From: David S. Miller <davem@davemloft.net>
Date: Thu, 24 Aug 2017 18:49:19 +0000 (-0700)
Subject: Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
X-Git-Tag: v4.13~9^2~45
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=af57d2b720252baca5421ec58628da626e1862dc;p=linux.git

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for your net tree,
they are:

1) Fix use after free of struct proc_dir_entry in ipt_CLUSTERIP, patch
   from Sabrina Dubroca.

2) Fix spurious EINVAL errors from iptables over nft compatibility layer.

3) Reload pointer to ip header only if there is non-terminal verdict,
   ie. XT_CONTINUE, otherwise invalid memory access may happen, patch
   from Taehee Yoo.

4) Fix interaction between SYNPROXY and NAT, SYNPROXY adds sequence
   adjustment already, however from nf_nat_setup() assumes there's not.
   Patch from Xin Long.

5) Fix burst arithmetics in nft_limit as Joe Stringer mentioned during
   NFWS in Faro. Patch from Andy Zhou.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
---

af57d2b720252baca5421ec58628da626e1862dc