Re: [PATCH 3.19 176/177] netfilter: x_tables: fix cgroup matching on non-full sks

From: Pablo Neira Ayuso
Date: Mon May 04 2015 - 04:42:45 EST


On Sun, May 03, 2015 at 11:20:26PM +0200, Daniel Borkmann wrote:
> >>In order to fix it, you also need to add:
> >>
> >> From 1d0ab253872cdd3d8e7913f59c266c7fd01771d0 Mon Sep 17 00:00:00 2001
> >>From: Eric Dumazet <edumazet@xxxxxxxxxx>
> >>Date: Sun, 15 Mar 2015 21:12:12 -0700
> >>Subject: [PATCH] net: add sk_fullsock() helper
> >>
> >>which in turn needs this one:
> >>
> >> From 10feb428a5045d5eb18a5d755fbb8f0cc9645626 Mon Sep 17 00:00:00 2001
> >>From: Eric Dumazet <edumazet@xxxxxxxxxx>
> >>Date: Thu, 12 Mar 2015 16:44:04 -0700
> >>Subject: [PATCH] inet: add TCP_NEW_SYN_RECV state
> >
> >I've just dropped the patch, thanks for letting me know, odd that my
> >build tests missed it.
>
> If you're nevertheless interested in this fix, you could use this version,
> which should apply/build just fine:
>
> http://patchwork.ozlabs.org/patch/455546/
>
> I believe Pablo usually sends netfilter patches in bundles to you.

Yes, I keep an internal queue netfilter patches that I consider
important to go to -stable.

I think it's better if anyone willing to get some netfilter related
patch into -stable just point that to me so I take care of it. At
least that should add one extra filter step to make sure things don't
break in this process.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/