Netdev Archive on lore.kernel.org
 help / Atom feed
* [PATCH 0/2] Netfilter fixes for net
@ 2019-02-11 16:53 Pablo Neira Ayuso
  2019-02-11 16:53 ` [PATCH 1/2] netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs Pablo Neira Ayuso
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2019-02-11 16:53 UTC (permalink / raw)
  To: netfilter-devel; +Cc: davem, netdev

Hi David,

The following patchset contains Netfilter fixes for net:

1) Out-of-bound access to packet data from the snmp nat helper,
   from Jann Horn.

2) ICMP(v6) error packets are set as related traffic by conntrack,
   update protocol number before calling nf_nat_ipv4_manip_pkt()
   to use ICMP(v6) rather than the original protocol number,
   from Florian Westphal.

You can pull these changes from:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git

Thanks!

----------------------------------------------------------------

The following changes since commit 31b58ad0c3279817cd246eab27eaf53b626dfcde:

  Merge branch 'r8169-revert-two-commits-due-to-a-regression' (2019-02-10 12:54:49 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD

for you to fetch changes up to 8303b7e8f018724a2cd7752eb29c2801fa8c4067:

  netfilter: nat: fix spurious connection timeouts (2019-02-11 17:43:17 +0100)

----------------------------------------------------------------
Florian Westphal (1):
      netfilter: nat: fix spurious connection timeouts

Jann Horn (1):
      netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs

 net/ipv4/netfilter/nf_nat_l3proto_ipv4.c    | 1 +
 net/ipv4/netfilter/nf_nat_snmp_basic_main.c | 7 ++++++-
 net/ipv6/netfilter/nf_nat_l3proto_ipv6.c    | 1 +
 3 files changed, 8 insertions(+), 1 deletion(-)

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-11 16:53 [PATCH 0/2] Netfilter fixes for net Pablo Neira Ayuso
2019-02-11 16:53 ` [PATCH 1/2] netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs Pablo Neira Ayuso
2019-02-11 16:53 ` [PATCH 2/2] netfilter: nat: fix spurious connection timeouts Pablo Neira Ayuso
2019-02-11 18:43 ` [PATCH 0/2] Netfilter fixes for net David Miller

Netdev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git
	git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \
		netdev@vger.kernel.org netdev@archiver.kernel.org
	public-inbox-index netdev


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netdev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox