From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/5] netfilter fixes for 3.4-rc2
Date: Tue, 10 Apr 2012 14:48:56 +0200 [thread overview]
Message-ID: <1334062141-3962-1-git-send-email-pablo@netfilter.org> (raw)
From: Pablo Neira Ayuso <pablo@netfilter.org>
Hi David,
The following patchset includes netfilter fixes for 3.4-rc2, they are:
* A couple of fixes for the IPv4 connection tracker from Jozsef. One
to behave consistently with IPv6 and to follow the conntrack policy
(ie. don't drop, the user controls what to do by dropping invalid
packet via iptables). The other one checks for invalid IPv4 ihl
values that go further the packet boundary.
* Fix missing ip6t_ext_hdr symbol if ip6tables is compiled xt_LOG
is compiled built-in and ip6tables as module by myself.
* One fix for the error path of nf_conntrack_init_net introduced by
the recently added nf_conntrack_timeout infrastructure from Gao Feng.
* We don't want to scale the window twice for picked up connection in
the nf_ct_tcp code, from Changli Gao.
You can pull changes these from:
git://1984.lsi.us.es/net master
Changli Gao (1):
netfilter: nf_ct_tcp: don't scale the size of the window up twice
Gao feng (1):
netfilter: nf_conntrack: fix incorrect logic in nf_conntrack_init_net
Jozsef Kadlecsik (2):
netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently
netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
Pablo Neira Ayuso (1):
netfilter: ip6_tables: ip6t_ext_hdr is now static inline
include/linux/netfilter_ipv6/ip6_tables.h | 12 +++++++++++-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 12 ++++++++++--
net/ipv6/netfilter/ip6_tables.c | 14 --------------
net/netfilter/nf_conntrack_core.c | 2 +-
net/netfilter/nf_conntrack_proto_tcp.c | 4 ++--
5 files changed, 24 insertions(+), 20 deletions(-)
--
1.7.2.5
next reply other threads:[~2012-04-10 12:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-10 12:48 pablo [this message]
2012-04-10 12:48 ` [PATCH 1/5] netfilter: nf_ct_tcp: don't scale the size of the window up twice pablo
2012-04-10 12:48 ` [PATCH 2/5] netfilter: ip6_tables: ip6t_ext_hdr is now static inline pablo
2012-04-10 12:48 ` [PATCH 3/5] netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently pablo
2012-04-10 12:49 ` [PATCH 4/5] netfilter: nf_ct_ipv4: packets with wrong ihl are invalid pablo
2012-04-10 12:49 ` [PATCH 5/5] netfilter: nf_conntrack: fix incorrect logic in nf_conntrack_init_net pablo
2012-04-10 18:43 ` [PATCH 0/5] netfilter fixes for 3.4-rc2 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1334062141-3962-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).