[0/7] Netfilter fixes for net

Message ID	20200324223220.12119-1-pablo@netfilter.org
State	New
Headers	show Return-Path: <SRS0=Mtop=5J=vger.kernel.org=netdev-owner@kernel.org> sender: pneira@us.es) by entrada.int (Postfix) with ESMTPA id 57D9042EF42C; Tue, 24 Mar 2020 23:31:47 +0100 (CET) From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: davem@davemloft.net, netdev@vger.kernel.org Subject: [PATCH 0/7] Netfilter fixes for net Date: Tue, 24 Mar 2020 23:32:13 +0100 Message-Id: <20200324223220.12119-1-pablo@netfilter.org> Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

20200324223220.12119-1-pablo@netfilter.org

State

New

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/7] Netfilter fixes for net
Date: Tue, 24 Mar 2020 23:32:13 +0100
Message-Id: <20200324223220.12119-1-pablo@netfilter.org>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Message

Pablo Neira Ayuso March 24, 2020, 10:32 p.m. UTC

Hi,

The following patchset contains Netfilter fixes for net:

1) A new selftest for nf_queue, from Florian Westphal. This test
   covers two recent fixes: 07f8e4d0fddb ("tcp: also NULL skb->dev
   when copy was needed") and b738a185beaa ("tcp: ensure skb->dev is
   NULL before leaving TCP stack").

2) The fwd action breaks with ifb. For safety in next extensions,
   make sure the fwd action only runs from ingress until it is extended
   to be used from a different hook.

3) The pipapo set type now reports EEXIST in case of subrange overlaps.
   Update the rbtree set to validate range overlaps, so far this
   validation is only done only from userspace. From Stefano Brivio.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thank you.

----------------------------------------------------------------

The following changes since commit 749f6f6843115b424680f1aada3c0dd613ad807c:

  net: phy: dp83867: w/a for fld detect threshold bootstrapping issue (2020-03-21 20:09:57 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to a64d558d8cf98424cc5eb9ae6631782cd8bf789c:

  selftests: netfilter: add nfqueue test case (2020-03-24 20:00:12 +0100)

----------------------------------------------------------------
Florian Westphal (1):
      selftests: netfilter: add nfqueue test case

Pablo Neira Ayuso (3):
      netfilter: nf_tables: Allow set back-ends to report partial overlaps on insertion
      netfilter: nft_fwd_netdev: validate family and chain type
      netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress

Stefano Brivio (3):
      netfilter: nft_set_pipapo: Separate partial and complete overlap cases on insertion
      netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
      netfilter: nft_set_rbtree: Detect partial overlaps on insertion

 net/netfilter/nf_tables_api.c                  |   5 +
 net/netfilter/nft_fwd_netdev.c                 |  13 +
 net/netfilter/nft_set_pipapo.c                 |  34 ++-
 net/netfilter/nft_set_rbtree.c                 |  87 +++++-
 tools/testing/selftests/netfilter/Makefile     |   6 +-
 tools/testing/selftests/netfilter/config       |   6 +
 tools/testing/selftests/netfilter/nf-queue.c   | 352 +++++++++++++++++++++++++
 tools/testing/selftests/netfilter/nft_queue.sh | 332 +++++++++++++++++++++++
 8 files changed, 818 insertions(+), 17 deletions(-)
 create mode 100644 tools/testing/selftests/netfilter/nf-queue.c
 create mode 100755 tools/testing/selftests/netfilter/nft_queue.sh

[0/7] Netfilter fixes for net

Pull-request

Message