious
flakes in the 'reverse clash' selftest, from myself.
3) nf_tables doesn't need to do chain validation on register store,
from Pablo Neira Ayuso.
4) nf_tables shouldn't revisit chains during ruleset (graph) validation
if possible. Both 3 and 4 were slated for -next initially but there
are now two independent reports of people hitting soft lockup errors
during ruleset validation, so it makes no sense anymore to route
this via -next given this is -stable material. From myself.
5) call cond_resched() in a more frequently visited place during nf_tables
chain validation, this wasn't possible earlier due to rcu read lock,
but nowadays its not held anymore during set walks.
6) Don't fail conntrack packetdrill test with HZ=100 kernels.
Please, pull these changes from:
The following changes since commit 885bebac9909994050bbbeed0829c727e42bd1b7:
nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (2025-12-11 01:40:00 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-25-12-16
for you to fetch changes up to fec7b0795548b43e2c3c46e3143c34ef6070341c:
selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel (2025-12-15 15:04:04 +0100)
----------------------------------------------------------------
netfilter pull request nf-25-12-16
----------------------------------------------------------------
Florian Westphal (4):
netfilter: nf_nat: remove bogus direction check
netfilter: nf_tables: avoid chain re-validation if possible
netfilter: nf_tables: avoid softlockup warnings in nft_chain_validate
selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel
Jozsef Kadlecsik (1):
MAINTAINERS: Remove Jozsef Kadlecsik from MAINTAINERS file
Pablo Neira Ayuso (1):
netfilter: nf_tables: remove redundant chain validation on register store
CREDITS | 1 +
MAINTAINERS | 1 -
include/net/netfilter/nf_tables.h | 34 ++++++---
net/netfilter/nf_nat_core.c | 14 +---
net/netfilter/nf_tables_api.c | 84 +++++++++++++++++-----
.../net/netfilter/conntrack_reverse_clash.c | 13 ++--
.../net/netfilter/conntrack_reverse_clash.sh | 2 +
.../packetdrill/conntrack_syn_challenge_ack.pkt | 2 +-
8 files changed, 107 insertions(+), 44 deletions(-)
# WARNING: skip 0001-MAINTAINERS-Remove-Jozsef-Kadlecsik-from-MAINTAINERS.patch, no "Fixes" tag!
# INFO: 0002-netfilter-nf_nat-remove-bogus-direction-check.patch fixes commit from v6.12-rc1~38^2^2~13
# INFO: 0003-netfilter-nf_tables-remove-redundant-chain-validatio.patch fixes commit from v4.18-rc1~114^2~78^2~5
# WARNING: skip 0004-netfilter-nf_tables-avoid-chain-re-validation-if-pos.patch, no "Fixes" tag!
Powered by blists - more mailing lists