Re: [PATCH net] ipvs: fix rtnl_lock lockups caused by start_sync_thread

On Mon, Apr 09, 2018 at 10:20:18AM +0300, Simon Horman wrote: > On Sat, Apr 07, 2018 at 03:50:47PM +0300, Julian Anastasov wrote: > > syzkaller reports for wrong rtnl_lock usage in sync code [1] and [2] > > > > We have 2 problems in start_sync_thread if error path is > > taken, eg. on memory

Re: [PATCH] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error

On Mon, Apr 9, 2018 at 4:37 PM, Pablo Neira Ayuso wrote: > Hi Arnd, > > On Mon, Apr 09, 2018 at 12:53:12PM +0200, Arnd Bergmann wrote: >> We get a new link error with CONFIG_NFT_REJECT_INET=y and >> CONFIG_NF_REJECT_IPV6=m > > I think we can update NFT_REJECT_INET so it

Re: [PATCH nf] netfilter: ebtables: don't attempt to allocate 0-sized compat array

On Wed, Apr 04, 2018 at 09:13:30PM +0200, Florian Westphal wrote: > Dmitry reports 32bit ebtables on 64bit kernel got broken by > a recent change that returns -EINVAL when ruleset has no entries. > > ebtables however only counts user-defined chains, so for the > initial table nentries will be 0.

Re: [PATCH nf] netfilter: nf_conntrack_sip: allow duplicate SDP expectations

On Tue, Apr 03, 2018 at 12:10:09PM +0200, Florian Westphal wrote: > Callum Sinclair reported SIP IP Phone errors that he tracked down to > such phones sending session descriptions for different media types but > with same port numbers. > > The expect core will only 'refresh' existing expectation

Re: [PATCH net] ipvs: fix rtnl_lock lockups caused by start_sync_thread

On Mon, Apr 09, 2018 at 04:53:22PM +0200, Pablo Neira Ayuso wrote: > On Mon, Apr 09, 2018 at 10:20:18AM +0300, Simon Horman wrote: > > On Sat, Apr 07, 2018 at 03:50:47PM +0300, Julian Anastasov wrote: > > > syzkaller reports for wrong rtnl_lock usage in sync code [1] and [2] > > > > > > We have 2

Re: [PATCH] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error

Hi Arnd, On Mon, Apr 09, 2018 at 12:53:12PM +0200, Arnd Bergmann wrote: > We get a new link error with CONFIG_NFT_REJECT_INET=y and > CONFIG_NF_REJECT_IPV6=m I think we can update NFT_REJECT_INET so it depends on NFT_REJECT_IPV4 and NFT_REJECT_IPV6. This doesn't allow here

[PATCH nf-next v4] netfilter: nf_osf: nf_osf_ttl() and nf_osf_match()

Added nf_osf_ttl() and nf_osf_match() into nf_osf.c in order to start the nftables OSF implementation. Signed-off-by: Fernando Fernandez Mancera --- include/linux/netfilter/nf_osf.h | 28 include/uapi/linux/netfilter/nf_osf.h | 97 ++

Re: [PATCH net] ipvs: fix rtnl_lock lockups caused by start_sync_thread

On Sat, Apr 07, 2018 at 03:50:47PM +0300, Julian Anastasov wrote: > syzkaller reports for wrong rtnl_lock usage in sync code [1] and [2] > > We have 2 problems in start_sync_thread if error path is > taken, eg. on memory allocation error or failure to configure > sockets for mcast group or

[PATCH] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error

We get a new link error with CONFIG_NFT_REJECT_INET=y and CONFIG_NF_REJECT_IPV6=m after larger parts of the nftables modules are linked together: net/netfilter/nft_reject_inet.o: In function `nft_reject_inet_eval': nft_reject_inet.c:(.text+0x17c): undefined reference to `nf_send_unreach6'