[PATCH 00/13] Netfilter fixes for net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi David,

The following patchset contains Netfilter fixes for your net tree,
they are:

1) Fix compilation warning in xt_hashlimit on m68k 32-bits, from
   Geert Uytterhoeven.

2) Fix wrong timeout in set elements added from packet path via
   nft_dynset, from Anders K. Pedersen.

3) Remove obsolete nf_conntrack_events_retry_timeout sysctl
   documentation, from Nicolas Dichtel.

4) Ensure proper initialization of log flags via xt_LOG, from
   Liping Zhang.

5) Missing alias to autoload ipcomp, also from Liping Zhang.

6) Missing NFTA_HASH_OFFSET attribute validation, again from Liping.

7) Wrong integer type in the new nft_parse_u32_check() function,
   from Dan Carpenter.

8) Another wrong integer type declaration in nft_exthdr_init, also
   from Dan Carpenter.

9) Fix insufficient mode validation in nft_range.

10) Fix compilation warning in nft_range due to possible uninitialized
    value, from Arnd Bergmann.

11) Zero nf_hook_ops allocated via xt_hook_alloc() in x_tables to
    calm down kmemcheck, from Florian Westphal.

12) Schedule gc_worker() to run again if GC_MAX_EVICTS quota is reached,
    from Nicolas Dichtel.

13) Fix nf_queue() after conversion to single-linked hook list, related
    to incorrect bypass flag handling and incorrect hook point of
    reinjection.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks!

----------------------------------------------------------------

The following changes since commit 6d3a4c404648e415e7d96e285d723936d4df7ed0:

  strparser: Propagate correct error code in strp_recv() (2016-10-12 01:51:49 -0400)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 7034b566a4e7d550621c2dfafd380b77b3787cd9:

  netfilter: fix nf_queue handling (2016-10-20 19:59:59 +0200)

----------------------------------------------------------------
Anders K. Pedersen (1):
      netfilter: nft_dynset: fix element timeout for HZ != 1000

Arnd Bergmann (1):
      netfilter: nf_tables: avoid uninitialized variable warning

Dan Carpenter (2):
      netfilter: nf_tables: underflow in nft_parse_u32_check()
      netfilter: nft_exthdr: fix error handling in nft_exthdr_init()

Florian Westphal (1):
      netfilter: x_tables: suppress kmemcheck warning

Geert Uytterhoeven (1):
      netfilter: xt_hashlimit: Add missing ULL suffixes for 64-bit constants

Liping Zhang (3):
      netfilter: xt_NFLOG: fix unexpected truncated packet
      netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias name
      netfilter: nft_hash: add missing NFTA_HASH_OFFSET's nla_policy

Nicolas Dichtel (2):
      netfilter: conntrack: remove obsolete sysctl (nf_conntrack_events_retry_timeout)
      netfilter: conntrack: restart gc immediately if GC_MAX_EVICTS is reached

Pablo Neira Ayuso (2):
      netfilter: nft_range: validate operation netlink attribute
      netfilter: fix nf_queue handling

 Documentation/networking/nf_conntrack-sysctl.txt | 18 ---------
 net/netfilter/core.c                             | 13 ++-----
 net/netfilter/nf_conntrack_core.c                |  2 +-
 net/netfilter/nf_internals.h                     |  2 +-
 net/netfilter/nf_queue.c                         | 48 ++++++++++++++++--------
 net/netfilter/nf_tables_api.c                    |  2 +-
 net/netfilter/nft_dynset.c                       |  6 ++-
 net/netfilter/nft_exthdr.c                       |  3 +-
 net/netfilter/nft_hash.c                         |  1 +
 net/netfilter/nft_range.c                        | 26 +++++++++----
 net/netfilter/x_tables.c                         |  2 +-
 net/netfilter/xt_NFLOG.c                         |  1 +
 net/netfilter/xt_hashlimit.c                     |  4 +-
 net/netfilter/xt_ipcomp.c                        |  2 +
 14 files changed, 70 insertions(+), 60 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux