diff options
| author | David S. Miller <davem@davemloft.net> | 2018-03-24 22:10:01 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-03-24 22:10:01 +0100 |
| commit | b9ee96b45fddc2e507102f32ead30311814c1fc0 (patch) | |
| tree | 9344a53d4a029cfec2d2994182e60ddedbb6e509 /net/ipv6/syncookies.c | |
| parent | ipv6: fix possible deadlock in rt6_age_examine_exception() (diff) | |
| parent | netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6} (diff) | |
| download | linux-b9ee96b45fddc2e507102f32ead30311814c1fc0.tar.xz linux-b9ee96b45fddc2e507102f32ead30311814c1fc0.zip | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Don't pick fixed hash implementation for NFT_SET_EVAL sets, otherwise
userspace hits EOPNOTSUPP with valid rules using the meter statement,
from Florian Westphal.
2) If you send a batch that flushes the existing ruleset (that contains
a NAT chain) and the new ruleset definition comes with a new NAT
chain, don't bogusly hit EBUSY. Also from Florian.
3) Missing netlink policy attribute validation, from Florian.
4) Detach conntrack template from skbuff if IP_NODEFRAG is set on,
from Paolo Abeni.
5) Cache device names in flowtable object, otherwise we may end up
walking over devices going aways given no rtnl_lock is held.
6) Fix incorrect net_device ingress with ingress hooks.
7) Fix crash when trying to read more data than available in UDP
packets from the nf_socket infrastructure, from Subash.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/syncookies.c')
0 files changed, 0 insertions, 0 deletions