From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 00/07: netfilter fixes
Date: Mon, 22 Jun 2009 14:53:49 +0200 (MEST) [thread overview]
Message-ID: <20090622125349.6531.35515.sendpatchset@x2.localnet> (raw)
Hi Dave,
the following patches fix a number of netfilter bugs:
- a conntrack race condition in death_by_timeout() when moving dying entries
to the dying list. Fix from Eric Dumazet.
- a conntrack confirmation race condition that might lead to new conntrack
entries becoming visible before they are fully set up.
- a conntrack lookup race condition that might lead to deleted conntrack
entries being returned
- some sparse endianess fixes
- a fix for the nf_log proc handler, which is accessing userspace memory directly
- an incomplete initialization in the quota match, fix from Jan Engelhardt
- an incorrect comparison in the rateest match
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6.git master
Thanks!
net/netfilter/nf_conntrack_core.c | 25 ++++++++++++++++++++-----
net/netfilter/nf_log.c | 16 +++++++++++-----
net/netfilter/xt_NFQUEUE.c | 8 ++++----
net/netfilter/xt_cluster.c | 8 ++++----
net/netfilter/xt_quota.c | 1 +
net/netfilter/xt_rateest.c | 2 +-
6 files changed, 41 insertions(+), 19 deletions(-)
Eric Dumazet (1):
netfilter: nf_conntrack: death_by_timeout() fix
Jan Engelhardt (1):
netfilter: xt_quota: fix incomplete initialization
Patrick McHardy (5):
netfilter: nf_conntrack: fix confirmation race condition
netfilter: nf_conntrack: fix conntrack lookup race
netfilter: fix some sparse endianess warnings
netfilter: nf_log: fix direct userspace memory access in proc handler
netfilter: xt_rateest: fix comparison with self
next reply other threads:[~2009-06-22 12:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-22 12:53 Patrick McHardy [this message]
2009-06-22 12:53 ` netfilter 01/07: nf_conntrack: death_by_timeout() fix Patrick McHardy
2009-06-22 12:53 ` netfilter 02/07: nf_conntrack: fix confirmation race condition Patrick McHardy
2009-06-22 12:53 ` netfilter 03/07: nf_conntrack: fix conntrack lookup race Patrick McHardy
2009-06-22 12:53 ` netfilter 04/07: fix some sparse endianess warnings Patrick McHardy
2009-06-22 12:53 ` netfilter 05/07: nf_log: fix direct userspace memory access in proc handler Patrick McHardy
2009-06-22 12:53 ` netfilter 06/07: xt_quota: fix incomplete initialization Patrick McHardy
2009-06-22 12:53 ` netfilter 07/07: xt_rateest: fix comparison with self Patrick McHardy
2009-06-22 22:56 ` netfilter 00/07: netfilter fixes David Miller
-- strict thread matches above, loose matches on Subject: below --
2008-10-20 9:54 Patrick McHardy
2008-10-20 10:35 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090622125349.6531.35515.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.