Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Sat, 4 Jul 2020 02:13:57 +0200 > The following patchset contains Netfilter fixes for net: > > 1) Use kvfree() to release vmalloc()'ed areas in ipset, from Eric Dumazet. > > 2) UAF in nfnetlink_queue from the nf_conntrack_update() path. > > Please, pull these chan

[PATCH 0/2] Netfilter fixes for net

Hi, The following patchset contains Netfilter fixes for net: 1) Use kvfree() to release vmalloc()'ed areas in ipset, from Eric Dumazet. 2) UAF in nfnetlink_queue from the nf_conntrack_update() path. Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Wed, 29 Apr 2020 23:48:09 +0200 > The following patchset contains Netfilter fixes for net: > > 1) Do not update the UDP checksum when it's zero, from Guillaume Nault. > > 2) Fix return of local variable in nf_osf, from Arnd Bergmann. > > You can pull these changes

[PATCH 0/2] Netfilter fixes for net

Hi David, The following patchset contains Netfilter fixes for net: 1) Do not update the UDP checksum when it's zero, from Guillaume Nault. 2) Fix return of local variable in nf_osf, from Arnd Bergmann. You can pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.gi

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Wed, 2 Oct 2019 20:53:43 +0200 > The following patchset contains Netfilter fixes for net: > > 1) Remove the skb_ext_del from nf_reset, and renames it to a more >fitting nf_reset_ct(). Patch from Florian Westphal. > > 2) Fix deadlock in nft_connlimit between pa

[PATCH 0/2] Netfilter fixes for net

Hi, The following patchset contains Netfilter fixes for net: 1) Remove the skb_ext_del from nf_reset, and renames it to a more fitting nf_reset_ct(). Patch from Florian Westphal. 2) Fix deadlock in nft_connlimit between packet path updates and the garbage collector. You can pull these cha

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Mon, 11 Feb 2019 17:53:17 +0100 > The following patchset contains Netfilter fixes for net: > > 1) Out-of-bound access to packet data from the snmp nat helper, >from Jann Horn. > > 2) ICMP(v6) error packets are set as related traffic by conntrack, >update pr

[PATCH 0/2] Netfilter fixes for net

Hi David, The following patchset contains Netfilter fixes for net: 1) Out-of-bound access to packet data from the snmp nat helper, from Jann Horn. 2) ICMP(v6) error packets are set as related traffic by conntrack, update protocol number before calling nf_nat_ipv4_manip_pkt() to use ICMP

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Wed, 1 Nov 2017 19:48:10 +0100 > The following patchset contains two one-liner fixes for your net tree, > they are: > > 1) Disable fast hash operations for 2-bytes length keys which is leading >to incorrect lookups in nf_tables, from Anatole Denis. > > 2) Relo

[PATCH 0/2] Netfilter fixes for net

Hi David, The following patchset contains two one-liner fixes for your net tree, they are: 1) Disable fast hash operations for 2-bytes length keys which is leading to incorrect lookups in nf_tables, from Anatole Denis. 2) Reload pointer ipv4 header after ip_route_me_harder() given this may

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Wed, 20 Sep 2017 12:49:01 +0200 > The following patchset contains two Netfilter fixes for your net tree, > they are: > > 1) Fix NAt compilation with UP, from Geert Uytterhoeven. > > 2) Fix incorrect number of entries when dumping a set, from >Vishwanath Pai. P

[PATCH 0/2] Netfilter fixes for net

Hi David, The following patchset contains two Netfilter fixes for your net tree, they are: 1) Fix NAt compilation with UP, from Geert Uytterhoeven. 2) Fix incorrect number of entries when dumping a set, from Vishwanath Pai. You can pull these changes from: git://git.kernel.org/pub/scm/lin

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Thu, 6 Jul 2017 14:54:23 +0200 > The following patchset contains two Netfilter fixes for your net tree, > they are: > > 1) Fix memleak from netns release path of conntrack protocol trackers, >patch from Liping Zhang. > > 2) Uninitialized flags field in ebt_log

[PATCH 0/2] Netfilter fixes for net

Hi David, The following patchset contains two Netfilter fixes for your net tree, they are: 1) Fix memleak from netns release path of conntrack protocol trackers, patch from Liping Zhang. 2) Uninitialized flags field in ebt_log, that results in unpredictable logging format in ebtables, also

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Tue, 22 Dec 2015 18:53:15 +0100 > The following patchset contains two netfilter fixes: > > 1) Oneliner from Florian to dump missing NFT_CT_L3PROTOCOL netlink >attribute, from Florian Westphal. > > 2) Another oneliner for nf_tables to use skb->protocol from the

[PATCH 0/2] Netfilter fixes for net

Hi David, The following patchset contains two netfilter fixes: 1) Oneliner from Florian to dump missing NFT_CT_L3PROTOCOL netlink attribute, from Florian Westphal. 2) Another oneliner for nf_tables to use skb->protocol from the new netdev family, we can't assume ethernet there. You can pu

Re: [PATCH 0/2] Netfilter fixes for net

From: Pablo Neira Ayuso Date: Mon, 27 Apr 2015 20:41:55 +0200 > The following patchset contains Netfilter fixes for your net tree, > they are: > > 1) Fix a crash in nf_tables when dictionaries are used from the ruleset, >due to memory corruption, from Florian Westphal. > > 2) Fix another cr

[PATCH 0/2] Netfilter fixes for net

Hi David, The following patchset contains Netfilter fixes for your net tree, they are: 1) Fix a crash in nf_tables when dictionaries are used from the ruleset, due to memory corruption, from Florian Westphal. 2) Fix another crash in nf_queue when used with br_netfilter. Also from Florian.