Message ID | 1422737711-5169-1-git-send-email-pablo@netfilter.org |
---|---|
State | Awaiting Upstream |
Delegated to: | Pablo Neira |
Headers | show |
From: Pablo Neira Ayuso <pablo@netfilter.org> Date: Sat, 31 Jan 2015 21:55:07 +0100 > The following patchset contains Netfilter/IPVS fixes for your net tree, > they are: > > 1) Validate hooks for nf_tables NAT expressions, otherwise users can > crash the kernel when using them from the wrong hook. We already > got one user trapped on this when configuring masquerading. > > 2) Fix a BUG splat in nf_tables with CONFIG_DEBUG_PREEMPT=y. Reported > by Andreas Schultz. > > 3) Avoid unnecessary reroute of traffic in the local input path > in IPVS that triggers a crash in in xfrm. Reported by Florian > Wiessner and fixes by Julian Anastasov. > > 4) Fix memory and module refcount leak from the error path of > nf_tables_newchain(). Pulled, thanks Pablo. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html