Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
disable_test.patch | disable test which cannot be run stand-alone The 'test_filter' test requires an external source of CT events and blocks till these arrive. |
Jeremy Sowden <jeremy@azazel.net> | not-needed | 2022-04-09 | ||
l4proto_map_length_fix.patch | increase the length of `l4proto_map` . With addition of MPTCP `IPPROTO_MAX` is greater than 256, so the array needs to be extended to account for the new upper bound. |
Jeremy Sowden <jeremy@azazel.net> | yes | 2022-12-23 | ||
big-endian_bpf_fix.patch | fix BPF code for filtering on big-endian architectures. . The BPF for checking the subsystem ID looks for it in the righthand byte of `nlh->nlmsg_type`. However, it will only be there on little-endian archi- tectures. The result is that on big-endian architectures the subsystem ID doesn't match, all packets are immediately accepted, and all filters are ignored. |
Jeremy Sowden <jeremy@azazel.net> | yes | 2022-12-23 | ||
ipv6-address-filter-bpf-fix.patch | fix BPF for filtering IPv6 addresses . Each address in the filter is matched one 32-bit word at a time. If any of the first three words don't match, we jump to the end of the filter. If the last word does match, we jump to the end of the filter. However, this is not right: it means that if any of the first three words of an address don't match, all subsequent addresses will be skipped. Instead, jump to the next address. |
Jeremy Sowden <jeremy@azazel.net> | yes | debian upstream | 2023-09-03 |