From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>
Subject: [PATCH net 0/4] netfilter: updates for net
Date: Wed, 18 Oct 2023 14:55:56 +0200 [thread overview]
Message-ID: <20231018125605.27299-1-fw@strlen.de> (raw)
Hello,
This series contains fixes for your *net* tree.
First patch, from Phil Sutter, reduces number of audit notifications
when userspace requests to re-set stateful objects.
This change also comes with a selftest update.
Second patch, also from Phil, moves the nftables audit selftest
to its own netns to avoid interference with the init netns.
Third patch, from Pablo Neira, fixes an inconsistency with the "rbtree"
set backend: When set element X has expired, a request to delete element
X should fail (like with all other backends).
Finally, patch four, also from Pablo, reverts a recent attempt to speed
up abort of a large pending update with the "pipapo" set backend.
It could cause stray references to remain in the set, which then
results in a double-free.
The following changes since commit 2915240eddba96b37de4c7e9a3d0ac6f9548454b:
neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (2023-10-18 11:16:43 +0100)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-23-10-18
for you to fetch changes up to f86fb94011aeb3b26337fc22204ca726aeb8bc24:
netfilter: nf_tables: revert do not remove elements if set backend implements .abort (2023-10-18 13:47:32 +0200)
----------------------------------------------------------------
netfilter pr 2023-18-10
----------------------------------------------------------------
Pablo Neira Ayuso (2):
netfilter: nft_set_rbtree: .deactivate fails if element has expired
netfilter: nf_tables: revert do not remove elements if set backend implements .abort
Phil Sutter (2):
netfilter: nf_tables: audit log object reset once per table
selftests: netfilter: Run nft_audit.sh in its own netns
net/netfilter/nf_tables_api.c | 55 ++++++++++++++------------
net/netfilter/nft_set_rbtree.c | 2 +
tools/testing/selftests/netfilter/nft_audit.sh | 52 ++++++++++++++++++++++++
3 files changed, 83 insertions(+), 26 deletions(-)
next reply other threads:[~2023-10-18 12:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-18 12:55 Florian Westphal [this message]
2023-10-18 12:55 ` [PATCH net 1/4] netfilter: nf_tables: audit log object reset once per table Florian Westphal
2023-10-19 1:20 ` patchwork-bot+netdevbpf
2023-10-18 12:55 ` [PATCH net 2/4] selftests: netfilter: Run nft_audit.sh in its own netns Florian Westphal
2023-10-18 12:55 ` [PATCH net 3/4] netfilter: nft_set_rbtree: .deactivate fails if element has expired Florian Westphal
2023-10-18 12:56 ` [PATCH net 4/4] netfilter: nf_tables: revert do not remove elements if set backend implements .abort Florian Westphal
-- strict thread matches above, loose matches on Subject: below --
2025-10-08 12:59 [PATCH net 0/4] netfilter: updates for net Florian Westphal
2025-12-10 11:07 Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231018125605.27299-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).