| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200909094219.17732-1-pablo@netfilter.org>
Date: Wed, 9 Sep 2020 11:42:06 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 00/13] Netfilter updates for net-next
Hi,
The following patchset contains Netfilter updates for net-next:
1) Rewrite inner header IPv6 in ICMPv6 messages in ip6t_NPT,
from Michael Zhou.
2) do_ip_vs_set_ctl() dereferences uninitialized value,
from Peilin Ye.
3) Support for userdata in tables, from Jose M. Guisado.
4) Do not increment ct error and invalid stats at the same time,
from Florian Westphal.
5) Remove ct ignore stats, also from Florian.
6) Add ct stats for clash resolution, from Florian Westphal.
7) Bump reference counter bump on ct clash resolution only,
this is safe because bucket lock is held, again from Florian.
8) Use ip_is_fragment() in xt_HMARK, from YueHaibing.
9) Add wildcard support for nft_socket, from Balazs Scheidler.
10) Remove superfluous IPVS dependency on iptables, from
Yaroslav Bolyukin.
11) Remove unused definition in ebt_stp, from Wang Hai.
12) Replace CONFIG_NFT_CHAIN_NAT_{IPV4,IPV6} by CONFIG_NFT_NAT
in selftests/net, from Fabian Frederick.
13) Add userdata support for nft_object, from Jose M. Guisado.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thank you.
----------------------------------------------------------------
The following changes since commit 0f091e43310f5c292b7094f9f115e651358e8053:
netlabel: remove unused param from audit_log_format() (2020-08-28 09:08:51 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to b131c96496b369c7b14125e7c50e89ac7cec8051:
netfilter: nf_tables: add userdata support for nft_object (2020-09-08 16:35:38 +0200)
----------------------------------------------------------------
Balazs Scheidler (1):
netfilter: nft_socket: add wildcard support
Fabian Frederick (1):
selftests/net: replace obsolete NFT_CHAIN configuration
Florian Westphal (4):
netfilter: conntrack: do not increment two error counters at same time
netfilter: conntrack: remove ignore stats
netfilter: conntrack: add clash resolution stat counter
netfilter: conntrack: remove unneeded nf_ct_put
Jose M. Guisado Gomez (2):
netfilter: nf_tables: add userdata attributes to nft_table
netfilter: nf_tables: add userdata support for nft_object
Michael Zhou (1):
netfilter: ip6t_NPT: rewrite addresses in ICMPv6 original packet
Peilin Ye (1):
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
Wang Hai (1):
netfilter: ebt_stp: Remove unused macro BPDU_TYPE_TCN
Yaroslav Bolyukin (1):
ipvs: remove dependency on ip6_tables
YueHaibing (1):
netfilter: xt_HMARK: Use ip_is_fragment() helper
include/linux/netfilter/nf_conntrack_common.h | 2 +-
include/net/ip_vs.h | 3 --
include/net/netfilter/nf_tables.h | 4 ++
include/uapi/linux/netfilter/nf_tables.h | 6 +++
include/uapi/linux/netfilter/nfnetlink_conntrack.h | 3 +-
net/bridge/netfilter/ebt_stp.c | 1 -
net/ipv6/netfilter/ip6t_NPT.c | 39 +++++++++++++++
net/netfilter/ipvs/Kconfig | 1 -
net/netfilter/ipvs/ip_vs_ctl.c | 7 +--
net/netfilter/nf_conntrack_core.c | 25 ++++------
net/netfilter/nf_conntrack_netlink.c | 5 +-
net/netfilter/nf_conntrack_standalone.c | 4 +-
net/netfilter/nf_tables_api.c | 57 ++++++++++++++++++----
net/netfilter/nft_socket.c | 27 ++++++++++
net/netfilter/xt_HMARK.c | 2 +-
tools/testing/selftests/net/config | 3 +-
16 files changed, 148 insertions(+), 41 deletions(-)
Powered by blists - more mailing lists