From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 0/4] Netfilter/IPVS fixes for net
Date: Thu, 19 Feb 2015 19:19:16 +0100 [thread overview]
Message-ID: <1424369960-10988-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains updates for your net tree, they are:
1) Fix removal of destination in IPVS when the new mixed family support
is used, from Alexey Andriyanov via Simon Horman.
2) Fix module refcount undeflow in nft_compat when reusing a match /
target.
3) Fix iptables-restore when the recent match is used with a new hitcount
that exceeds threshold, from Florian Westphal.
4) Fix stack corruption in xt_socket due to using stack storage to save
the inner IPv6 header, from Eric Dumazet.
I'll follow up soon with another batch with more fixes that are still
cooking.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Thanks!
----------------------------------------------------------------
The following changes since commit 42b5212fee4f57907e9415b18fe19c13e65574bc:
xen-netback: stop the guest rx thread after a fatal error (2015-02-02 19:39:04 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
for you to fetch changes up to 78296c97ca1fd3b104f12e1f1fbc06c46635990b:
netfilter: xt_socket: fix a stack corruption bug (2015-02-16 17:00:48 +0100)
----------------------------------------------------------------
Alexey Andriyanov (1):
ipvs: fix inability to remove a mixed-family RS
Eric Dumazet (1):
netfilter: xt_socket: fix a stack corruption bug
Florian Westphal (1):
netfilter: xt_recent: don't reject rule if new hitcount exceeds table max
Pablo Neira Ayuso (1):
netfilter: nft_compat: fix module refcount underflow
net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
net/netfilter/nft_compat.c | 12 ++++++++++--
net/netfilter/xt_recent.c | 11 +++++------
net/netfilter/xt_socket.c | 21 ++++++++++++---------
4 files changed, 28 insertions(+), 18 deletions(-)
next reply other threads:[~2015-02-19 18:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-19 18:19 Pablo Neira Ayuso [this message]
2015-02-19 18:19 ` [PATCH 1/4] ipvs: fix inability to remove a mixed-family RS Pablo Neira Ayuso
2015-02-19 18:19 ` [PATCH 2/4] netfilter: nft_compat: fix module refcount underflow Pablo Neira Ayuso
2015-02-19 18:19 ` [PATCH 3/4] netfilter: xt_recent: don't reject rule if new hitcount exceeds table max Pablo Neira Ayuso
2015-02-19 18:19 ` [PATCH 4/4] netfilter: xt_socket: fix a stack corruption bug Pablo Neira Ayuso
2015-02-20 22:36 ` [PATCH 0/4] Netfilter/IPVS fixes for net David Miller
-- strict thread matches above, loose matches on Subject: below --
2019-06-28 17:41 Pablo Neira Ayuso
2019-06-28 20:36 ` David Miller
2015-01-31 20:55 Pablo Neira Ayuso
2015-02-03 3:31 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1424369960-10988-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).