tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix UAF in set catch-all element, from Eric Dumazet.

2) Fix MAC mangling for multicast/loopback traffic in nfnetlink_queue
and nfnetlink_log, from Ignacy Gawędzki.

3) Remove expired entries from ctnetlink dump path regardless the tuple
direction, from Florian Westphal.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller 8ca4090f b62e3317

+9 -6
+3 -2
net/netfilter/nf_conntrack_netlink.c
··· 1195 1195 } 1196 1196 hlist_nulls_for_each_entry(h, n, &nf_conntrack_hash[cb->args[0]], 1197 1197 hnnode) { 1198 - if (NF_CT_DIRECTION(h) != IP_CT_DIR_ORIGINAL) 1199 - continue; 1200 1198 ct = nf_ct_tuplehash_to_ctrack(h); 1201 1199 if (nf_ct_is_expired(ct)) { 1202 1200 if (i < ARRAY_SIZE(nf_ct_evict) && ··· 1204 1206 } 1205 1207 1206 1208 if (!net_eq(net, nf_ct_net(ct))) 1209 + continue; 1210 + 1211 + if (NF_CT_DIRECTION(h) != IP_CT_DIR_ORIGINAL) 1207 1212 continue; 1208 1213 1209 1214 if (cb->args[1]) {
+2 -2
net/netfilter/nf_tables_api.c
··· 4481 4481 static void nft_set_catchall_destroy(const struct nft_ctx *ctx, 4482 4482 struct nft_set *set) 4483 4483 { 4484 - struct nft_set_elem_catchall *catchall; 4484 + struct nft_set_elem_catchall *next, *catchall; 4485 4485 4486 - list_for_each_entry_rcu(catchall, &set->catchall_list, list) { 4486 + list_for_each_entry_safe(catchall, next, &set->catchall_list, list) { 4487 4487 list_del_rcu(&catchall->list); 4488 4488 nft_set_elem_destroy(set, catchall->elem, true); 4489 4489 kfree_rcu(catchall);