forked from mirrors/linux
a08ce73ba0
Pablo Neira Ayuso says:
====================
Netfilter/IPVS fixes for net
The following patchset contains Netfilter/IPVS fixes for your net tree:
1) Reject non-null terminated helper names from xt_CT, from Gao Feng.
2) Fix KASAN splat due to out-of-bound access from commit phase, from
Alexey Kodanev.
3) Missing conntrack hook registration on IPVS FTP helper, from Julian
Anastasov.
4) Incorrect skbuff allocation size in bridge nft_reject, from Taehee Yoo.
5) Fix inverted check on packet xmit to non-local addresses, also from
Julian.
6) Fix ebtables alignment compat problems, from Alin Nastac.
7) Hook mask checks are not correct in xt_set, from Serhey Popovych.
8) Fix timeout listing of element in ipsets, from Jozsef.
9) Cap maximum timeout value in ipset, also from Jozsef.
10) Don't allow family option for hash:mac sets, from Florent Fourcot.
11) Restrict ebtables to work with NFPROTO_BRIDGE targets only, this
Florian.
12) Another bug reported by KASAN in the rbtree set backend, from
Taehee Yoo.
13) Missing __IPS_MAX_BIT update doesn't include IPS_OFFLOAD_BIT.
From Gao Feng.
14) Missing initialization of match/target in ebtables, from Florian
Westphal.
15) Remove useless nft_dup.h file in include path, from C. Labbe.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|---|---|---|
| .. | ||
| ipset | ||
| nf_conntrack_amanda.h | ||
| nf_conntrack_common.h | ||
| nf_conntrack_dccp.h | ||
| nf_conntrack_ftp.h | ||
| nf_conntrack_h323.h | ||
| nf_conntrack_h323_asn1.h | ||
| nf_conntrack_h323_types.h | ||
| nf_conntrack_irc.h | ||
| nf_conntrack_pptp.h | ||
| nf_conntrack_proto_gre.h | ||
| nf_conntrack_sane.h | ||
| nf_conntrack_sctp.h | ||
| nf_conntrack_sip.h | ||
| nf_conntrack_snmp.h | ||
| nf_conntrack_tcp.h | ||
| nf_conntrack_tftp.h | ||
| nf_conntrack_zones_common.h | ||
| nf_osf.h | ||
| nfnetlink.h | ||
| nfnetlink_acct.h | ||
| x_tables.h | ||
| xt_hashlimit.h | ||
| xt_physdev.h | ||