From: Jakub Kicinski Date: Sun, 4 Jan 2026 18:59:59 +0000 (-0800) Subject: Merge tag 'nf-26-01-02' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf X-Git-Tag: v6.19-rc5~29^2~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6f6c6d90965cde092d159a57f0d4eae701d63a7;p=thirdparty%2Fkernel%2Flinux.git Merge tag 'nf-26-01-02' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Florian Westphal says: ==================== netfilter: updates for net The following patchset contains Netfilter fixes for *net*: 1) Fix overlap detection for nf_tables with concatenated ranges. There are cases where element could not be added due to a conflict with existing range, while kernel reports success to userspace. 2) update selftest to cover this bug. 3) synproxy update path should use READ/WRITE once as we replace config struct while packet path might read it in parallel. This relies on said config struct to fit sizeof(long). From Fernando Fernandez Mancera. 4) Don't return -EEXIST from xtables in module load path, a pending patch to module infra will spot a warning if this happens. From Daniel Gomez. 5) Fix a memory leak in nf_tables when chain hits 2**32 users and rule is to be hw-offloaded, from Zilin Guan. 6) Avoid infinite list growth when insert rate is high in nf_conncount, also from Fernando. * tag 'nf-26-01-02' of https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nf_conncount: update last_gc only when GC has been performed netfilter: nf_tables: fix memory leak in nf_tables_newrule() netfilter: replace -EEXIST with -EBUSY netfilter: nft_synproxy: avoid possible data-race on update operation selftests: netfilter: nft_concat_range.sh: add check for overlap detection bug netfilter: nft_set_pipapo: fix range overlap detection ==================== Link: https://patch.msgid.link/20260102114128.7007-1-fw@strlen.de Signed-off-by: Jakub Kicinski --- d6f6c6d90965cde092d159a57f0d4eae701d63a7