From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sat, 31 Jan 2015 21:55:07 +0100 > The following patchset contains Netfilter/IPVS fixes for your net tree, > they are: > > 1) Validate hooks for nf_tables NAT expressions, otherwise users can > crash the kernel when using them from the wrong hook. We already > got one user trapped on this when configuring masquerading. > > 2) Fix a BUG splat in nf_tables with CONFIG_DEBUG_PREEMPT=y. Reported > by Andreas Schultz. > > 3) Avoid unnecessary reroute of traffic in the local input path > in IPVS that triggers a crash in in xfrm. Reported by Florian > Wiessner and fixes by Julian Anastasov. > > 4) Fix memory and module refcount leak from the error path of > nf_tables_newchain(). Pulled, thanks Pablo. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
