Hello!
I would like to write a netfilter module to modify packets going in
and out of my machine (TCP/IP headers, maybe content) after some
analysis of the packet. For this, I wanted to extend nftables with new
matches or targets that control this modification behavior. I've
looked around some, bu
Baozeng Ding reported a KASAN stack out of bounds issue - it uncovered that
the TCP option parsing routines in netfilter TCP connection tracking could
read one byte out of the buffer of the TCP options. Therefore in the patch
we check that the available data length is large enough to parse both TC
Hi Pablo,
Please consider applying the next patch for the stable branches. It fixes
a one byte read after the buffer issue discovered by Baozeng Ding.
The following changes since commit 29421198c3a860092e27c2ad8499dfe603398817:
netfilter: ipv4: fix NULL dereference (2016-03-28 17:59:29 +0200)