[PATCH 0/5] Netfilter fixes for net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi David,

The following patchset contains Netfilter fixes for your net tree, they are:

1) Fixed hashtable representation doesn't support timeout flag, skip it
   otherwise rules to add elements from the packet fail bogusly fail with
   EOPNOTSUPP.

2) Fix bogus error with 32-bits ebtables userspace and 64-bits kernel,
   patch from Florian Westphal.

3) Sanitize proc names in several x_tables extensions, also from Florian.

4) Add sanitization to ebt_among wormhash logic, from Florian.

5) Missing release of hook array in flowtable.


You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks!

----------------------------------------------------------------

The following changes since commit ce380619fab99036f5e745c7a865b21c59f005f6:

  Merge tag 'please-pull-ia64_misc' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux (2018-03-05 20:31:14 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to c04a3f730021c304c7cc4bc30ee57ee70ad98d57:

  netfilter: nf_tables: release flowtable hooks (2018-03-11 21:24:56 +0100)

----------------------------------------------------------------
Florian Westphal (3):
      netfilter: ebtables: fix erroneous reject of last rule
      netfilter: x_tables: add and use xt_check_proc_name
      netfilter: bridge: ebt_among: add more missing match size checks

Pablo Neira Ayuso (2):
      netfilter: nft_set_hash: skip fixed hash if timeout is specified
      netfilter: nf_tables: release flowtable hooks

 include/linux/netfilter/x_tables.h |  2 ++
 net/bridge/netfilter/ebt_among.c   | 34 ++++++++++++++++++++++++++++++++++
 net/bridge/netfilter/ebtables.c    |  6 +++++-
 net/netfilter/nf_tables_api.c      |  1 +
 net/netfilter/nft_set_hash.c       |  2 +-
 net/netfilter/x_tables.c           | 30 ++++++++++++++++++++++++++++++
 net/netfilter/xt_hashlimit.c       | 16 ++++++++++------
 net/netfilter/xt_recent.c          |  6 +++---
 8 files changed, 86 insertions(+), 11 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux