git.ipfire.org Git - thirdparty/linux.git/commit

author	Fernando Fernandez Mancera <fmancera@suse.de>
	Mon, 30 Mar 2026 15:19:34 +0000 (17:19 +0200)
committer	Florian Westphal <fw@strlen.de>
	Fri, 10 Apr 2026 10:16:26 +0000 (12:16 +0200)
commit	84dee05d9d61884ee0986f5b4f3d69886f7dfeb0
tree	85e6576a2329fac390dbd56aaca5cefad87e9837	tree \| snapshot
parent	542be3fa5aff54210a02954c38f07e53ea9bdafd	commit \| diff

netfilter: conntrack: remove UDP-Lite conntrack support

UDP-Lite (RFC 3828) socket support was recently retired from the core
networking stack. As a follow-up of that, drop the connection tracker
and NAT support for UDP-Lite in Netfilter.

This patch removes CONFIG_NF_CT_PROTO_UDPLITE and scrubs UDP-Lite
awareness from the conntrack core, NAT core, nft_ct, and ctnetlink.
Please note that stateless packet inspection, matching, ipsets or
logging support for IPPROTO_UDPLITE is preserved.

As conntrack no longer extracts UDP-Lite ports or tracks its L4 state,
when performing NAT the UDP-Lite checksum cannot be updated anymore.
That is an expected and acceptable consequence of removing UDP-Lite
conntrack module.

Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>

include/net/netfilter/ipv4/nf_conntrack_ipv4.h		diff \| blob \| blame \| history
include/net/netfilter/nf_conntrack_l4proto.h		diff \| blob \| blame \| history
net/netfilter/Kconfig		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_proto.c		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_proto_udp.c		diff \| blob \| blame \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| blame \| history
net/netfilter/nf_nat_core.c		diff \| blob \| blame \| history
net/netfilter/nf_nat_proto.c		diff \| blob \| blame \| history
net/netfilter/nfnetlink_cttimeout.c		diff \| blob \| blame \| history
net/netfilter/nft_ct.c		diff \| blob \| blame \| history