From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>,
pablo@netfilter.org
Subject: [PATCH net 0/6] netfilter: updates for net
Date: Tue, 16 Dec 2025 20:08:58 +0100 [thread overview]
Message-ID: <20251216190904.14507-1-fw@strlen.de> (raw)
Hi,
The following patchset contains Netfilter fixes for *net*:
1) Jozsef Kadlecsik is retiring. Fortunately Jozsef will still keep an
eye on ipset patches.
2) remove a bogus direction check from nat core, this caused spurious
flakes in the 'reverse clash' selftest, from myself.
3) nf_tables doesn't need to do chain validation on register store,
from Pablo Neira Ayuso.
4) nf_tables shouldn't revisit chains during ruleset (graph) validation
if possible. Both 3 and 4 were slated for -next initially but there
are now two independent reports of people hitting soft lockup errors
during ruleset validation, so it makes no sense anymore to route
this via -next given this is -stable material. From myself.
5) call cond_resched() in a more frequently visited place during nf_tables
chain validation, this wasn't possible earlier due to rcu read lock,
but nowadays its not held anymore during set walks.
6) Don't fail conntrack packetdrill test with HZ=100 kernels.
Please, pull these changes from:
The following changes since commit 885bebac9909994050bbbeed0829c727e42bd1b7:
nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (2025-12-11 01:40:00 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-25-12-16
for you to fetch changes up to fec7b0795548b43e2c3c46e3143c34ef6070341c:
selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel (2025-12-15 15:04:04 +0100)
----------------------------------------------------------------
netfilter pull request nf-25-12-16
----------------------------------------------------------------
Florian Westphal (4):
netfilter: nf_nat: remove bogus direction check
netfilter: nf_tables: avoid chain re-validation if possible
netfilter: nf_tables: avoid softlockup warnings in nft_chain_validate
selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel
Jozsef Kadlecsik (1):
MAINTAINERS: Remove Jozsef Kadlecsik from MAINTAINERS file
Pablo Neira Ayuso (1):
netfilter: nf_tables: remove redundant chain validation on register store
CREDITS | 1 +
MAINTAINERS | 1 -
include/net/netfilter/nf_tables.h | 34 ++++++---
net/netfilter/nf_nat_core.c | 14 +---
net/netfilter/nf_tables_api.c | 84 +++++++++++++++++-----
.../net/netfilter/conntrack_reverse_clash.c | 13 ++--
.../net/netfilter/conntrack_reverse_clash.sh | 2 +
.../packetdrill/conntrack_syn_challenge_ack.pkt | 2 +-
8 files changed, 107 insertions(+), 44 deletions(-)
# WARNING: skip 0001-MAINTAINERS-Remove-Jozsef-Kadlecsik-from-MAINTAINERS.patch, no "Fixes" tag!
# INFO: 0002-netfilter-nf_nat-remove-bogus-direction-check.patch fixes commit from v6.12-rc1~38^2^2~13
# INFO: 0003-netfilter-nf_tables-remove-redundant-chain-validatio.patch fixes commit from v4.18-rc1~114^2~78^2~5
# WARNING: skip 0004-netfilter-nf_tables-avoid-chain-re-validation-if-pos.patch, no "Fixes" tag!
next reply other threads:[~2025-12-16 19:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-16 19:08 Florian Westphal [this message]
2025-12-16 19:08 ` [PATCH net 1/6] MAINTAINERS: Remove Jozsef Kadlecsik from MAINTAINERS file Florian Westphal
2025-12-18 13:10 ` patchwork-bot+netdevbpf
2025-12-16 19:09 ` [PATCH net 2/6] netfilter: nf_nat: remove bogus direction check Florian Westphal
2025-12-16 19:09 ` [PATCH net 3/6] netfilter: nf_tables: remove redundant chain validation on register store Florian Westphal
2025-12-16 19:09 ` [PATCH net 4/6] netfilter: nf_tables: avoid chain re-validation if possible Florian Westphal
2025-12-16 19:09 ` [PATCH net 5/6] netfilter: nf_tables: avoid softlockup warnings in nft_chain_validate Florian Westphal
2025-12-16 19:09 ` [PATCH net 6/6] selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel Florian Westphal
2025-12-19 8:50 ` [PATCH net 0/6] netfilter: updates for net Paolo Abeni
-- strict thread matches above, loose matches on Subject: below --
2026-01-02 11:41 Florian Westphal
2023-09-06 16:25 [PATCH net 0/6] netfilter " Florian Westphal
2023-08-23 15:26 Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251216190904.14507-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).