commit: ccb08661d505822adbf5fe5b353c1da8d93e95a9 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Fri Oct 25 11:42:29 2024 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Fri Oct 25 11:42:29 2024 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=ccb08661
netfilter: xtables: fix typo causing some targets not to load on IPv6 Bug: https://bugs.gentoo.org/941988 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 ++ 2005_netfilter-xtables-fix-typo.patch | 71 +++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/0000_README b/0000_README index 70f8b56f..f88c09ee 100644 --- a/0000_README +++ b/0000_README @@ -79,6 +79,10 @@ Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch From: https://lore.kernel.org/linux-bluetooth/[email protected]/raw Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 +Patch: 2005_netfilter-xtables-fix-typo.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=306ed1728e8438caed30332e1ab46b28c25fe3d8 +Desc: netfilter: xtables: fix typo causing some targets not to load on IPv6 + Patch: 2901_tools-lib-subcmd-compile-fix.patch From: https://lore.kernel.org/all/[email protected]/ Desc: tools lib subcmd: Fixed uninitialized use of variable in parse-options diff --git a/2005_netfilter-xtables-fix-typo.patch b/2005_netfilter-xtables-fix-typo.patch new file mode 100644 index 00000000..6a7dfc7c --- /dev/null +++ b/2005_netfilter-xtables-fix-typo.patch @@ -0,0 +1,71 @@ +From 306ed1728e8438caed30332e1ab46b28c25fe3d8 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <[email protected]> +Date: Sun, 20 Oct 2024 14:49:51 +0200 +Subject: netfilter: xtables: fix typo causing some targets not to load on IPv6 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- There is no NFPROTO_IPV6 family for mark and NFLOG. +- TRACE is also missing module autoload with NFPROTO_IPV6. + +This results in ip6tables failing to restore a ruleset. This issue has been +reported by several users providing incomplete patches. + +Very similar to Ilya Katsnelson's patch including a missing chunk in the +TRACE extension. + +Fixes: 0bfcb7b71e73 ("netfilter: xtables: avoid NFPROTO_UNSPEC where needed") +Reported-by: Ignat Korchagin <[email protected]> +Reported-by: Ilya Katsnelson <[email protected]> +Reported-by: Krzysztof Olędzki <[email protected]> +Signed-off-by: Pablo Neira Ayuso <[email protected]> +--- + net/netfilter/xt_NFLOG.c | 2 +- + net/netfilter/xt_TRACE.c | 1 + + net/netfilter/xt_mark.c | 2 +- + 3 files changed, 3 insertions(+), 2 deletions(-) + +(limited to 'net/netfilter') + +diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c +index d80abd6ccaf8f7..6dcf4bc7e30b2a 100644 +--- a/net/netfilter/xt_NFLOG.c ++++ b/net/netfilter/xt_NFLOG.c +@@ -79,7 +79,7 @@ static struct xt_target nflog_tg_reg[] __read_mostly = { + { + .name = "NFLOG", + .revision = 0, +- .family = NFPROTO_IPV4, ++ .family = NFPROTO_IPV6, + .checkentry = nflog_tg_check, + .destroy = nflog_tg_destroy, + .target = nflog_tg, +diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c +index f3fa4f11348cd8..a642ff09fc8e8c 100644 +--- a/net/netfilter/xt_TRACE.c ++++ b/net/netfilter/xt_TRACE.c +@@ -49,6 +49,7 @@ static struct xt_target trace_tg_reg[] __read_mostly = { + .target = trace_tg, + .checkentry = trace_tg_check, + .destroy = trace_tg_destroy, ++ .me = THIS_MODULE, + }, + #endif + }; +diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c +index f76fe04fc9a4e1..65b965ca40ea7e 100644 +--- a/net/netfilter/xt_mark.c ++++ b/net/netfilter/xt_mark.c +@@ -62,7 +62,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = { + { + .name = "MARK", + .revision = 2, +- .family = NFPROTO_IPV4, ++ .family = NFPROTO_IPV6, + .target = mark_tg, + .targetsize = sizeof(struct xt_mark_tginfo2), + .me = THIS_MODULE, +-- +cgit 1.2.3-korg +
