archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 08:24:47 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/include/net/netfilter
History
Jakub Kicinski 792aaea994 netfilter pull request nf-next-26-02-06 
-----BEGIN PGP SIGNATURE-----
 
 iQJdBAABCABHFiEEgKkgxbID4Gn1hq6fcJGo2a1f9gAFAmmGB20bFIAAAAAABAAO
 bWFudTIsMi41KzEuMTEsMiwyDRxmd0BzdHJsZW4uZGUACgkQcJGo2a1f9gC/tQ/7
 B7/akiCP/QeGF7go78PZQlpIGmjtoCOcQ9uxymlmpLkArepcIEkgZ04tFH0FClY6
 d3QPfT9iNap222aCQxZwCiaWrXqUNynW7RwH72SkqGmO8JTLKlzW8CQC+yGkyznj
 FxwRKzB8XO5Ohtw0wED3mzcf9DelsvJpX5rCU5gEjsHZjKA/rEwYgovyM+es+xSx
 JbHHc2tzLQuDZ1BL7rEW8TJDxmJ2bCsFJHKeIvykk3D2nVg01P0AwhUeIy+7ObV7
 bQh7B8DhYwKNLtgZvDi8D6o4nWQvkjfF5BadrWusumDCtIupcwbelpcUeCsUWBqC
 oCjLMcH7TwmT513RXWMId50z93FWciduCHUGrQt4BxLBZmkQ9kE0iamZVIAAzLl8
 VYIM9qb+nUk58jnLFl3xTqW2GetSj/p31bp6e78+SQFvqjie2z9/I+nGBr7A8aAB
 bNd5vpvHSEg5OP7oKk+Dhr26MiCDowtuzvdC4lYR+loFYoI+a1FS6a1w/kcw9/VA
 XmR6Y8is+CTy4XYTQZ4klYTVpoTkWa/D/t1CTC4IlELzYS49L6qSyef6m91IWeQ6
 Way5+3ZON7sA6SM1PZ/zjsKDxYLo/hQz2+dw6YLVflfY62khvuK2Yc56MQcZEjsH
 7x0b3MaKvNn9yqKC+Mk7QZ55nCjV3wyGp3GQ+ClAqZ4=
 =wU6p
 -----END PGP SIGNATURE-----

Merge tag 'nf-next-26-02-06' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next

Florian Westphal says:

====================
netfilter: updates for net-next

The following patchset contains Netfilter updates for *net-next*:

1) Fix net-next-only use-after-free bug in nf_tables rbtree set:
   Expired elements cannot be released right away after unlink anymore
   because there is no guarantee that the binary-search blob is going to
   be updated.  Spotted by syzkaller.

2) Fix esoteric bug in nf_queue with udp fraglist gro, broken since
   6.11. Patch 3 adds extends the nfqueue selftest for this.

4) Use dedicated slab for flowtable entries, currently the -512 cache
   is used, which is wasteful.  From Qingfang Deng.

5) Recent net-next update extended existing test for ip6ip6 tunnels, add
   the required /config entry.  Test still passed by accident because the
   previous tests network setup gets re-used, so also update the test so
   it will fail in case the ip6ip6 tunnel interface cannot be added.

6) Fix 'nft get element mytable myset { 1.2.3.4 }' on big endian
   platforms, this was broken since code was added in v5.1.

7) Fix nf_tables counter reset support on 32bit platforms, where counter
   reset may cause huge values to appear due to wraparound.
   Broken since reset feature was added in v6.11.  From Anders Grahn.

8-11) update nf_tables rbtree set type to detect partial
   operlaps.  This will eventually speed up nftables userspace: at this
   time userspace does a netlink dump of the set content which slows down
   incremental updates on interval sets.  From Pablo Neira Ayuso.

* tag 'nf-next-26-02-06' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next:
  netfilter: nft_set_rbtree: validate open interval overlap
  netfilter: nft_set_rbtree: validate element belonging to interval
  netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
  netfilter: nft_set_rbtree: fix bogus EEXIST with NLM_F_CREATE with null interval
  netfilter: nft_counter: fix reset of counters on 32bit archs
  netfilter: nft_set_hash: fix get operation on big endian
  selftests: netfilter: add IPV6_TUNNEL to config
  netfilter: flowtable: dedicated slab for flow entry
  selftests: netfilter: nft_queue.sh: add udp fraglist gro test case
  netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation
  netfilter: nft_set_rbtree: don't gc elements on insert
====================

Link: https://patch.msgid.link/20260206153048.17570-1-fw@strlen.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-02-10 20:25:38 -08:00
..
ipv4 netfilter: nf_reject: remove unneeded exports 2025-09-02 15:28:17 +02:00
ipv6 netfilter: nf_reject: remove unneeded exports 2025-09-02 15:28:17 +02:00
br_netfilter.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_bpf_link.h bpf: minimal support for programs hooked into netfilter framework 2023-04-21 11:34:14 -07:00
nf_conntrack.h netfilter: nf_conntrack: don't rely on implicit includes 2026-01-20 16:23:37 +01:00
nf_conntrack_acct.h netfilter: conntrack: Remove unused function declarations 2023-08-08 13:02:00 +02:00
nf_conntrack_act_ct.h net/sched: act_ct: Always fill offloading tuple iifidx 2023-11-08 17:47:08 -08:00
nf_conntrack_bpf.h net: netfilter: move bpf_ct_set_nat_info kfunc in nf_nat_bpf.c 2022-10-03 09:17:32 -07:00
nf_conntrack_bridge.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_conntrack_core.h netfilter: conntrack: fix wrong ct->timeout value 2023-04-19 12:08:38 +02:00
nf_conntrack_count.h netfilter: nf_conncount: increase the connection clean up limit to 64 2026-01-20 16:23:37 +01:00
nf_conntrack_ecache.h netfilter: conntrack: add conntrack event timestamp 2025-01-09 14:42:16 +01:00
nf_conntrack_expect.h netfilter: allow exp not to be removed in nf_ct_find_expectation 2023-07-20 10:06:36 +02:00
nf_conntrack_extend.h netfilter: extensions: introduce extension genid count 2022-05-13 18:52:16 +02:00
nf_conntrack_helper.h netfilter: helper: Remove unused function declarations 2023-08-08 13:01:59 +02:00
nf_conntrack_l4proto.h netfilter: fix typo in nf_conntrack_l4proto.h comment 2025-10-30 12:52:45 +01:00
nf_conntrack_labels.h netfilter: conntrack: switch connlabels to atomic_t 2023-10-24 13:16:30 +02:00
nf_conntrack_seqadj.h netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_synproxy.h netfilter: conntrack: wrap two inline functions in config checks. 2019-09-13 12:47:10 +02:00
nf_conntrack_timeout.h netfilter: nf_conntrack: add missing __rcu annotations 2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.h netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_tuple.h netfilter: don't include xt and nftables.h in unrelated subsystems 2026-01-20 16:23:37 +01:00
nf_conntrack_zones.h netfilter: conntrack: remove CONFIG_NF_CONNTRACK checks from nf_conntrack_zones.h. 2019-09-13 12:47:41 +02:00
nf_dup_netdev.h netfilter: nft_{fwd,dup}_netdev: add offload support 2019-09-10 22:44:29 +02:00
nf_flow_table.h netfilter: flowtable: Add IPIP rx sw acceleration 2025-11-28 00:00:38 +00:00
nf_hooks_lwtunnel.h sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
nf_log.h netfilter: load nf_log_syslog on enabling nf_conntrack_log_invalid 2025-07-25 18:35:41 +02:00
nf_nat.h net: move the nat function to nf_nat_ovs for ovs and tc 2022-12-12 10:14:03 +00:00
nf_nat_helper.h netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_masquerade.h netfilter: update include directives. 2019-09-13 12:33:06 +02:00
nf_nat_redirect.h netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs 2023-03-22 21:48:59 +01:00
nf_queue.h netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation 2026-02-06 13:34:55 +01:00
nf_reject.h netfilter: conntrack: remove DCCP protocol support 2025-07-03 13:51:39 +02:00
nf_socket.h
nf_synproxy.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_tables.h netfilter: nft_set_rbtree: validate open interval overlap 2026-02-06 13:36:07 +01:00
nf_tables_core.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-09-11 17:40:13 -07:00
nf_tables_ipv4.h netfilter: nf_tables: restore IP sanity checks for netdev/egress 2024-08-26 13:05:28 +02:00
nf_tables_ipv6.h net/ipv6: Introduce payload_len helpers 2026-02-06 20:50:03 -08:00
nf_tables_offload.h netfilter: nf_tables: bail out early if hardware offload is not supported 2022-06-06 19:19:15 +02:00
nf_tproxy.h net: reformat kdoc return statements 2024-12-09 14:44:59 -08:00
nft_fib.h netfilter: nf_tables: nft_fib: consistent l3mdev handling 2025-05-23 13:57:09 +02:00
nft_meta.h netfilter: nf_tables: drop unused 3rd argument from validate callback ops 2024-09-03 10:47:17 +02:00
nft_reject.h netfilter: nf_tables: drop unused 3rd argument from validate callback ops 2024-09-03 10:47:17 +02:00
xt_rateest.h net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types 2021-10-18 12:54:41 +01:00