diff options
| -rw-r--r-- | 0000_README | 4 | ||||
| -rw-r--r-- | 2005_netfilter-xtables-fix-typo.patch | 71 |
2 files changed, 75 insertions, 0 deletions
diff --git a/0000_README b/0000_README index bc9ad19b..f8027890 100644 --- a/0000_README +++ b/0000_README @@ -519,6 +519,10 @@ Patch: 2000_BT-Check-key-sizes-only-if-Secure-Simple-Pairing-enabled.patch From: https://lore.kernel.org/linux-bluetooth/20190522070540.48895-1-marcel@holtmann.org/raw Desc: Bluetooth: Check key sizes only when Secure Simple Pairing is enabled. See bug #686758 +Patch: 2005_netfilter-xtables-fix-typo.patch +From: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=306ed1728e8438caed30332e1ab46b28c25fe3d8 +Desc: netfilter: xtables: fix typo causing some targets not to load on IPv6 + Patch: 2010_Fix_randomize_layout_crash_in_struct_neigh.patch From: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=45b3fae4675d Desc: neighbour: Fix __randomize_layout crash in struct neighbour diff --git a/2005_netfilter-xtables-fix-typo.patch b/2005_netfilter-xtables-fix-typo.patch new file mode 100644 index 00000000..6a7dfc7c --- /dev/null +++ b/2005_netfilter-xtables-fix-typo.patch @@ -0,0 +1,71 @@ +From 306ed1728e8438caed30332e1ab46b28c25fe3d8 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Sun, 20 Oct 2024 14:49:51 +0200 +Subject: netfilter: xtables: fix typo causing some targets not to load on IPv6 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- There is no NFPROTO_IPV6 family for mark and NFLOG. +- TRACE is also missing module autoload with NFPROTO_IPV6. + +This results in ip6tables failing to restore a ruleset. This issue has been +reported by several users providing incomplete patches. + +Very similar to Ilya Katsnelson's patch including a missing chunk in the +TRACE extension. + +Fixes: 0bfcb7b71e73 ("netfilter: xtables: avoid NFPROTO_UNSPEC where needed") +Reported-by: Ignat Korchagin <ignat@cloudflare.com> +Reported-by: Ilya Katsnelson <me@0upti.me> +Reported-by: Krzysztof Olędzki <ole@ans.pl> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + net/netfilter/xt_NFLOG.c | 2 +- + net/netfilter/xt_TRACE.c | 1 + + net/netfilter/xt_mark.c | 2 +- + 3 files changed, 3 insertions(+), 2 deletions(-) + +(limited to 'net/netfilter') + +diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c +index d80abd6ccaf8f7..6dcf4bc7e30b2a 100644 +--- a/net/netfilter/xt_NFLOG.c ++++ b/net/netfilter/xt_NFLOG.c +@@ -79,7 +79,7 @@ static struct xt_target nflog_tg_reg[] __read_mostly = { + { + .name = "NFLOG", + .revision = 0, +- .family = NFPROTO_IPV4, ++ .family = NFPROTO_IPV6, + .checkentry = nflog_tg_check, + .destroy = nflog_tg_destroy, + .target = nflog_tg, +diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c +index f3fa4f11348cd8..a642ff09fc8e8c 100644 +--- a/net/netfilter/xt_TRACE.c ++++ b/net/netfilter/xt_TRACE.c +@@ -49,6 +49,7 @@ static struct xt_target trace_tg_reg[] __read_mostly = { + .target = trace_tg, + .checkentry = trace_tg_check, + .destroy = trace_tg_destroy, ++ .me = THIS_MODULE, + }, + #endif + }; +diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c +index f76fe04fc9a4e1..65b965ca40ea7e 100644 +--- a/net/netfilter/xt_mark.c ++++ b/net/netfilter/xt_mark.c +@@ -62,7 +62,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = { + { + .name = "MARK", + .revision = 2, +- .family = NFPROTO_IPV4, ++ .family = NFPROTO_IPV6, + .target = mark_tg, + .targetsize = sizeof(struct xt_mark_tginfo2), + .me = THIS_MODULE, +-- +cgit 1.2.3-korg + |