git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 11 Mar 2026 15:24:02 +0000 (16:24 +0100)
committer	Florian Westphal <fw@strlen.de>
	Fri, 13 Mar 2026 14:31:14 +0000 (15:31 +0100)
commit	598adea720b97572c7028635cb1c59b3684e128c
tree	f672d31db29a185bcfacd4b0a8e96c56cf972816	tree \| snapshot
parent	fbce58e719a17aa215c724473fd5baaa4a8dc57c	commit \| diff

netfilter: revert nft_set_rbtree: validate open interval overlap

This reverts commit 648946966a08 ("netfilter: nft_set_rbtree: validate
open interval overlap").

There have been reports of nft failing to laod valid rulesets after this
patch was merged into -stable.

I can reproduce several such problem with recent nft versions, including
nft 1.1.6 which is widely shipped by distributions.

We currently have little choice here.
This commit can be resurrected at some point once the nftables fix that
triggers the false overlap positive has appeared in common distros
(see e83e32c8d1cd ("mnl: restore create element command with large batches" in
nftables.git).

Fixes: 648946966a08 ("netfilter: nft_set_rbtree: validate open interval overlap")
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

include/net/netfilter/nf_tables.h		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history
net/netfilter/nft_set_rbtree.c		diff \| blob \| blame \| history