From: David S. Miller Date: Wed, 10 Aug 2016 21:54:27 +0000 (-0700) Subject: Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf X-Git-Tag: v4.9.8~1493^2~28 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=293fddff20cd6d1adf2bd59cda1f5b5e7199104a;p=platform%2Fkernel%2Flinux-rpi3.git Merge git://git./pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for your net tree, they are: 1) Use mod_timer_pending() to avoid reactivating a dead expectation in the h323 conntrack helper, from Liping Zhang. 2) Oneliner to fix a type in the register name defined in the nf_tables header. 3) Don't try to look further when we find an inactive elements with no descendants in the rbtree set implementation, otherwise we crash. 4) Handle valid zero CSeq in the SIP conntrack helper, from Christophe Leroy. 5) Don't display a trailing slash in conntrack helper with no classes via /proc/net/nf_conntrack_expect, from Liping Zhang. 6) Fix an expectation leak during creation from the nfqueue path, again from Liping Zhang. 7) Validate netlink port ID in verdict message from nfqueue, otherwise an injection can be possible. Again from Zhang. 8) Reject conntrack tuples with different transport protocol on original and reply tuples, also from Zhang. 9) Validate offset and length in nft_exthdr, make sure they are under sizeof(u8), from Laura Garcia Liebana. ==================== Signed-off-by: David S. Miller --- 293fddff20cd6d1adf2bd59cda1f5b5e7199104a