Re: Request for -stable inclusion (xt_TCPMSS)

[David Miller]

From: Guillaume Nault 
Date: Fri, 16 Jun 2017 09:45:17 +0200

> Hi David,
> 
> Please queue 2638fd0f92d4 ("netfilter: xt_TCPMSS: add more sanity tests on 
> tcph->doff")
> for -stable.
> It fixes hard to debug crashes in production, that can be triggered by
> remote peers.

Pablo handles netfilter -stable submissions, so please ask him.

Thank you.

Re: Request for -stable inclusion (xt_TCPMSS)

[Guillaume Nault]

On Fri, Jun 16, 2017 at 11:59:12AM +0200, Pablo Neira Ayuso wrote:
> Hi Guillaume,
> 
> On Fri, Jun 16, 2017 at 09:45:17AM +0200, Guillaume Nault wrote:
> > Hi David,
> > 
> > Please queue 2638fd0f92d4 ("netfilter: xt_TCPMSS: add more sanity tests on 
> > tcph->doff")
> > for -stable.
> > It fixes hard to debug crashes in production, that can be triggered by
> > remote peers.
> 
> What stable kernels you want this in? Does this apply cleanly to them
> all?
> 
I need it (and reviewed/tested it) for 4.9. But the patch applies
cleanly and looks necessary for all stable versions >= 3.16 (not
tested though).

> I can route this for you directly to sta...@vger.kernel.org once we
> sort out these questions.
> 
> Thanks!
Great, thanks Pablo. But do you mean I should have Cc-ed
sta...@vger.kernel.org directly?

Re: Request for -stable inclusion (xt_TCPMSS)

[Pablo Neira Ayuso]

Hi Guillaume,

On Fri, Jun 16, 2017 at 09:45:17AM +0200, Guillaume Nault wrote:
> Hi David,
> 
> Please queue 2638fd0f92d4 ("netfilter: xt_TCPMSS: add more sanity tests on 
> tcph->doff")
> for -stable.
> It fixes hard to debug crashes in production, that can be triggered by
> remote peers.

What stable kernels you want this in? Does this apply cleanly to them
all?

I can route this for you directly to sta...@vger.kernel.org once we
sort out these questions.

Thanks!