From: Florian Westphal <fw@strlen.de>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, kuba@kernel.org, pabeni@redhat.com,
edumazet@google.com, horms@kernel.org
Subject: Re: [PATCH net,v2 00/11] Netfilter/IPVS fixes for net
Date: Thu, 16 Apr 2026 23:16:39 +0200 [thread overview]
Message-ID: <aeFRt__YQqJ84ZaN@strlen.de> (raw)
In-Reply-To: <20260416131453.308611-1-pablo@netfilter.org>
Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> v2: Keep back patches that have lengthy feedback by AI, they might
> need more work.
sashiko findings response:
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 01/11] netfilter: arp_tables: fix IEEE1394 ARP payload parsing in arp_packet_match()
yes, arpt_mangle.c has same bug pattern, will follow up.
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 02/11] netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 03/11] netfilter: nft_osf: restrict it to ipv4
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 04/11] netfilter: nfnetlink_osf: fix null-ptr-deref in nf_osf_ttl
yes, osf has more issues, I asked Fernando to investigate. Brief glance
the reports are accurate but these are NOT new issues added by these 3
fixes.
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 07/11] netfilter: nat: use kfree_rcu to release ops
shashiko wants /kfree/kfree_rcu/ in error unwind path and I think we
should just do it. Its an error path so it makes no practical
difference. Also, with upcoming -next patch to dump the nat
hooks too it would be required.
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 11/11] netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
report is accurate BUT this issue is already known and not a regression
added here.
The fix for this bug was in v1 PR but it needs more work and will come
in a followup batch.
If you don't want to take this v2 because of above issues, please
consider at least applying
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 08/11] ipvs: fix MTU check for GSO packets in tunnel mode
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 09/11] netfilter: nf_tables: use list_del_rcu for netlink hooks
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 10/11] rculist: add list_splice_rcu() for private lists
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 05/11] netfilter: conntrack: remove sprintf usage
↳ [2026-04-16] Pablo Neira Ayuso <pablo@netfilter.org>: [PATCH net 06/11] netfilter: xtables: restrict several matches to inet family
manually. nf:main always tracks net:main, applying them manually
doesn't cause issues.
I hope we get shashiko to also digest netfilter-devel;
otherwise this situation will persist forever or can
dissolve nf-devel and spam netdev@ directly :-|
next prev parent reply other threads:[~2026-04-16 21:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-16 13:14 [PATCH net,v2 00/11] Netfilter/IPVS fixes for net Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 01/11] netfilter: arp_tables: fix IEEE1394 ARP payload parsing in arp_packet_match() Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 02/11] netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 03/11] netfilter: nft_osf: restrict it to ipv4 Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 04/11] netfilter: nfnetlink_osf: fix null-ptr-deref in nf_osf_ttl Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 05/11] netfilter: conntrack: remove sprintf usage Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 06/11] netfilter: xtables: restrict several matches to inet family Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 07/11] netfilter: nat: use kfree_rcu to release ops Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 08/11] ipvs: fix MTU check for GSO packets in tunnel mode Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 09/11] netfilter: nf_tables: use list_del_rcu for netlink hooks Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 10/11] rculist: add list_splice_rcu() for private lists Pablo Neira Ayuso
2026-04-16 13:14 ` [PATCH net 11/11] netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase Pablo Neira Ayuso
2026-04-16 21:16 ` Florian Westphal [this message]
2026-04-17 7:51 ` [PATCH net,v2 00/11] Netfilter/IPVS fixes for net Pablo Neira Ayuso
2026-04-17 9:16 ` Fernando Fernandez Mancera
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aeFRt__YQqJ84ZaN@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.