Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2233371/?format=api
{ "id": 2233371, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2233371/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260506100728.2664-2-fw@strlen.de/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260506100728.2664-2-fw@strlen.de>", "date": "2026-05-06T10:07:13", "name": "[v3,nf,1/8] netfilter: x_tables: allow initial table replace without emitting audit log message", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "087413a1ae997b57a94e6a5a1c2174b773187e1b", "submitter": { "id": 1025, "url": "http://patchwork.ozlabs.org/api/1.1/people/1025/?format=api", "name": "Florian Westphal", "email": "fw@strlen.de" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260506100728.2664-2-fw@strlen.de/mbox/", "series": [ { "id": 502948, "url": "http://patchwork.ozlabs.org/api/1.1/series/502948/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=502948", "date": "2026-05-06T10:07:14", "name": "netfilter: xtables: fix module load and teardown races", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/502948/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2233371/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2233371/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12452-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12452-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=91.216.245.30", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g9WTD3YVYz1yJq\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 06 May 2026 20:14:40 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id B9FA23072020\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 6 May 2026 10:07:46 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id C953A3FAE0E;\n\tWed, 6 May 2026 10:07:45 +0000 (UTC)", "from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc\n [91.216.245.30])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id BE55F3F788A\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 6 May 2026 10:07:41 +0000 (UTC)", "by Chamillionaire.breakpoint.cc (Postfix, from userid 1003)\n\tid 7A34C60AED; Wed, 06 May 2026 12:07:38 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778062064; cv=none;\n b=TZhAg2o2AGuwSukKs1Z8+UMZpIvYQUqbjGKZRu4k2sf8odt59zlgJxLVElRQyADY5Zdx6+KHuBW0m2Nls+XSyG/iT1kwAsALTpS5xdfkxtUGgPjjvNjppFoYnRbacZHExt7xIc2qTpYn8PdrMIe2lu3XIjzh+ZRCyJS3SRwPtZw=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778062064; c=relaxed/simple;\n\tbh=36ADkzYhuM4JVEFp4Z19/aMaJQVPGYih6FQhK/o7jf8=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=QoJTKgHBARDsjfe5DaVGpkAWYsuht6IhHlXpSrarDYHdbGzWdpNYKu+dHhajZU5vh/VaIQzByF/4TQ+NnB5K3CVaD0pSC7ofWfsTz21+9LasA91mIeh3WJL7Whr4SdyaKgT001Rzvi0MX9KbnrWUk68XWwzcb2yvoYUGP/KgY/k=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=strlen.de;\n spf=pass smtp.mailfrom=Chamillionaire.breakpoint.cc;\n arc=none smtp.client-ip=91.216.245.30", "From": "Florian Westphal <fw@strlen.de>", "To": "<netfilter-devel@vger.kernel.org>", "Cc": "tristan@talencesecurity.com,\n\tFlorian Westphal <fw@strlen.de>", "Subject": "[PATCH v3 nf 1/8] netfilter: x_tables: allow initial table replace\n without emitting audit log message", "Date": "Wed, 6 May 2026 12:07:13 +0200", "Message-ID": "<20260506100728.2664-2-fw@strlen.de>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260506100728.2664-1-fw@strlen.de>", "References": "<20260506100728.2664-1-fw@strlen.de>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "At the moment we emit the audit log a bit too early, which makes it\nnecessary to also emit an unregister log in case we have to unwind\nerrors after possible hook register failure.\n\nFollowup patch will be slightly simpler if we can delay the\nregister message until after the hooks have been wired up.\n\nSigned-off-by: Florian Westphal <fw@strlen.de>\n---\n v3: no changes.\n net/netfilter/x_tables.c | 29 ++++++++++++++++++++---------\n 1 file changed, 20 insertions(+), 9 deletions(-)", "diff": "diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c\nindex 2c67c2e6b132..bb0cb3959551 100644\n--- a/net/netfilter/x_tables.c\n+++ b/net/netfilter/x_tables.c\n@@ -1472,11 +1472,9 @@ struct xt_counters *xt_counters_alloc(unsigned int counters)\n }\n EXPORT_SYMBOL(xt_counters_alloc);\n \n-struct xt_table_info *\n-xt_replace_table(struct xt_table *table,\n-\t unsigned int num_counters,\n-\t struct xt_table_info *newinfo,\n-\t int *error)\n+static struct xt_table_info *\n+do_replace_table(struct xt_table *table, unsigned int num_counters,\n+\t\t struct xt_table_info *newinfo, int *error)\n {\n \tstruct xt_table_info *private;\n \tunsigned int cpu;\n@@ -1531,10 +1529,23 @@ xt_replace_table(struct xt_table *table,\n \t\t}\n \t}\n \n-\taudit_log_nfcfg(table->name, table->af, private->number,\n-\t\t\t!private->number ? AUDIT_XT_OP_REGISTER :\n-\t\t\t\t\t AUDIT_XT_OP_REPLACE,\n-\t\t\tGFP_KERNEL);\n+\treturn private;\n+}\n+\n+struct xt_table_info *\n+xt_replace_table(struct xt_table *table, unsigned int num_counters,\n+\t\t struct xt_table_info *newinfo,\n+\t\t int *error)\n+{\n+\tstruct xt_table_info *private;\n+\n+\tprivate = do_replace_table(table, num_counters, newinfo, error);\n+\tif (private)\n+\t\taudit_log_nfcfg(table->name, table->af, private->number,\n+\t\t\t\t!private->number ? AUDIT_XT_OP_REGISTER :\n+\t\t\t\tAUDIT_XT_OP_REPLACE,\n+\t\t\t\tGFP_KERNEL);\n+\n \treturn private;\n }\n EXPORT_SYMBOL_GPL(xt_replace_table);\n", "prefixes": [ "v3", "nf", "1/8" ] }