Hi Dave,
the following patches for 2.6.27 contain fixes for some netfilter issues:
- a fix for inverted destination address matching in the addrtype match
- a fix to make linux/netfilter.h directly includable in userspace by
moving necessary includes outside of #ifdef __KERNEL__
- three ctnetlink fixes for sleep inside locked section and double
helper assignment
- a change to use secure_ipv4_port_ephemeral() for NAT port randomization
to avoid concerns about leaking prng state
Please apply, thanks.
drivers/char/random.c | 1 +
include/linux/netfilter.h | 4 +-
net/ipv4/netfilter/ipt_addrtype.c | 2 +-
net/ipv4/netfilter/nf_nat_proto_common.c | 8 +++++-
net/netfilter/nf_conntrack_netlink.c | 36 ++++++++++++++++-------------
5 files changed, 30 insertions(+), 21 deletions(-)
Anders Grafström (1):
netfilter: ipt_addrtype: Fix matching of inverted destination address type
Matt Kraai (1):
netfilter: Move linux/in.h and linux/in6.h inclusions outside of #ifdef __KERNEL__
Pablo Neira Ayuso (3):
netfilter: ctnetlink: fix double helper assignation for NAT'ed conntracks
netfilter: ctnetlink: fix sleep in read-side lock section
netfilter: ctnetlink: sleepable allocation with spin lock bh
Stephen Hemminger (1):
nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
