From: David S. Miller <davem@davemloft.net>
Date: Mon, 20 Oct 2014 15:57:47 +0000 (-0400)
Subject: Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
X-Git-Tag: v3.18-rc3~17^2~58
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=ce8ec4896749783bd6cdc457e6012cfc18e09c8b;p=~emulex%2Finfiniband.git

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
netfilter fixes for net

The following patchset contains netfilter fixes for your net tree,
they are:

1) Fix missing MODULE_LICENSE() in the new nf_reject_ipv{4,6} modules.

2) Restrict nat and masq expressions to the nat chain type. Otherwise,
   users may crash their kernel if they attach a nat/masq rule to a non
   nat chain.

3) Fix hook validation in nft_compat when non-base chains are used.
   Basically, initialize hook_mask to zero.

4) Make sure you use match/targets in nft_compat from the right chain
   type. The existing validation relies on the table name which can be
   avoided by

5) Better netlink attribute validation in nft_nat. This expression has
   to reject the configuration when no address and proto configurations
   are specified.

6) Interpret NFTA_NAT_REG_*_MAX if only if NFTA_NAT_REG_*_MIN is set.
   Yet another sanity check to reject incorrect configurations from
   userspace.

7) Conditional NAT attribute dumping depending on the existing
   configuration.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
---

ce8ec4896749783bd6cdc457e6012cfc18e09c8b