Hi Dave,
these three patches fix (again) skb_over_panic caused by netfilter queueing,
a namespace leak when reading /proc/net/xxx_tables_names and incorrect error
handling in the TCPOPTSTRIP target.
Please apply, thanks.
net/ipv4/netfilter/ip_queue.c | 5 ++---
net/ipv6/netfilter/ip6_queue.c | 5 ++---
net/netfilter/nfnetlink_queue.c | 5 ++---
net/netfilter/x_tables.c | 2 +-
net/netfilter/xt_TCPOPTSTRIP.c | 2 +-
5 files changed, 8 insertions(+), 11 deletions(-)
Arnaud Ebalard (1):
[NETFILTER]: {nfnetlink,ip,ip6}_queue: fix skb_over_panic when enlarging packets
Pavel Emelyanov (1):
[NETFILTER]: x_tables: fix net namespace leak when reading /proc/net/xxx_tables_names
Roel Kluin (1):
[NETFILTER]: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retval
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
