From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Fri, 9 May 2014 12:56:01 +0200 > The following batch contains netfilter fixes for your net tree, they are: > > 1) Fix use after free in nfnetlink when sending a batch for some > unsupported subsystem, from Denys Fedoryshchenko. > > 2) Skip autoload of the nat module if no binding is specified via > ctnetlink, from Florian Westphal. > > 3) Set local_df after netfilter defragmentation to avoid a bogus ICMP > fragmentation needed in the forwarding path, also from Florian. > > 4) Fix potential user after free in ip6_route_me_harder() when returning > the error code to the upper layers, from Sergey Popovich. > > 5) Skip possible bogus ICMP time exceeded emitted from the router (not > valid according to RFC) if conntrack zones are used, from Vasily Averin. > > 6) Fix fragment handling when nf_defrag_ipv4 is loaded but nf_conntrack > is not present, also from Vasily. Pulled, thanks a lot Pablo. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
