| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230124183933.4752-1-pablo@netfilter.org>
Date: Tue, 24 Jan 2023 19:39:29 +0100
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net, netdev@...r.kernel.org, kuba@...nel.org,
pabeni@...hat.com, edumazet@...gle.com
Subject: [PATCH net 0/4] Netfilter fixes for net
Hi,
The following patchset contains Netfilter fixes for net:
1) Perform SCTP vtag verification for ABORT/SHUTDOWN_COMPLETE according
to RFC 9260, Sect 8.5.1.
2) Fix infinite loop if SCTP chunk size is zero in for_each_sctp_chunk().
And remove useless check in this macro too.
3) Revert DATA_SENT state in the SCTP tracker, this was applied in the
previous merge window. Next patch in this series provides a more
simple approach to multihoming support.
4) Unify HEARTBEAT_ACKED and ESTABLISHED states for SCTP multihoming
support, use default ESTABLISHED of 210 seconds based on
heartbeat timeout * maximum number of retransmission + round-trip timeout.
Otherwise, SCTP conntrack entry that represents secondary paths
remain stale in the table for up to 5 days.
This is a slightly large batch with fixes for the SCTP connection
tracking helper, all patches from Sriram Yagnaraman.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git
Thanks.
----------------------------------------------------------------
The following changes since commit 208a21107ef0ae86c92078caf84ce80053e73f7a:
Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue (2023-01-23 22:36:59 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git HEAD
for you to fetch changes up to a44b7651489f26271ac784b70895e8a85d0cebf4:
netfilter: conntrack: unify established states for SCTP paths (2023-01-24 09:52:52 +0100)
----------------------------------------------------------------
Sriram Yagnaraman (4):
netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
netfilter: conntrack: fix bug in for_each_sctp_chunk
Revert "netfilter: conntrack: add sctp DATA_SENT state"
netfilter: conntrack: unify established states for SCTP paths
Documentation/networking/nf_conntrack-sysctl.rst | 10 +-
include/uapi/linux/netfilter/nf_conntrack_sctp.h | 3 +-
include/uapi/linux/netfilter/nfnetlink_cttimeout.h | 3 +-
net/netfilter/nf_conntrack_proto_sctp.c | 170 +++++++++------------
net/netfilter/nf_conntrack_standalone.c | 16 --
5 files changed, 77 insertions(+), 125 deletions(-)
Powered by blists - more mailing lists