| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250710010706.2861281-1-pablo@netfilter.org>
Date: Thu, 10 Jul 2025 03:07:02 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: netfilter-devel@...r.kernel.org
Cc: davem@...emloft.net,
netdev@...r.kernel.org,
kuba@...nel.org,
pabeni@...hat.com,
edumazet@...gle.com,
fw@...len.de,
horms@...nel.org
Subject: Netfilter updates for net-next (v2)
v2: missing Signed-off-by: tags in patch 2/4 and 3/4.
-o-
Hi,
The following series contains an initial small batch of Netfilter
updates for net-next:
1) Remove DCCP conntrack support, keep DCCP matches around in order to
avoid breakage when loading ruleset, add Kconfig to wrap the code
so it can be disabled by distributors.
2) Remove buggy code aiming at shrinking netlink deletion event, then
re-add it correctly in another patch. This is to prevent -stable to
pick up on a fix that breaks old userspace. From Phil Sutter.
3) Missing WARN_ON_ONCE() to check for lockdep_commit_lock_is_held()
to uncover bugs. From Fedor Pchelkin.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-25-07-10
Thanks
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git nf-next-25-07-10
Thanks.
----------------------------------------------------------------
The following changes since commit 8b98f34ce1d8c520403362cb785231f9898eb3ff:
net: ipv6: Fix spelling mistake (2025-07-02 15:42:29 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git tags/nf-next-25-07-10
for you to fetch changes up to 8df1b40de76979bb8e975201d07b71103d5de820:
netfilter: nf_tables: adjust lockdep assertions handling (2025-07-10 03:01:22 +0200)
----------------------------------------------------------------
netfilter pull request 25-07-10
----------------------------------------------------------------
Fedor Pchelkin (1):
netfilter: nf_tables: adjust lockdep assertions handling
Pablo Neira Ayuso (1):
netfilter: conntrack: remove DCCP protocol support
Phil Sutter (2):
netfilter: nf_tables: Drop dead code from fill_*_info routines
netfilter: nf_tables: Reintroduce shortened deletion notifications
Documentation/networking/nf_conntrack-sysctl.rst | 1 -
arch/arm/configs/omap2plus_defconfig | 1 -
arch/loongarch/configs/loongson3_defconfig | 1 -
arch/m68k/configs/amiga_defconfig | 1 -
arch/m68k/configs/apollo_defconfig | 1 -
arch/m68k/configs/atari_defconfig | 1 -
arch/m68k/configs/bvme6000_defconfig | 1 -
arch/m68k/configs/hp300_defconfig | 1 -
arch/m68k/configs/mac_defconfig | 1 -
arch/m68k/configs/multi_defconfig | 1 -
arch/m68k/configs/mvme147_defconfig | 1 -
arch/m68k/configs/mvme16x_defconfig | 1 -
arch/m68k/configs/q40_defconfig | 1 -
arch/m68k/configs/sun3_defconfig | 1 -
arch/m68k/configs/sun3x_defconfig | 1 -
arch/mips/configs/fuloong2e_defconfig | 1 -
arch/mips/configs/ip22_defconfig | 1 -
arch/mips/configs/loongson2k_defconfig | 1 -
arch/mips/configs/loongson3_defconfig | 1 -
arch/mips/configs/malta_defconfig | 1 -
arch/mips/configs/malta_kvm_defconfig | 1 -
arch/mips/configs/maltaup_xpa_defconfig | 1 -
arch/mips/configs/rb532_defconfig | 1 -
arch/mips/configs/rm200_defconfig | 1 -
arch/powerpc/configs/cell_defconfig | 1 -
arch/s390/configs/debug_defconfig | 1 -
arch/s390/configs/defconfig | 1 -
arch/sh/configs/titan_defconfig | 1 -
include/linux/netfilter/nf_conntrack_dccp.h | 38 --
include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 3 -
include/net/netfilter/nf_conntrack.h | 2 -
include/net/netfilter/nf_conntrack_l4proto.h | 13 -
include/net/netfilter/nf_reject.h | 1 -
include/net/netns/conntrack.h | 13 -
net/netfilter/Kconfig | 20 +-
net/netfilter/Makefile | 1 -
net/netfilter/nf_conntrack_core.c | 8 -
net/netfilter/nf_conntrack_netlink.c | 1 -
net/netfilter/nf_conntrack_proto.c | 6 -
net/netfilter/nf_conntrack_proto_dccp.c | 826 -----------------------
net/netfilter/nf_conntrack_standalone.c | 92 ---
net/netfilter/nf_nat_core.c | 6 -
net/netfilter/nf_nat_proto.c | 43 --
net/netfilter/nf_tables_api.c | 56 +-
net/netfilter/nfnetlink_cttimeout.c | 5 -
net/netfilter/nft_exthdr.c | 8 +
46 files changed, 48 insertions(+), 1122 deletions(-)
delete mode 100644 include/linux/netfilter/nf_conntrack_dccp.h
delete mode 100644 net/netfilter/nf_conntrack_proto_dccp.c
Powered by blists - more mailing lists