Mailing List Archive: iptables: Devel

[NETFILTER 00/03]: Netfilter fixes

Index | Next | Previous | View Threaded

kaber at trash

Jan 24, 2007, 4:21 PM

Post #1 of 8 (1393 views)
Permalink

[NETFILTER 00/03]: Netfilter fixes

Hi Dave,

following are three netfilter fixes for 2.6.20, fixing a problem with ICMP
translation in the new nf_nat code and two bugs in the new PPTP helper port
breaking NAT of PPTP connections.

Please apply, thanks.

net/ipv4/netfilter/Makefile | 20 ++++++++++----------
net/ipv4/netfilter/nf_nat_pptp.c | 4 ++--
net/netfilter/nf_conntrack_pptp.c | 2 +-
3 files changed, 13 insertions(+), 13 deletions(-)

Patrick McHardy:
[NETFILTER]: nf_nat: fix ICMP translation with statically linked conntrack
[NETFILTER]: nf_nat_pptp: fix expectation removal
[NETFILTER]: nf_conntrack_pptp: fix NAT setup of expected GRE connections

davem at davemloft

Jan 26, 2007, 1:08 AM

Post #2 of 8 (1348 views)
Permalink

Re: [NETFILTER 00/03]: Netfilter fixes [In reply to]

From: Patrick McHardy <kaber [at] trash>
Date: Thu, 25 Jan 2007 01:21:56 +0100 (MET)

> following are three netfilter fixes for 2.6.20, fixing a problem with ICMP
> translation in the new nf_nat code and two bugs in the new PPTP helper port
> breaking NAT of PPTP connections.
>
> Please apply, thanks.

All applied, thanks a lot Patrick.

mysql.jorge at decimal

Jan 26, 2007, 6:50 AM

Post #3 of 8 (1340 views)
Permalink

Re: [NETFILTER 00/03]: Netfilter fixes [In reply to]

David,
I have kernel 2.6.20-rc6 and i can't make pptp connections, only 2.6.20-rc5
with the patch patrick provided me.
In wich version did you apply this?

Jorge

----- Original Message -----
From: "David Miller" <davem [at] davemloft>
To: <kaber [at] trash>
Cc: <netfilter-devel [at] lists>
Sent: Friday, January 26, 2007 9:08 AM
Subject: Re: [NETFILTER 00/03]: Netfilter fixes

> From: Patrick McHardy <kaber [at] trash>
> Date: Thu, 25 Jan 2007 01:21:56 +0100 (MET)
>
>> following are three netfilter fixes for 2.6.20, fixing a problem with
>> ICMP
>> translation in the new nf_nat code and two bugs in the new PPTP helper
>> port
>> breaking NAT of PPTP connections.
>>
>> Please apply, thanks.
>
> All applied, thanks a lot Patrick.
>
>

kaber at trash

Jan 30, 2007, 10:16 AM

Post #4 of 8 (1328 views)
Permalink

[NETFILTER 00/03]: Netfilter fixes [In reply to]

Hi Dave,

following are a few more netfilter fixes for 2.6.20, fixing a division
by zero in the connbytes match (I will pass this one on to -stable as
well) and two problems with the SIP conntrack helper.

Please apply, thanks.

net/ipv4/netfilter/ip_conntrack_sip.c | 10 ++++++++--
net/netfilter/nf_conntrack_sip.c | 10 ++++++++--
net/netfilter/xt_connbytes.c | 29 ++++++++++++-----------------
3 files changed, 28 insertions(+), 21 deletions(-)

Lars Immisch:
[NETFILTER]: SIP conntrack: fix skipping over user info in SIP headers

Patrick McHardy:
[NETFILTER]: xt_connbytes: fix division by zero
[NETFILTER]: SIP conntrack: fix out of bounds memory access

davem at davemloft

Jan 30, 2007, 2:25 PM

Post #5 of 8 (1351 views)
Permalink

Re: [NETFILTER 00/03]: Netfilter fixes [In reply to]

From: Patrick McHardy <kaber [at] trash>
Date: Tue, 30 Jan 2007 19:16:27 +0100 (MET)

> Hi Dave,
>
> following are a few more netfilter fixes for 2.6.20, fixing a division
> by zero in the connbytes match (I will pass this one on to -stable as
> well) and two problems with the SIP conntrack helper.
>
> Please apply, thanks.

I sucked these all in, please push that one to -stable, thanks.

davem at davemloft

Mar 6, 2007, 8:25 PM

Post #6 of 8 (1270 views)
Permalink

Re: [NETFILTER 00/03]: Netfilter fixes [In reply to]

From: Patrick McHardy <kaber [at] trash>
Date: Tue, 6 Mar 2007 08:44:01 +0100 (MET)

> Hi Dave,
>
> following are three more patches for some nasty netfilter bugs, fixing incorrect
> conntrack classification of IPv6 fragments, a crash in nfnetlink_log with briding
> and a missing terminating zero-byte in the nfnetlink_log prefix message.
>
> Please apply, thanks.

All 3 patches applied, thank you.

davem at davemloft

Aug 7, 2007, 6:12 PM

Post #7 of 8 (1138 views)
Permalink

Re: [NETFILTER 00/03]: Netfilter fixes [In reply to]

From: Patrick McHardy <kaber [at] trash>
Date: Mon, 6 Aug 2007 15:29:03 +0200 (MEST)

> these patches fix a few netfilter bugs: failure to load IPv4 connection tracking
> when loading the NAT module, an invalid return code in ctnetlink and a possible
> NULL pointer dereference in ipt_recent. I'll pass the NULL pointer fix to
> -stable once its upstream.
>
> Please apply, thanks.

Applied, thanks Patrick.

I really wish those dependencies could be worked out in a nicer
way than calling NULL functions in the needed module.

kaber at trash

Aug 8, 2007, 6:58 AM

Post #8 of 8 (1141 views)
Permalink

Re: [NETFILTER 00/03]: Netfilter fixes [In reply to]

David Miller wrote:
> From: Patrick McHardy <kaber [at] trash>
> Date: Mon, 6 Aug 2007 15:29:03 +0200 (MEST)
>
>
>> these patches fix a few netfilter bugs: failure to load IPv4 connection tracking
>> when loading the NAT module, an invalid return code in ctnetlink and a possible
>> NULL pointer dereference in ipt_recent. I'll pass the NULL pointer fix to
>> -stable once its upstream.
>>
>> Please apply, thanks.
>>
>
> Applied, thanks Patrick.
>
> I really wish those dependencies could be worked out in a nicer
> way than calling NULL functions in the needed module.
>

Its not very pretty, I agree. In this case we could have used
indirect dependencies and request_module, but I actually prefer
the symbol dependency because its visible in lsmod, which makes
it easier to figure out what needs to be unloaded first to
remove a module.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads