From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/9] Netfilter/IPVS fixes for net
Date: Fri, 8 Sep 2017 19:45:39 +0200 [thread overview]
Message-ID: <1504892748-1605-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter/IPVS fixes for your net tree,
they are:
1) Fix SCTP connection setup when IPVS module is loaded and any scheduler
is registered, from Xin Long.
2) Don't create a SCTP connection from SCTP ABORT packets, also from
Xin Long.
3) WARN_ON() and drop packet, instead of BUG_ON() races when calling
nf_nat_setup_info(). This is specifically a longstanding problem
when br_netfilter with conntrack support is in place, patch from
Florian Westphal.
4) Avoid softlock splats via iptables-restore, also from Florian.
5) Revert NAT hashtable conversion to rhashtable, semantics of rhlist
are different from our simple NAT hashtable, this has been causing
problems in the recent Linux kernel releases. From Florian.
6) Add per-bucket spinlock for NAT hashtable, so at least we restore
one of the benefits we got from the previous rhashtable conversion.
7) Fix incorrect hashtable size in memory allocation in xt_hashlimit,
from Zhizhou Tian.
8) Fix build/link problems with hashlimit and 32-bit arches, to address
recent fallout from a new hashlimit mode, from Vishwanath Pai.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 8e0deed92406d93ae0365cb8a6134db5721e7aca:
tipc: remove unnecessary call to dev_net() (2017-09-06 21:25:52 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD
for you to fetch changes up to 90c4ae4e2c1da9f1eaf846136861af43d4c1ff34:
netfilter: xt_hashlimit: fix build error caused by 64bit division (2017-09-08 18:55:53 +0200)
----------------------------------------------------------------
Florian Westphal (5):
netfilter: nf_nat: don't bug when mapping already exists
netfilter: xtables: add scheduling opportunity in get_counters
netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable"
netfilter: nat: use keyed locks
netfilter: core: remove erroneous warn_on
Vishwanath Pai (1):
netfilter: xt_hashlimit: fix build error caused by 64bit division
Xin Long (2):
netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet
netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule
Zhizhou Tian (1):
netfilter: xt_hashlimit: alloc hashtable with right size
include/net/netfilter/nf_conntrack.h | 3 +-
include/net/netfilter/nf_nat.h | 1 -
net/ipv4/netfilter/arp_tables.c | 1 +
net/ipv4/netfilter/ip_tables.c | 1 +
net/ipv6/netfilter/ip6_tables.c | 1 +
net/netfilter/core.c | 2 +-
net/netfilter/ipvs/ip_vs_proto_sctp.c | 8 +-
net/netfilter/nf_nat_core.c | 146 ++++++++++++++++------------------
net/netfilter/xt_hashlimit.c | 16 ++--
9 files changed, 88 insertions(+), 91 deletions(-)
next reply other threads:[~2017-09-08 17:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-08 17:45 Pablo Neira Ayuso [this message]
2017-09-08 17:45 ` [PATCH 1/9] netfilter: ipvs: fix the issue that sctp_conn_schedule drops non-INIT packet Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 2/9] netfilter: ipvs: do not create conn for ABORT packet in sctp_conn_schedule Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 3/9] netfilter: nf_nat: don't bug when mapping already exists Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 4/9] netfilter: xtables: add scheduling opportunity in get_counters Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 5/9] netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 6/9] netfilter: nat: use keyed locks Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 7/9] netfilter: core: remove erroneous warn_on Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 8/9] netfilter: xt_hashlimit: alloc hashtable with right size Pablo Neira Ayuso
2017-09-08 17:45 ` [PATCH 9/9] netfilter: xt_hashlimit: fix build error caused by 64bit division Pablo Neira Ayuso
2017-09-08 18:36 ` [PATCH 0/9] Netfilter/IPVS fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2018-05-28 23:42 Pablo Neira Ayuso
2018-05-29 2:39 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1504892748-1605-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).