mbox

[0/3] ipset patches for nf

Message ID 1446900145-14190-1-git-send-email-kadlec@blackhole.kfki.hu
State Accepted
Delegated to: Pablo Neira
Headers show

Pull-request

git://blackhole.kfki.hu/nf master

Message

Jozsef Kadlecsik Nov. 7, 2015, 12:42 p.m. UTC 
Hi Pablo,

Please apply the next bugfixes against the nf tree.

- Fix extensions alignment in ipset: Gerhard Wiesinger reported
  that the missing data aligments lead to crash on non-intel
  architecture. The patch was tested on armv7h by Gerhard Wiesinger
  and on x86_64 and sparc64 by me.
- An incorrect index at the hash:* types could lead to
  falsely early expired entries and memory leak when the comment
  extension was used too.
- Release empty hash bucket block when all entries are expired or
  all slots are empty instead of shrinkig the data part to zero.

Best regards,
Jozsef

----
The following changes since commit 212cd0895330b775f2db49451f046a5ca4e5704b:

  selinux: fix random read in selinux_ip_postroute_compat() (2015-11-05 16:45:51 -0500)

are available in the git repository at:

  git://blackhole.kfki.hu/nf master

for you to fetch changes up to 0aae24eb409fc429f54ca3809f904f1b91e295e0:

  netfilter: ipset: Fix hash type expire: release empty hash bucket block (2015-11-07 11:28:49 +0100)

----------------------------------------------------------------
Jozsef Kadlecsik (3):
      netfilter: ipset: Fix extension alignment
      netfilter: ipset: Fix hash:* type expiration
      netfilter: ipset: Fix hash type expire: release empty hash bucket block

 include/linux/netfilter/ipset/ip_set.h    |  2 +-
 net/netfilter/ipset/ip_set_bitmap_gen.h   | 17 +++++----------
 net/netfilter/ipset/ip_set_bitmap_ip.c    | 14 ++++--------
 net/netfilter/ipset/ip_set_bitmap_ipmac.c | 64 +++++++++++++++++++++++++-----------------------------
 net/netfilter/ipset/ip_set_bitmap_port.c  | 18 ++++++---------
 net/netfilter/ipset/ip_set_core.c         | 14 +++++++-----
 net/netfilter/ipset/ip_set_hash_gen.h     | 26 ++++++++++++++--------
 net/netfilter/ipset/ip_set_list_set.c     |  5 +++--
 8 files changed, 75 insertions(+), 85 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Pablo Neira Ayuso Nov. 8, 2015, 9:42 p.m. UTC | #1 
On Sat, Nov 07, 2015 at 01:42:22PM +0100, Jozsef Kadlecsik wrote:
> Hi Pablo,
> 
> Please apply the next bugfixes against the nf tree.
> 
> - Fix extensions alignment in ipset: Gerhard Wiesinger reported
>   that the missing data aligments lead to crash on non-intel
>   architecture. The patch was tested on armv7h by Gerhard Wiesinger
>   and on x86_64 and sparc64 by me.
> - An incorrect index at the hash:* types could lead to
>   falsely early expired entries and memory leak when the comment
>   extension was used too.
> - Release empty hash bucket block when all entries are expired or
>   all slots are empty instead of shrinkig the data part to zero.

Pulled, thanks Jozsef.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html