| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aXsxr8KQGFOhnLIa@strlen.de>
Date: Thu, 29 Jan 2026 11:08:47 +0100
From: Florian Westphal <fw@...len.de>
To: Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org, Paolo Abeni <pabeni@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>, netfilter-devel@...r.kernel.org,
pablo@...filter.org
Subject: Re: [PATCH net-next 0/9] netfilter: updates for net-next
Florian Westphal <fw@...len.de> wrote:
> Jakub Kicinski <kuba@...nel.org> wrote:
> > [ 580.340726][T19113] sctp: Hash tables configured (bind 32/56)
> > [ 601.749973][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 601.985349][ C2] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 602.191750][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 602.555469][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 602.895890][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 603.226543][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 603.435907][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 603.569421][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 603.672454][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 603.821679][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 127.0.0.1:23456. Sending cookies.
> > [ 618.553975][T19316] ==================================================================
> > [ 618.554200][T19316] BUG: KASAN: slab-use-after-free in nfqnl_enqueue_packet+0x8f1/0x9e0 [nfnetlink_queue]
> > [ 618.554424][T19316] Write of size 1 at addr ff1100001cc9ae68 by task socat/19316
> > [ 618.554600][T19316]
>
> Did not occur here during local testing :-(
>
> Should I send a v2 without the last two patches or will you pull and
> discard the last two changes?
Alternatively you can also pull this:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-26-01-29
Which is the same series but without the last two patches, i.e. up to
e19079adcd26a25d7d3e586b1837493361fdf8b6:
netfilter: nfnetlink_queue: optimize verdict lookup with hash table (2026-01-29 09:52:07 +0100)
----------------------------------------------------------------
netfilter pull request nf-next-26-01-29
----------------------------------------------------------------
Jinjie Ruan (1):
netfilter: xt_time: use is_leap_year() helper
Lorenzo Bianconi (5):
netfilter: Add ctx pointer in nf_flow_skb_encap_protocol/nf_flow_ip4_tunnel_proto signature
netfilter: Introduce tunnel metadata info in nf_flowtable_ctx struct
netfilter: flowtable: Add IP6IP6 rx sw acceleration
netfilter: flowtable: Add IP6IP6 tx sw acceleration
selftests: netfilter: nft_flowtable.sh: Add IP6IP6 flowtable selftest
Scott Mitchell (1):
netfilter: nfnetlink_queue: optimize verdict lookup with hash table
6 files changed, 408 insertions(+), 81 deletions(-)
Powered by blists - more mailing lists