From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Hi David, The following patchset contains three Netfilter fixes, they are: * Fix conntrack helper re-assignment after NAT mangling if only if the same helper is attached to the conntrack again, from Florian Westphal. * Don't allow the creation of conntrack entries via ctnetlink if the original and reply tuples are missing, from Florian Westphal. * Fix broken sysctl interface in nf_ct_reasm while adding netns support to it, from Michal Kubecek. Again, these are coming very late but they seem small and non-intrusive to me. If case your verdict is positive, you can pull this changes from: git://1984.lsi.us.es/nf master Thanks! Florian Westphal (2): netfilter: ctnetlink: don't permit ct creation with random tuple netfilter: nf_ct_helper: don't discard helper if it is actually the same Michal Kubeček (1): netfilter: nf_ct_reasm: fix per-netns sysctl initialization net/ipv6/netfilter/nf_conntrack_reasm.c | 6 +++--- net/netfilter/nf_conntrack_helper.c | 4 +++- net/netfilter/nf_conntrack_netlink.c | 3 +++ 3 files changed, 9 insertions(+), 4 deletions(-) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
