lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 12 Feb 2017 20:42:32 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 00/21] Netfilter updates for net-next

Hi David,

The following patchset contains Netfilter updates for your net-next
tree, most relevantly they are:

1) Extend nft_exthdr to allow to match TCP options bitfields, from
   Manuel Messner.

2) Allow to check if IPv6 extension header is present in nf_tables,
   from Phil Sutter.

3) Allow to set and match conntrack zone in nf_tables, patches from
   Florian Westphal.

4) Several patches for the nf_tables set infrastructure, this includes
   cleanup and preparatory patches to add the new bitmap set type.

5) Add optional ruleset generation ID check to nf_tables and allow to
   delete rules that got no public handle yet via NFTA_RULE_ID. These
   patches add the missing kernel infrastructure to support rule
   deletion by description from userspace.

6) Missing NFT_SET_OBJECT flag to select the right backend when sets
   stores an object map.

7) A couple of cleanups for the expectation and SIP helper, from Gao
   feng.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git

Thanks!

----------------------------------------------------------------

The following changes since commit 6e7bc478c9a006c701c14476ec9d389a484b4864:

  net: skb_needs_check() accepts CHECKSUM_NONE for tx (2017-02-03 17:33:01 -0500)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD

for you to fetch changes up to 7286ff7fde9f963736c7e575572899d8e16b06b7:

  netfilter: nf_tables: honor NFT_SET_OBJECT in set backend selection (2017-02-12 14:45:14 +0100)

----------------------------------------------------------------
Florian Westphal (3):
      netfilter: nft_ct: add zone id get support
      netfilter: nft_ct: prepare for key-dependent error unwind
      netfilter: nft_ct: add zone id set support

Gao Feng (2):
      netfilter: nf_ct_sip: Use mod_timer_pending()
      netfilter: nf_ct_expect: nf_ct_expect_insert() returns void

Manuel Messner (1):
      netfilter: nft_exthdr: add TCP option matching

Pablo Neira Ayuso (14):
      netfilter: nf_tables: pass netns to set->ops->remove()
      netfilter: nf_tables: use struct nft_set_iter in set element flush
      netfilter: nf_tables: rename deactivate_one() to flush()
      netfilter: nf_tables: add flush field to struct nft_set_iter
      netfilter: nf_tables: rename struct nft_set_estimate class field
      netfilter: nf_tables: add space notation to sets
      netfilter: nf_tables: add bitmap set type
      netfilter: nfnetlink: get rid of u_intX_t types
      netfilter: nfnetlink: add nfnetlink_rcv_skb_batch()
      netfilter: nfnetlink: allow to check for generation ID
      netfilter: nf_tables: add check_genid to the nfnetlink subsystem
      netfilter: nf_tables: add NFTA_RULE_ID attribute
      netfilter: update MAINTAINERS
      netfilter: nf_tables: honor NFT_SET_OBJECT in set backend selection

Phil Sutter (1):
      netfilter: nft_exthdr: Add support for existence check

 MAINTAINERS                              |   3 +-
 include/linux/netfilter/nfnetlink.h      |   1 +
 include/net/netfilter/nf_tables.h        |  21 ++-
 include/uapi/linux/netfilter/nf_tables.h |  27 ++-
 include/uapi/linux/netfilter/nfnetlink.h |  12 ++
 net/netfilter/Kconfig                    |  10 +-
 net/netfilter/Makefile                   |   1 +
 net/netfilter/nf_conntrack_expect.c      |   8 +-
 net/netfilter/nf_conntrack_sip.c         |  12 +-
 net/netfilter/nf_tables_api.c            |  89 ++++++---
 net/netfilter/nfnetlink.c                |  90 ++++++---
 net/netfilter/nft_ct.c                   | 195 +++++++++++++++++--
 net/netfilter/nft_exthdr.c               | 139 ++++++++++++--
 net/netfilter/nft_set_bitmap.c           | 314 +++++++++++++++++++++++++++++++
 net/netfilter/nft_set_hash.c             |  16 +-
 net/netfilter/nft_set_rbtree.c           |  16 +-
 16 files changed, 832 insertions(+), 122 deletions(-)
 create mode 100644 net/netfilter/nft_set_bitmap.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ