Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-17 18:36:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/include
History
Paolo Abeni b611b776a9 netfilter pull request 24-02-29 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmXfx4MACgkQ1V2XiooU
 IOSX+g//UHBfqYJASMMQJpWdMwWe7tB2m1LRzLYI+WUdUenK/MEylS7rNp/bwGkW
 42eDeGA0eov7kYNOY0rLB7lQBdUHwCpNZkdetTWFV9eHcEKA8cQ6OqcD1G8i41qg
 sCvObS+K/hq3f7fX9bJ9RvS5RvYoeuS1trw4mezhHwPS+1sj80v4FdqDOFCUqiT3
 65BfeoV65pVVteCRmJQxeeZ4Bepd4LRXW+VVyr3uXli/H87jqQOFxsOTqyXNEXIq
 jMYL0jnbYs0ARbNYXRYySLYQCWmbVXpfnt4JIBRP0S1e6Prby2hqUwJBeyNcXBAu
 CwBTjCEdLIV5G25EWTZWBYQdihct58s0GDRX078Sj/AozQJAWTxBEn0QLhKy2gvH
 2uspA0S2z1PS69hUvHfgGjDiBKw41T2O6D/12NBxI1DOYDLsk7ApE5tKqynUnUIj
 pOLUiolFnJd4JKnGZ/CTATpGi8KX/iSWdX8OElCpGOvKQgZyU8IXrydjcHnJz7b4
 AdsIfpjjZSdz2VU6ZmzLYJrWf6ukAchO5kYL2FIJt/eFEyGqDfwGL36FIO7YGcnu
 NPHtIF23Ldl+GIesc9UT08k+IOsfR9LMbUduJC6Dg63FDrEkFfOv+wXA1eURW3kS
 tq+eWs+QjlCeWG9FgW2NHj3+rGyjQbGOe+v1yTgl1x/BhXNV1cM=
 =2BRo
 -----END PGP SIGNATURE-----

Merge tag 'nf-24-02-29' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

Patch #1 restores NFPROTO_INET with nft_compat, from Ignat Korchagin.

Patch #2 fixes an issue with bridge netfilter and broadcast/multicast
packets.

There is a day 0 bug in br_netfilter when used with connection tracking.

Conntrack assumes that an nf_conn structure that is not yet added to
hash table ("unconfirmed"), is only visible by the current cpu that is
processing the sk_buff.

For bridge this isn't true, sk_buff can get cloned in between, and
clones can be processed in parallel on different cpu.

This patch disables NAT and conntrack helpers for multicast packets.

Patch #3 adds a selftest to cover for the br_netfilter bug.

netfilter pull request 24-02-29

* tag 'nf-24-02-29' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  selftests: netfilter: add bridge conntrack + multicast test case
  netfilter: bridge: confirm multicast packets before passing them up the stack
  netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
====================

Link: https://lore.kernel.org/r/20240229000135.8780-1-pablo@netfilter.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-02-29 12:16:08 +01:00
..
acpi
IOMMU Updates for Linux v6.8
2024-01-18 15:16:57 -08:00
asm-generic
RISC-V Patches for the 6.8 Merge Window, Part 4
2024-01-20 11:06:04 -08:00
clocksource
crypto
crypto: skcipher - remove excess kerneldoc members
2023-12-29 11:25:56 +08:00
drm
drm-next for 6.8:
2024-01-12 11:32:19 -08:00
dt-bindings
dmaengine fixes for v6.8-rc1
2024-01-20 15:03:25 -08:00
keys
kunit
Networking changes for 6.8.
2024-01-11 10:07:29 -08:00
kvm
linux
netfilter pull request 24-02-29
2024-02-29 12:16:08 +01:00
math-emu
media
memory
misc
net
net: mctp: take ownership of skb in mctp_local_output
2024-02-22 19:21:11 -08:00
pcmcia
ras
rdma
rv
scsi
soc
- New Device Support
2024-01-17 15:21:21 -08:00
sound
ASoC: tas2781: add module parameter to tascodec_init()
2024-02-05 14:31:37 +00:00
target
trace
Including fixes from WiFi and netfilter.
2024-02-08 15:09:29 -08:00
uapi
uapi: in6: replace temporary label with rfc9486
2024-02-27 18:22:49 -08:00
ufs
vdso
video
video/sticore: Remove info field from STI struct
2024-01-12 12:38:37 +01:00
xen
xen: update PV-device interface headers
2024-01-09 11:46:24 +01:00