summaryrefslogtreecommitdiff
path: root/net/ipv4/ip_output.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2014-10-20 11:57:47 -0400
committerDavid S. Miller <davem@davemloft.net>2014-10-20 11:57:47 -0400
commitce8ec4896749783bd6cdc457e6012cfc18e09c8b (patch)
tree3d58d88f4e4030ddf0f926ac2ef52c3ee2c9f65a /net/ipv4/ip_output.c
parent95ff88688781db2f64042e69bd499e518bbb36e5 (diff)
parent1e2d56a5d33a7e1fcd21ed3859f52596d02708b0 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== netfilter fixes for net The following patchset contains netfilter fixes for your net tree, they are: 1) Fix missing MODULE_LICENSE() in the new nf_reject_ipv{4,6} modules. 2) Restrict nat and masq expressions to the nat chain type. Otherwise, users may crash their kernel if they attach a nat/masq rule to a non nat chain. 3) Fix hook validation in nft_compat when non-base chains are used. Basically, initialize hook_mask to zero. 4) Make sure you use match/targets in nft_compat from the right chain type. The existing validation relies on the table name which can be avoided by 5) Better netlink attribute validation in nft_nat. This expression has to reject the configuration when no address and proto configurations are specified. 6) Interpret NFTA_NAT_REG_*_MAX if only if NFTA_NAT_REG_*_MIN is set. Yet another sanity check to reject incorrect configurations from userspace. 7) Conditional NAT attribute dumping depending on the existing configuration. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ip_output.c')
0 files changed, 0 insertions, 0 deletions