From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
pabeni@redhat.com, edumazet@google.com
Subject: [PATCH net 0/2] Netfilter fixes for net
Date: Thu, 20 Apr 2023 19:06:55 +0200 [thread overview]
Message-ID: <20230420170657.45373-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains late Netfilter fixes for net:
1) Set on IPS_CONFIRMED before change_status() otherwise EBUSY is
bogusly hit. This bug was introduced in the 6.3 release cycle.
2) Fix nfnetlink_queue conntrack support: Set/dump timeout
accordingly for unconfirmed conntrack entries. Make sure this
is done after IPS_CONFIRMED is set on. This is an old bug, it
happens since the introduction of this feature.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 92e8c732d8518588ac34b4cb3feaf37d2cb87555:
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf (2023-04-18 20:46:31 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to 73db1b8f2bb6725b7391e85aab41fdf592b3c0c1:
netfilter: conntrack: fix wrong ct->timeout value (2023-04-19 12:08:38 +0200)
----------------------------------------------------------------
Pablo Neira Ayuso (1):
netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert()
Tzung-Bi Shih (1):
netfilter: conntrack: fix wrong ct->timeout value
include/net/netfilter/nf_conntrack_core.h | 6 +++++-
net/netfilter/nf_conntrack_bpf.c | 1 +
net/netfilter/nf_conntrack_core.c | 1 -
net/netfilter/nf_conntrack_netlink.c | 16 ++++++++++++----
4 files changed, 18 insertions(+), 6 deletions(-)
next reply other threads:[~2023-04-20 17:07 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-20 17:06 Pablo Neira Ayuso [this message]
2023-04-20 17:06 ` [PATCH net 1/2] netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert() Pablo Neira Ayuso
2023-04-20 17:06 ` [PATCH net 2/2] netfilter: conntrack: fix wrong ct->timeout value Pablo Neira Ayuso
2023-04-21 3:25 ` [PATCH net 0/2] Netfilter fixes for net Jakub Kicinski
-- strict thread matches above, loose matches on Subject: below --
2025-04-10 10:36 Pablo Neira Ayuso
2025-01-09 12:35 Pablo Neira Ayuso
2024-09-11 22:25 Pablo Neira Ayuso
2024-08-28 21:47 Pablo Neira Ayuso
2024-07-31 21:30 Pablo Neira Ayuso
2024-07-11 9:39 Pablo Neira Ayuso
2024-06-26 23:38 Pablo Neira Ayuso
2024-01-03 11:29 Pablo Neira Ayuso
2023-12-22 10:42 Pablo Neira Ayuso
2023-12-22 10:49 ` Pablo Neira Ayuso
2023-12-22 10:53 ` Pablo Neira Ayuso
2023-12-20 15:15 Pablo Neira Ayuso
2023-10-25 10:08 Pablo Neira Ayuso
2023-04-21 10:56 Pablo Neira Ayuso
2023-01-31 13:31 Pablo Neira Ayuso
2023-01-23 21:15 Pablo Neira Ayuso
2022-11-18 14:29 Pablo Neira Ayuso
2022-10-19 6:52 Pablo Neira Ayuso
2022-07-02 19:10 Pablo Neira Ayuso
2022-05-26 20:54 Pablo Neira Ayuso
2022-04-12 9:42 Pablo Neira Ayuso
2022-04-05 10:09 Pablo Neira Ayuso
2021-06-02 12:44 Pablo Neira Ayuso
2021-02-09 21:35 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230420170657.45373-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).