mbox

[GIT,PULL,0/1] IPVS Fixes for v4.12

Message ID 1494236923-8015-1-git-send-email-horms@verge.net.au
State Accepted
Delegated to: Pablo Neira
Headers show

Pull-request

http://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes-for-v4.12

Message

Simon Horman May 8, 2017, 9:48 a.m. UTC 
Hi Pablo,

please consider this fix to IPVS for v4.12.

* It is a fix from Julian Anastasov to only SNAT SNAT packet replies only for
  NATed connections


My understanding is that this fix is appropriate for 4.9.25, 4.10.13, 4.11
as well as the nf tree. Julian has separately posted backports for other
-stable kernels; please see:

* [PATCH 3.2.88,3.4.113 -stable 1/3] ipvs: SNAT packet replies only for
        NATed connections
* [PATCH 3.10.105,3.12.73,3.16.43,4.1.39 -stable 2/3] ipvs: SNAT packet
        replies only for NATed connections 
* [PATCH 4.4.65 -stable 3/3] ipvs: SNAT packet replies only for NATed
        connections


The following changes since commit f411af6822182f84834c4881b825dd40534e7fe8:

  Merge branch 'ibmvnic-Updated-reset-handler-andcode-fixes' (2017-05-03 11:33:06 -0400)

are available in the git repository at:

  http://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes-for-v4.12

for you to fetch changes up to 3c5ab3f395d66a9e4e937fcfdf6ebc63894f028b:

  ipvs: SNAT packet replies only for NATed connections (2017-05-08 11:38:35 +0200)

----------------------------------------------------------------
Julian Anastasov (1):
      ipvs: SNAT packet replies only for NATed connections

 net/netfilter/ipvs/ip_vs_core.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Pablo Neira Ayuso May 15, 2017, 4:45 p.m. UTC | #1 
On Mon, May 08, 2017 at 11:48:42AM +0200, Simon Horman wrote:
> Hi Pablo,
> 
> please consider this fix to IPVS for v4.12.
> 
> * It is a fix from Julian Anastasov to only SNAT SNAT packet replies only for
>   NATed connections
> 
> 
> My understanding is that this fix is appropriate for 4.9.25, 4.10.13, 4.11
> as well as the nf tree. Julian has separately posted backports for other
> -stable kernels; please see:
> 
> * [PATCH 3.2.88,3.4.113 -stable 1/3] ipvs: SNAT packet replies only for
>         NATed connections
> * [PATCH 3.10.105,3.12.73,3.16.43,4.1.39 -stable 2/3] ipvs: SNAT packet
>         replies only for NATed connections 
> * [PATCH 4.4.65 -stable 3/3] ipvs: SNAT packet replies only for NATed
>         connections

Pulled, thanks.

Please, resubmit your stable backport patches once this patch hits
Linus' linux.git tree, Cc: stable@lists.kernel.org, I'll be glad to
ack them.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html