From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>,
pablo@netfilter.org
Subject: [PATCH net 0/4] netfilter: updates for net
Date: Wed, 10 Dec 2025 12:07:50 +0100 [thread overview]
Message-ID: <20251210110754.22620-1-fw@strlen.de> (raw)
Hi,
The following patchset contains Netfilter fixes for *net*:
1) Fix refcount leaks in nf_conncount, from Fernando Fernandez Mancera.
This addresses a recent regression that came in the last -next
pull request.
2) Fix a null dereference in route error handling in IPVS, from Slavin
Liu. This is an ancient issue dating back to 5.1 days.
3) Always set ifindex in route tuple in the flowtable output path, from
Lorenzo Bianconi. This bug came in with the recent output path refactoring.
4) Prefer 'exit $ksft_xfail' over 'exit $ksft_skip' when we fail to
trigger a nat race condition to exercise the clash resolution path in
selftest infra, $ksft_skip should be reserved for missing tooling,
From myself.
Please, pull these changes from:
The following changes since commit 6bcb7727d9e612011b70d64a34401688b986d6ab:
Merge branch 'inet-frags-flush-pending-skbs-in-fqdir_pre_exit' (2025-12-10 01:15:33 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-25-12-10
for you to fetch changes up to b8a81b0ce539e021ac72825238aea1eb657000f0:
selftests: netfilter: prefer xfail in case race wasn't triggered (2025-12-10 11:55:59 +0100)
----------------------------------------------------------------
netfilter pull request nf-25-12-10
----------------------------------------------------------------
Fernando Fernandez Mancera (1):
netfilter: nf_conncount: fix leaked ct in error paths
Florian Westphal (1):
selftests: netfilter: prefer xfail in case race wasn't triggered
Lorenzo Bianconi (1):
netfilter: always set route tuple out ifindex
Slavin Liu (1):
ipvs: fix ipv4 null-ptr-deref in route error path
net/netfilter/ipvs/ip_vs_xmit.c | 3 +++
net/netfilter/nf_conncount.c | 25 ++++++++++++----------
net/netfilter/nf_flow_table_path.c | 4 +++-
.../selftests/net/netfilter/conntrack_clash.sh | 9 ++++----
4 files changed, 24 insertions(+), 17 deletions(-)
next reply other threads:[~2025-12-10 11:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-10 11:07 Florian Westphal [this message]
2025-12-10 11:07 ` [PATCH net 1/4] netfilter: nf_conncount: fix leaked ct in error paths Florian Westphal
2025-12-11 9:00 ` patchwork-bot+netdevbpf
2025-12-10 11:07 ` [PATCH net 2/4] ipvs: fix ipv4 null-ptr-deref in route error path Florian Westphal
2025-12-10 11:07 ` [PATCH net 3/4] netfilter: always set route tuple out ifindex Florian Westphal
2025-12-10 11:07 ` [PATCH net 4/4] selftests: netfilter: prefer xfail in case race wasn't triggered Florian Westphal
-- strict thread matches above, loose matches on Subject: below --
2025-10-08 12:59 [PATCH net 0/4] netfilter: updates for net Florian Westphal
2023-10-18 12:55 Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251210110754.22620-1-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).