On Sun, Aug 21, 2016 at 10:16:16PM +0200, Florian Westphal wrote: > Willy Tarreau <w@xxxxxx> wrote: > > On Sun, Aug 21, 2016 at 05:28:57PM +0200, Willy Tarreau wrote: > > > From: Florian Westphal <fw@xxxxxxxxx> > > > > > > commit 36472341017529e2b12573093cc0f68719300997 upstream. > > > > > > When we see a jump also check that the offset gets us to beginning of > > > a rule (an ipt_entry). > > (...) > > > > Sorry, this patch is bad and causes performance issues, I didn't notice > > that 3.14 had a different version, below. Thanks to Jay for reporting > > the problem to me. I'll push 3.10.103-rc2 after some cool down period. > > Please either hold this one back or also queue > commit f4dc77713f8016d2e8a3295e1c9c53a21f296def > netfilter: x_tables: speed up jump target validation > > It supersedes this one. OK, I'm postponing it then, as the patch above is not yet in more recent stable versions. Thanks Florian! Willy -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html