Hi Dave,
the following patches fix a couple of bugs in netfilter and IPVS:
- a fix for a crash triggered by fragmentes received by bridge netfilter being
combined with fragments received on non-bridge devices from myself
- a fix for IPVS synchronization on connection close from Xiaotian Feng
- a fix for use of uninitialized fields in IPVS from Simon Horman
- a patch to document the minimal required iptables version from Jan Engelhardt
I'll also push the fragment fix to stable (forgot to add CC before committing)
once it hits mainline.
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master
Thanks!
Documentation/Changes | 2 ++
include/net/ip.h | 1 +
include/net/ipv6.h | 8 ++++++++
include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 2 +-
net/ipv4/netfilter/nf_defrag_ipv4.c | 21 +++++++++++++++++----
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 19 +++++++++++++++++--
net/ipv6/netfilter/nf_conntrack_reasm.c | 7 ++++---
net/ipv6/reassembly.c | 5 ++++-
net/netfilter/ipvs/ip_vs_core.c | 1 +
net/netfilter/ipvs/ip_vs_ctl.c | 4 ++++
10 files changed, 59 insertions(+), 11 deletions(-)
Jan Engelhardt (1):
netfilter: xtables: document minimal required version
Patrick McHardy (2):
ipv6: reassembly: use seperate reassembly queues for conntrack and local delivery
netfilter: fix crashes in bridge netfilter caused by fragment jumps
Simon Horman (1):
ipvs: zero usvc and udest
Xiaotian Feng (1):
ipvs: fix synchronization on connection close
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
