From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB67FECAAD5 for ; Thu, 8 Sep 2022 09:58:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229547AbiIHJ6d (ORCPT ); Thu, 8 Sep 2022 05:58:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229510AbiIHJ6c (ORCPT ); Thu, 8 Sep 2022 05:58:32 -0400 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:12e:520::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7AE36B2742; Thu, 8 Sep 2022 02:58:29 -0700 (PDT) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1oWEIg-0002vX-Kf; Thu, 08 Sep 2022 11:58:22 +0200 From: Florian Westphal To: Cc: Jakub Kicinski , "David S. Miller" , Eric Dumazet , Paolo Abeni , , Florian Westphal Subject: [PATCH net 0/4] netfilter: bugfixes for net Date: Thu, 8 Sep 2022 11:57:53 +0200 Message-Id: <20220908095757.1755-1-fw@strlen.de> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Hello, The following set contains four netfilter patches for your *net* tree. When there are multiple Contact headers in a SIP message its possible the next headers won't be found because the SIP helper confuses relative and absolute offsets in the message. From Igor Ryzhov. Make the nft_concat_range self-test support socat, this makes the selftest pass on my test VM, from myself. nf_conntrack_irc helper can be tricked into opening a local port forward that the client never requested by embedding a DCC message in a PING request sent to the client. Fix from David Leadbeater. Both have been broken since the kernel 2.6.x days. The 'osf' match might indicate success while it could not find anything, broken since 5.2 . Fix from Pablo Neira. Please consider pulling these changes from git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git ---------------------------------------------------------------- The following changes since commit 0f51fa2a3ca19783e7817a6be76661cd9136d057: Merge branch 'dsa-felix-fixes' (2022-09-07 13:44:04 +0100) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git for you to fetch changes up to 559c36c5a8d730c49ef805a72b213d3bba155cc8: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (2022-09-07 15:55:28 +0200) ---------------------------------------------------------------- David Leadbeater (1): netfilter: nf_conntrack_irc: Tighten matching on DCC message Florian Westphal (1): selftests: nft_concat_range: add socat support Igor Ryzhov (1): netfilter: nf_conntrack_sip: fix ct_sip_walk_headers Pablo Neira Ayuso (1): netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() net/netfilter/nf_conntrack_irc.c | 34 +++++++++-- net/netfilter/nf_conntrack_sip.c | 4 +- net/netfilter/nfnetlink_osf.c | 4 +- .../selftests/netfilter/nft_concat_range.sh | 65 ++++++++++++++++++---- 4 files changed, 86 insertions(+), 21 deletions(-)