Hi Dave, these three patches fix (again) skb_over_panic caused by netfilter queueing, a namespace leak when reading /proc/net/xxx_tables_names and incorrect error handling in the TCPOPTSTRIP target. Please apply, thanks. net/ipv4/netfilter/ip_queue.c | 5 ++--- net/ipv6/netfilter/ip6_queue.c | 5 ++--- net/netfilter/nfnetlink_queue.c | 5 ++--- net/netfilter/x_tables.c | 2 +- net/netfilter/xt_TCPOPTSTRIP.c | 2 +- 5 files changed, 8 insertions(+), 11 deletions(-) Arnaud Ebalard (1): [NETFILTER]: {nfnetlink,ip,ip6}_queue: fix skb_over_panic when enlarging packets Pavel Emelyanov (1): [NETFILTER]: x_tables: fix net namespace leak when reading /proc/net/xxx_tables_names Roel Kluin (1): [NETFILTER]: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retval -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html