Hi,
The following patchset contains Netfilter fixes for net:
Patch #1 fixes the suspicious RCU usage warning that resulted from the
recent fix for the race between namespace cleanup and gc in
ipset left out checking the pernet exit phase when calling
rcu_dereference_protected(), from Jozsef Kadlecsik.
Patch #2 fixes incorrect input and output netdevice in SRv6 prerouting
hooks, from Jianguo Wu.
Patch #3 moves nf_hooks_lwtunnel sysctl toggle to the netfilter core.
The connection tracking system is loaded on-demand, this
ensures availability of this knob regardless.
Patch #4-#5 adds selftests for SRv6 netfilter hooks also from Jianguo Wu.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-06-19
Thanks.
----------------------------------------------------------------
The following changes since commit a8763466669d21b570b26160d0a5e0a2ee529d22:
selftests: openvswitch: Set value to nla flags. (2024-06-19 13:10:53 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-06-19
for you to fetch changes up to 221200ffeb065c6bbd196760c168b42305961655:
selftests: add selftest for the SRv6 End.DX6 behavior with netfilter (2024-06-19 18:42:10 +0200)
----------------------------------------------------------------
netfilter pull request 24-06-19
----------------------------------------------------------------
Jianguo Wu (4):
seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core
selftests: add selftest for the SRv6 End.DX4 behavior with netfilter
selftests: add selftest for the SRv6 End.DX6 behavior with netfilter
Jozsef Kadlecsik (1):
netfilter: ipset: Fix suspicious rcu_dereference_protected()
include/net/netns/netfilter.h | 3 +
net/ipv6/seg6_local.c | 8 +-
net/netfilter/core.c | 13 +-
net/netfilter/ipset/ip_set_core.c | 11 +-
net/netfilter/nf_conntrack_standalone.c | 15 -
net/netfilter/nf_hooks_lwtunnel.c | 67 ++++
net/netfilter/nf_internals.h | 6 +
tools/testing/selftests/net/Makefile | 2 +
tools/testing/selftests/net/config | 2 +
.../selftests/net/srv6_end_dx4_netfilter_test.sh | 335 ++++++++++++++++++++
.../selftests/net/srv6_end_dx6_netfilter_test.sh | 340 +++++++++++++++++++++
11 files changed, 776 insertions(+), 26 deletions(-)
create mode 100755 tools/testing/selftests/net/srv6_end_dx4_netfilter_test.sh
create mode 100755 tools/testing/selftests/net/srv6_end_dx6_netfilter_test.sh
Hi, The following patchset contains Netfilter fixes for net: Patch #1 fixes the suspicious RCU usage warning that resulted from the recent fix for the race between namespace cleanup and gc in ipset left out checking the pernet exit phase when calling rcu_dereference_protected(), from Jozsef Kadlecsik. Patch #2 fixes incorrect input and output netdevice in SRv6 prerouting hooks, from Jianguo Wu. Patch #3 moves nf_hooks_lwtunnel sysctl toggle to the netfilter core. The connection tracking system is loaded on-demand, this ensures availability of this knob regardless. Patch #4-#5 adds selftests for SRv6 netfilter hooks also from Jianguo Wu. Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git nf-24-06-19 Thanks. ---------------------------------------------------------------- The following changes since commit a8763466669d21b570b26160d0a5e0a2ee529d22: selftests: openvswitch: Set value to nla flags. (2024-06-19 13:10:53 +0100) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git tags/nf-24-06-19 for you to fetch changes up to 221200ffeb065c6bbd196760c168b42305961655: selftests: add selftest for the SRv6 End.DX6 behavior with netfilter (2024-06-19 18:42:10 +0200) ---------------------------------------------------------------- netfilter pull request 24-06-19 ---------------------------------------------------------------- Jianguo Wu (4): seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core selftests: add selftest for the SRv6 End.DX4 behavior with netfilter selftests: add selftest for the SRv6 End.DX6 behavior with netfilter Jozsef Kadlecsik (1): netfilter: ipset: Fix suspicious rcu_dereference_protected() include/net/netns/netfilter.h | 3 + net/ipv6/seg6_local.c | 8 +- net/netfilter/core.c | 13 +- net/netfilter/ipset/ip_set_core.c | 11 +- net/netfilter/nf_conntrack_standalone.c | 15 - net/netfilter/nf_hooks_lwtunnel.c | 67 ++++ net/netfilter/nf_internals.h | 6 + tools/testing/selftests/net/Makefile | 2 + tools/testing/selftests/net/config | 2 + .../selftests/net/srv6_end_dx4_netfilter_test.sh | 335 ++++++++++++++++++++ .../selftests/net/srv6_end_dx6_netfilter_test.sh | 340 +++++++++++++++++++++ 11 files changed, 776 insertions(+), 26 deletions(-) create mode 100755 tools/testing/selftests/net/srv6_end_dx4_netfilter_test.sh create mode 100755 tools/testing/selftests/net/srv6_end_dx6_netfilter_test.sh