Hi Pablo,
> The following patchset contains Netfilter/IPVS updates for your net-next
> tree. This batch comes with more input sanitization for xtables to
> address bug reports from fuzzers, preparation works to the flowtable
> infrastructure and assorted updates. In no particular order, they are:
On Fri, Mar 30, 2018 at 11:50:33AM +0200, Pablo Neira Ayuso wrote:
>
> On Wed, Mar 21, 2018 at 03:42:14PM +1300, Bernie Harris wrote:
> > The xt_string module uses skb_find_text to match a pattern
> > against packet data. The current behaviour is that the offsets
> > are used as the range in which
Pablo Neira Ayuso wrote:
> On Sun, Apr 01, 2018 at 12:47:47AM +0200, Florian Westphal wrote:
> > this makes following failing test case work:
> > ip6 dscp vmap { 0x04, ..
> >
> > problem was that the 6bit dscp value spans a byte boundary,
> > so payload postprocessing increases the size to a 2
