Hi Pablo, here's a possible fix for xt_cgroups that was previously reported by Daniel Mack. I respinned the set based on your previous feedback wrt tw sockets. The first patch refactors common helpers, which is later on being used by the actual fix. Please see individual patches for details. I have rebased it against nf-next as in the previous version. Thanks a lot! v1->v2: - patch1 as is - patch2 checks for full socket Daniel Borkmann (2): netfilter: x_tables: refactor lookup helpers from xt_socket netfilter: x_tables: fix cgroup's NF_INET_LOCAL_IN sk lookups net/netfilter/Kconfig | 5 + net/netfilter/xt_cgroup.c | 92 +++++++++++--- net/netfilter/xt_sk_helper.h | 282 +++++++++++++++++++++++++++++++++++++++++ net/netfilter/xt_socket.c | 293 +++---------------------------------------- 4 files changed, 379 insertions(+), 293 deletions(-) create mode 100644 net/netfilter/xt_sk_helper.h -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
