[PATCH v3] netfilter: nf_tables: Implement jump limit for nft_table_validate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: [PATCH v3] netfilter: nf_tables: Implement jump limit for nft_table_validate
From: Shaun Brady <brady.1345@xxxxxxxxx>
Date: Mon, 12 May 2025 22:08:56 -0400
Cc: ppwaskie@xxxxxxxxxx, fw@xxxxxxxxx

Observing https://bugzilla.netfilter.org/show_bug.cgi?id=1665, I was
able to reproduce the bug using linux-stable.  Summarized, when adding
large/repeated jump chains, while still staying under the
NFT_JUMP_STACK_SIZE (currently 16), the kernel soons locks up.

Follow-Ups:
- Re: [PATCH v3] netfilter: nf_tables: Implement jump limit for nft_table_validate
  - From: Pablo Neira Ayuso

Prev by Date: Re: [PATCHv2 net-next 0/6] selftests: net: configure rp_filter in setup_ns
Next by Date: Re: Re: Fix resource leak in iptables/xtables-restore.c
Previous by thread: [PATCH nf-next v1 0/3] netfilter: Cover more per-CPU storage with local nested BH locking.
Next by thread: Re: [PATCH v3] netfilter: nf_tables: Implement jump limit for nft_table_validate
Index(es):
- Date
- Thread

[Index of Archives] [Netfitler Users] [Berkeley Packet Filter] [LARTC] [Bugtraq] [Yosemite Forum]

Powered by Linux