lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 10 Apr 2012 14:48:56 +0200
From:	pablo@...filter.org
To:	netfilter-devel@...r.kernel.org
Cc:	davem@...emloft.net, netdev@...r.kernel.org
Subject: [PATCH 0/5] netfilter fixes for 3.4-rc2

From: Pablo Neira Ayuso <pablo@...filter.org>

Hi David,

The following patchset includes netfilter fixes for 3.4-rc2, they are:

* A couple of fixes for the IPv4 connection tracker from Jozsef. One
  to behave consistently with IPv6 and to follow the conntrack policy
  (ie. don't drop, the user controls what to do by dropping invalid
  packet via iptables). The other one checks for invalid IPv4 ihl
  values that go further the packet boundary.

* Fix missing ip6t_ext_hdr symbol if ip6tables is compiled xt_LOG
  is compiled built-in and ip6tables as module by myself.

* One fix for the error path of nf_conntrack_init_net introduced by
  the recently added nf_conntrack_timeout infrastructure from Gao Feng.

* We don't want to scale the window twice for picked up connection in
  the nf_ct_tcp code, from Changli Gao.

You can pull changes these from:

git://1984.lsi.us.es/net master

Changli Gao (1):
  netfilter: nf_ct_tcp: don't scale the size of the window up twice

Gao feng (1):
  netfilter: nf_conntrack: fix incorrect logic in nf_conntrack_init_net

Jozsef Kadlecsik (2):
  netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently
  netfilter: nf_ct_ipv4: packets with wrong ihl are invalid

Pablo Neira Ayuso (1):
  netfilter: ip6_tables: ip6t_ext_hdr is now static inline

 include/linux/netfilter_ipv6/ip6_tables.h      |   12 +++++++++++-
 net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c |   12 ++++++++++--
 net/ipv6/netfilter/ip6_tables.c                |   14 --------------
 net/netfilter/nf_conntrack_core.c              |    2 +-
 net/netfilter/nf_conntrack_proto_tcp.c         |    4 ++--
 5 files changed, 24 insertions(+), 20 deletions(-)

-- 
1.7.2.5

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ