All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft] tests: py: must use input, not output
Date: Tue, 7 Oct 2025 13:08:55 +0200	[thread overview]
Message-ID: <aOT0xy0PhC_vbIIN@calendula> (raw)
In-Reply-To: <20251007104852.3892-1-fw@strlen.de>

On Tue, Oct 07, 2025 at 12:48:49PM +0200, Florian Westphal wrote:
> synproxy must never be used in output rules, doing so results in kernel
> crash due to infinite recursive calls back to nf_hook_slow() for the
> emitted reply packet.
> 
> Up until recently kernel lacked this validation, and now that the kernel
> rejects this the test fails.  Use input to make this pass again.
> 
> A new test to ensure we reject synproxy in ouput should be added
> in the near future.
> 
> Signed-off-by: Florian Westphal <fw@strlen.de>

Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

Thanks.

  reply	other threads:[~2025-10-07 11:08 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-07 10:48 [PATCH nft] tests: py: must use input, not output Florian Westphal
2025-10-07 11:08 ` Pablo Neira Ayuso [this message]
2025-10-07 11:33 ` Fernando Fernandez Mancera

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aOT0xy0PhC_vbIIN@calendula \
    --to=pablo@netfilter.org \
    --cc=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.