Hi David,
The following patchset contains two Netfilter fixes for your net
tree, they are:
* Fix endianness in nft_reject, the NFTA_REJECT_TYPE netlink attributes
was not converted to network byte order as needed by all nfnetlink
subsystems, from Eric Leblond.
* Restrict SYNPROXY target to INPUT and FORWARD chains, this avoid a
possible crash due to misconfigurations, from Patrick McHardy.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
Thanks!
----------------------------------------------------------------
The following changes since commit 8afdd99a1315e759de04ad6e2344f0c5f17ecb1b:
udp: ipv4: fix an use after free in __udp4_lib_rcv() (2013-12-10 22:58:40 -0500)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
for you to fetch changes up to a3adadf3018102c24754e0b53a5515c40fbaff4a:
netfilter: nft_reject: fix endianness in dump function (2013-12-12 09:37:39 +0100)
----------------------------------------------------------------
Eric Leblond (1):
netfilter: nft_reject: fix endianness in dump function
Patrick McHardy (1):
netfilter: SYNPROXY target: restrict to INPUT/FORWARD
net/ipv4/netfilter/ipt_SYNPROXY.c | 1 +
net/ipv4/netfilter/nft_reject_ipv4.c | 2 +-
net/ipv6/netfilter/ip6t_SYNPROXY.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
Eric Leblond (1):
netfilter: nft_reject: fix endianness in dump function
Patrick McHardy (1):
netfilter: SYNPROXY target: restrict to INPUT/FORWARD
net/ipv4/netfilter/ipt_SYNPROXY.c | 1 +
net/ipv4/netfilter/nft_reject_ipv4.c | 2 +-
net/ipv6/netfilter/ip6t_SYNPROXY.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
