lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aXoxQbd_7mzTSBZO@strlen.de>
Date: Wed, 28 Jan 2026 16:54:41 +0100
From: Florian Westphal <fw@...len.de>
To: Eric Woudstra <ericwouds@...il.com>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
	netfilter-devel@...r.kernel.org, netdev@...r.kernel.org,
	bridge@...ts.linux.dev, Simon Horman <horms@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>, Jakub Kicinski <kuba@...nel.org>,
	Phil Sutter <phil@....cc>, Ido Schimmel <idosch@...dia.com>,
	Nikolay Aleksandrov <razor@...ckwall.org>,
	Eric Dumazet <edumazet@...gle.com>,
	"David S. Miller" <davem@...emloft.net>,
	Jozsef Kadlecsik <kadlec@...filter.org>
Subject: Re: [PATCH v17 nf-next 0/4] conntrack: bridge: add double vlan,
 pppoe and pppoe-in-q

Eric Woudstra <ericwouds@...il.com> wrote:
> >  include/net/netfilter/nf_tables_ipv4.h     | 21 +++--
> >  include/net/netfilter/nf_tables_ipv6.h     | 21 +++--
> >  net/bridge/netfilter/nf_conntrack_bridge.c | 92 ++++++++++++++++++----
> >  net/netfilter/nft_chain_filter.c           | 59 ++++++++++++--
> >  net/netfilter/utils.c                      | 28 +++++--
> >  5 files changed, 176 insertions(+), 45 deletions(-)
> > 
> 
> Can I kindly ask, what is the status of this patch-set?

Rotting, sorry.

At this time most of the patchwork queue management is done
by me, there are several other patchsets also vying for attention
and syzbot just reported UaF regression in rbtree, so I will be
busy with that for a while.

I decided to defer this:
1. There were no other 'Please lets apply this' reviews so far
2. We are close to a new kernel release, hence time window
   to accept features as opposed to fixes is shrinking.
3. You patchset changes how packets get processed both by
   conntrack and nf_tables bridge family.  Yes, its done as-advertised
   but still, this has known impact.  Hence I would prefer to
   apply this early in the cycle not at the last minute.

   Futhermore its a change that, if it causes issues down the road,
   might back us into a corner where we can neither fix things in a
   backwards compatible way without breaking the new feature.

In case there is no further feedback by the time the next development
cycle starts I will apply this series as-is (or ask for a rebase
in case its no longer applicable).

I apologize for the inconvenience.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ