AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-16 07:17:29 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
ae6153b50f
linux_dsm_epyc7002/net
History
Florian Westphal ae6153b50f netfilter: nf_tables: permit second nat hook if colliding hook is going away 
Sergei Trofimovich reported that restoring an nft ruleset doesn't work
anymore unless old rule content is flushed first.

The problem stems from a recent change designed to prevent multiple nat
hooks at the same hook point locations and nftables transaction model.

A 'flush ruleset' won't take effect until the entire transaction has
completed.

So, if one has a nft.rules file that contains a 'flush ruleset',
followed by a nat hook register request, then 'nft -f file' will work,
but running 'nft -f file' again will fail with -EBUSY.

Reason is that nftables will place the flush/removal requests in the
transaction list, but it will not act on the removal until after all new
rules are in place.

The netfilter core will therefore get request to register a new nat
hook before the old one is removed -- this now fails as the netfilter
core can't know the existing hook is staged for removal.

To fix this, we can search the transaction log when a hook collision
is detected.  The collision is okay if

 1. there is a delete request pending for the nat hook that is already
    registered.
 2. there is no second add request for a matching nat hook.
    This is required to only apply the exception once.

Fixes: f92b40a8b2 ("netfilter: core: only allow one nat hook per hook point")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-03-20 13:55:03 +01:00
..
6lowpan License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
9p virtio: bugfixes 2018-02-15 14:29:27 -08:00
802 treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
8021q vlan: Fix out of order vlan headers with reorder header off 2018-03-16 10:03:47 -04:00
appletalk net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
atm vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ax25 net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
batman-adv batman-adv: Fix internal interface indices types 2018-02-25 20:19:34 +01:00
bluetooth Bluetooth: Fix missing encryption refresh on Security Request 2018-03-01 19:55:56 +01:00
bpf bpf: fix null pointer deref in bpf_prog_test_run_xdp 2018-02-01 07:43:56 -08:00
bridge netfilter: bridge: ebt_among: add more missing match size checks 2018-03-11 21:24:49 +01:00
caif vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
can can: migrate documentation to restructured text 2018-01-26 10:46:44 +01:00
ceph libceph, ceph: avoid memory leak when specifying same option several times 2018-02-26 16:19:30 +01:00
core skbuff: Fix not waking applications when errors are enqueued 2018-03-16 12:35:33 -04:00
dcb rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
dccp dccp: check sk for closed state in dccp_sendmsg() 2018-03-07 13:38:56 -05:00
decnet dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock 2018-02-16 15:46:15 -05:00
dns_resolver afs: Support the AFS dynamic root 2018-02-06 14:43:37 +00:00
dsa net: dsa: Fix dsa_is_user_port() test inversion 2018-03-12 21:04:55 -04:00
ethernet
hsr net: hsr: Convert timers to use timer_setup() 2017-10-25 13:00:27 +09:00
ieee802154 ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() 2018-03-09 11:19:26 -05:00
ife MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
ipv4 ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu 2018-03-14 13:37:36 -04:00
ipv6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2018-03-13 10:38:07 -04:00
iucv net/iucv: Free memory obtained by kzalloc 2018-03-16 11:42:12 -04:00
kcm kcm: lock lower socket in kcm_attach 2018-03-16 11:12:16 -04:00
key af_key: Fix memory leak in key_notify_policy. 2018-01-10 09:45:11 +01:00
l2tp l2tp: fix races with ipv4-mapped ipv6 addresses 2018-03-12 15:11:09 -04:00
l3mdev
lapb treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
llc net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
mac80211 mac80211: drop frames with unexpected DS bits from fast-rx to slow path 2018-02-23 12:13:17 +01:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
mpls net: rename skb_gso_validate_mtu -> skb_gso_validate_network_len 2018-03-04 17:49:17 -05:00
ncsi net/ncsi: Don't take any action on HNCDSC AEN 2017-12-18 14:50:11 -05:00
netfilter netfilter: nf_tables: permit second nat hook if colliding hook is going away 2018-03-20 13:55:03 +01:00
netlabel net/netlabel: Add list_next_rcu() in rcu_dereference(). 2017-11-18 10:32:41 +09:00
netlink netlink: avoid a double skb free in genlmsg_mcast() 2018-03-16 12:34:48 -04:00
netrom net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
nfc NFC: llcp: Limit size of SDP URI 2018-02-16 15:16:05 -05:00
nsh openvswitch: enable NSH support 2017-11-08 16:12:33 +09:00
openvswitch openvswitch: meter: fix the incorrect calculation of max delta_t 2018-03-11 22:48:59 -04:00
packet vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
phonet vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
psample MAINTAINERS: Update Yotam's E-mail 2017-11-01 12:19:03 +09:00
qrtr qrtr: add MODULE_ALIAS macro to smd 2018-02-26 15:07:04 -05:00
rds rds: Incorrect reference counting in TCP socket creation 2018-03-02 09:40:27 -05:00
rfkill vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rose net: delete /proc THIS_MODULE references 2018-01-16 15:01:33 -05:00
rxrpc rxrpc: Fix send in rxrpc_send_data_packet() 2018-02-22 15:37:47 -05:00
sched net/sched: fix NULL dereference on the error path of tcf_skbmod_init() 2018-03-17 19:53:29 -04:00
sctp net: use skb_is_gso_sctp() instead of open-coding 2018-03-09 11:41:47 -05:00
smc net/smc: simplify wait when closing listen socket 2018-03-15 09:49:13 -04:00
strparser strparser: Call sock_owned_by_user_nocheck 2017-12-28 14:28:22 -05:00
sunrpc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
switchdev net: bridge: Add/del switchdev object on host join/leave 2017-11-10 13:41:40 +09:00
tipc tipc: correct initial value for group congestion flag 2018-02-27 11:46:03 -05:00
tls tls: Use correct sk->sk_prot for IPV6 2018-02-27 14:41:48 -05:00
unix net: af_unix: fix typo in UNIX_SKB_FRAGS_SZ comment 2018-02-13 12:21:45 -05:00
vmw_vsock vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
wimax License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
wireless cfg80211: add missing dependency to CFG80211 suboptions 2018-02-27 10:54:12 +01:00
x25 treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2018-03-13 10:38:07 -04:00
compat.c net: compat: assert the size of cmsg copied in is as expected 2017-09-20 15:36:18 -07:00
Kconfig Staging/IIO patches for 4.16-rc1 2018-02-01 09:51:57 -08:00
Makefile ipx: move Novell IPX protocol support into staging 2017-11-28 13:55:00 +01:00
socket.c sock_diag: request _diag module only when the family or proto has been registered 2018-03-12 11:03:42 -04:00
sysctl_net.c