From: Florian Westphal <fw@strlen.de>
To: Alakesh Haloi <alakeshh@amazon.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Greg KH <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Florian Westphal <fw@strlen.de>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH] netfilter: xt_connlimit: fix race in connection counting
Date: Wed, 21 Nov 2018 01:51:31 +0100 [thread overview]
Message-ID: <20181121005131.eux4kzzmexij4qwt@breakpoint.cc> (raw)
In-Reply-To: <20181121002149.GA120849@dev-dsk-alakeshh-2c-f8a3e6e0.us-west-2.amazon.com>
Alakesh Haloi <alakeshh@amazon.com> wrote:
> Thanks Greg and Pablo for your suggestions! We found this issue on 4.14
> stable kernel and hence the fix is based on 4.14. The xt_connlimit module
> source seemed to have been refactored. At one point I tested 4.18-rc1 and
> the issue was still present. However I have not tested the most recent
> one. I will follow your suggestions and try to reproduce the issue in
> master branch of nf.git tree and in linus's tree and if i cannot reproduce
> it then I will go ahead and pick the relevant patches for backporting.
> This patch fixes the issue without bringing in any refactor patches. But
> that is probably not the right way to go for it.
Actually it might be needed, the changes in upstream are pretty invasive.
So, in case you can reproduce this with nf.git or linus tree it would
be great if you could send a fix for nf.git.
But In case you can't reproduce, its possible your patch is still needed
for stable.
next prev parent reply other threads:[~2018-11-21 11:23 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 22:17 [PATCH] netfilter: xt_connlimit: fix race in connection counting Alakesh Haloi
2018-11-20 7:48 ` Greg KH
2018-11-20 9:44 ` Pablo Neira Ayuso
2018-11-21 0:21 ` Alakesh Haloi
2018-11-21 0:51 ` Florian Westphal [this message]
2018-11-27 22:22 ` Alakesh Haloi
2018-11-27 22:38 ` Florian Westphal
2018-11-28 23:33 ` Alakesh Haloi
2018-11-29 0:28 ` Florian Westphal
2018-12-07 0:49 ` Alakesh Haloi
2019-01-03 0:01 ` Alakesh Haloi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181121005131.eux4kzzmexij4qwt@breakpoint.cc \
--to=fw@strlen.de \
--cc=alakeshh@amazon.com \
--cc=davem@davemloft.net \
--cc=gregkh@linuxfoundation.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox