netfilter: bridge: prevent UAF in brnf_exit_net() [Linux 5.3]

This Linux kernel change "netfilter: bridge: prevent UAF in brnf_exit_net()" is included in the Linux 5.3 release. This change is authored by Christian Brauner <christian [at] brauner.io> on Wed Jun 19 19:05:47 2019 +0200. The commit for this change in Linux stable tree is 7e6daf5 (patch). netfilter: bridge: prevent UAF in brnf_exit_net() Prevent a UAF […]

netfilter: synproxy: use nf_cookie_v6_check() from core [Linux 5.3]

This Linux kernel change "netfilter: synproxy: use nf_cookie_v6_check() from core" is included in the Linux 5.3 release. This change is authored by Pablo Neira Ayuso <pablo [at] netfilter.org> on Wed Jun 19 18:30:37 2019 +0200. The commit for this change in Linux stable tree is 22f2efd (patch). netfilter: synproxy: use nf_cookie_v6_check() from core This helper […]

netfilter: synproxy: fix building syncookie calls [Linux 5.3]

This Linux kernel change "netfilter: synproxy: fix building syncookie calls" is included in the Linux 5.3 release. This change is authored by Arnd Bergmann <arnd [at] arndb.de> on Wed Jun 19 14:54:36 2019 +0200. The commit for this change in Linux stable tree is 8527fa6 (patch). netfilter: synproxy: fix building syncookie calls When either CONFIG_IPV6 […]

netfilter: nf_tables: enable set expiration time for set elements [Linux 5.3]

This Linux kernel change "netfilter: nf_tables: enable set expiration time for set elements" is included in the Linux 5.3 release. This change is authored by Laura Garcia Liebana <nevola [at] gmail.com> on Tue Jun 18 11:11:02 2019 +0200. The commit for this change in Linux stable tree is 79ebb5b (patch). netfilter: nf_tables: enable set expiration […]

netfilter: nft_ct: fix null pointer in ct expectations support [Linux 5.3]

This Linux kernel change "netfilter: nft_ct: fix null pointer in ct expectations support" is included in the Linux 5.3 release. This change is authored by St├ęphane Veyret <sveyret [at] gmail.com> on Wed Jun 19 09:03:14 2019 +0200. The commit for this change in Linux stable tree is 2f0513d (patch). netfilter: nft_ct: fix null pointer in […]

netfilter: synproxy: ensure zero is returned on non-error return path [Linux 5.3]

This Linux kernel change "netfilter: synproxy: ensure zero is returned on non-error return path" is included in the Linux 5.3 release. This change is authored by Colin Ian King <colin.king [at] canonical.com> on Tue Jun 18 15:22:44 2019 +0100. The commit for this change in Linux stable tree is 72c5e11 (patch). netfilter: synproxy: ensure zero […]

netfilter: synproxy: extract SYNPROXY infrastructure from {ipt, ip6t}_SYNPROXY [Linux 5.3]

This Linux kernel change "netfilter: synproxy: extract SYNPROXY infrastructure from {ipt, ip6t}_SYNPROXY" is included in the Linux 5.3 release. This change is authored by Fernando Fernandez Mancera <ffmancera [at] riseup.net> on Fri Jun 7 02:36:07 2019 +0200. The commit for this change in Linux stable tree is d7f9b2f (patch). netfilter: synproxy: extract SYNPROXY infrastructure from […]

netfilter: synproxy: remove module dependency on IPv6 SYNPROXY [Linux 5.3]

This Linux kernel change "netfilter: synproxy: remove module dependency on IPv6 SYNPROXY" is included in the Linux 5.3 release. This change is authored by Fernando Fernandez Mancera <ffmancera [at] riseup.net> on Fri Jun 7 02:36:05 2019 +0200. The commit for this change in Linux stable tree is 3006a52 (patch). netfilter: synproxy: remove module dependency on […]

netfilter: synproxy: add common uapi for SYNPROXY infrastructure [Linux 5.3]

This Linux kernel change "netfilter: synproxy: add common uapi for SYNPROXY infrastructure" is included in the Linux 5.3 release. This change is authored by Fernando Fernandez Mancera <ffmancera [at] riseup.net> on Fri Jun 7 02:36:02 2019 +0200. The commit for this change in Linux stable tree is 5fcc88e (patch). netfilter: synproxy: add common uapi for […]

netfilter: bridge: namespace bridge netfilter sysctls [Linux 5.3]

This Linux kernel change "netfilter: bridge: namespace bridge netfilter sysctls" is included in the Linux 5.3 release. This change is authored by Christian Brauner <christian [at] brauner.io> on Mon Jun 10 23:26:06 2019 +0200. The commit for this change in Linux stable tree is 2256759 (patch). netfilter: bridge: namespace bridge netfilter sysctls Currently, the /proc/sys/net/bridge […]

netfilter: bridge: port sysctls to use brnf_net [Linux 5.3]

This Linux kernel change "netfilter: bridge: port sysctls to use brnf_net" is included in the Linux 5.3 release. This change is authored by Christian Brauner <christian [at] brauner.io> on Mon Jun 10 23:26:05 2019 +0200. The commit for this change in Linux stable tree is ff6d090 (patch). netfilter: bridge: port sysctls to use brnf_net This […]

netfilter: xt_owner: bail out with EINVAL in case of unsupported flags [Linux 5.3]

This Linux kernel change "netfilter: xt_owner: bail out with EINVAL in case of unsupported flags" is included in the Linux 5.3 release. This change is authored by Pablo Neira Ayuso <pablo [at] netfilter.org> on Fri Jun 7 16:37:30 2019 +0200. The commit for this change in Linux stable tree is 9911c11 (patch). netfilter: xt_owner: bail […]

netfilter: conntrack: small conntrack lookup optimization [Linux 5.3]

This Linux kernel change "netfilter: conntrack: small conntrack lookup optimization" is included in the Linux 5.3 release. This change is authored by Florian Westphal <fw [at] strlen.de> on Tue Jun 4 14:14:04 2019 +0200. The commit for this change in Linux stable tree is 87e389b (patch). netfilter: conntrack: small conntrack lookup optimization ____nf_conntrack_find() performs checks […]

netfilter: nft_ct: add ct expectations support [Linux 5.3]

This Linux kernel change "netfilter: nft_ct: add ct expectations support" is included in the Linux 5.3 release. This change is authored by St├ęphane Veyret <sveyret [at] gmail.com> on Sat May 25 15:30:58 2019 +0200. The commit for this change in Linux stable tree is 857b460 (patch). netfilter: nft_ct: add ct expectations support This patch allows […]

netfilter: ipset: Fix error path in set_target_v3_checkentry() [Linux 5.3]

This Linux kernel change "netfilter: ipset: Fix error path in set_target_v3_checkentry()" is included in the Linux 5.3 release. This change is authored by Jozsef Kadlecsik <kadlec [at] blackhole.kfki.hu> on Mon Jun 10 12:58:26 2019 +0200. The commit for this change in Linux stable tree is b1732e1 (patch). netfilter: ipset: Fix error path in set_target_v3_checkentry() Fix […]

netfilter: ipset: Fix the last missing check of nla_parse_deprecated() [Linux 5.3]

This Linux kernel change "netfilter: ipset: Fix the last missing check of nla_parse_deprecated()" is included in the Linux 5.3 release. This change is authored by Jozsef Kadlecsik <kadlec [at] blackhole.kfki.hu> on Mon Jun 10 12:50:00 2019 +0200. The commit for this change in Linux stable tree is 13c6ba1 (patch). netfilter: ipset: Fix the last missing […]

netfilter: ipset: fix a missing check of nla_parse [Linux 5.3]

This Linux kernel change "netfilter: ipset: fix a missing check of nla_parse" is included in the Linux 5.3 release. This change is authored by Aditya Pakki <pakki001 [at] umn.edu> on Mon Jun 10 12:47:37 2019 +0200. The commit for this change in Linux stable tree is f4f5748 (patch). netfilter: ipset: fix a missing check of […]

netfilter: ipset: merge uadd and udel functions [Linux 5.3]

This Linux kernel change "netfilter: ipset: merge uadd and udel functions" is included in the Linux 5.3 release. This change is authored by Florent Fourcot <florent.fourcot [at] wifirst.fr> on Mon Jun 10 12:42:56 2019 +0200. The commit for this change in Linux stable tree is f0cb839 (patch). netfilter: ipset: merge uadd and udel functions Both […]

netfilter: ipset: remove useless memset() calls [Linux 5.3]

This Linux kernel change "netfilter: ipset: remove useless memset() calls" is included in the Linux 5.3 release. This change is authored by Florent Fourcot <florent.fourcot [at] wifirst.fr> on Mon Jun 10 12:28:58 2019 +0200. The commit for this change in Linux stable tree is 24c509b (patch). netfilter: ipset: remove useless memset() calls One of the […]

netfilter: ipv6: Fix undefined symbol nf_ct_frag6_gather [Linux 5.3]

This Linux kernel change "netfilter: ipv6: Fix undefined symbol nf_ct_frag6_gather" is included in the Linux 5.3 release. This change is authored by wenxu <wenxu [at] ucloud.cn> on Sun Jun 2 21:49:26 2019 +0800. The commit for this change in Linux stable tree is 16e6427 (patch). netfilter: ipv6: Fix undefined symbol nf_ct_frag6_gather CONFIG_NETFILTER=m and CONFIG_NF_DEFRAG_IPV6 is […]