diff options
| author | David S. Miller <davem@davemloft.net> | 2014-10-28 01:47:40 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-10-28 01:47:40 +0300 |
| commit | 5d26b1f50a610fb28700cdc3446590495a5f607c (patch) | |
| tree | f937c9e7f4d0eabeed93dce93a21020c1fb164e5 /net/Kconfig | |
| parent | 93a35f59f1b13a02674877e3efdf07ae47e34052 (diff) | |
| parent | 7965ee93719921ea5978f331da653dfa2d7b99f5 (diff) | |
| download | linux-5d26b1f50a610fb28700cdc3446590495a5f607c.tar.xz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Allow to recycle a TCP port in conntrack when the change role from
server to client, from Marcelo Leitner.
2) Fix possible off by one access in ip_set_nfnl_get_byindex(), patch
from Dan Carpenter.
3) alloc_percpu returns NULL on error, no need for IS_ERR() in nf_tables
chain statistic updates. From Sabrina Dubroca.
4) Don't compile ip options in bridge netfilter, this mangles the packet
and bridge should not alter layer >= 3 headers when forwarding packets.
Patch from Herbert Xu and tested by Florian Westphal.
5) Account the final NLMSG_DONE message when calculating the size of the
nflog netlink batches. Patch from Florian Westphal.
6) Fix a possible netlink attribute length overflow with large packets.
Again from Florian Westphal.
7) Release the skbuff if nfnetlink_log fails to put the final
NLMSG_DONE message. This fixes a leak on error. This shouldn't ever
happen though, otherwise this means we miscalculate the netlink batch
size, so spot a warning if this ever happens so we can track down the
problem. This patch from Houcheng Lin.
8) Look at the right list when recycling targets in the nft_compat,
patch from Arturo Borrero.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/Kconfig')
0 files changed, 0 insertions, 0 deletions