diff -aurp open-iscsi-2.0-872-rc4-bnx2i/usr/io.c open-iscsi-2.0-872-rc4-bnx2i.fix/usr/io.c
--- open-iscsi-2.0-872-rc4-bnx2i/usr/io.c	2011-04-02 01:40:02.000000000 -0500
+++ open-iscsi-2.0-872-rc4-bnx2i.fix/usr/io.c	2011-04-02 05:23:15.000000000 -0500
@@ -296,6 +296,9 @@ static int bind_conn_to_iface(iscsi_conn
 {
 	struct iscsi_session *session = conn->session;
 
+	if (strcmp(iface->transport_name, DEFAULT_TRANSPORT))
+		return 0;
+
 	memset(session->netdev, 0, IFNAMSIZ);
 	if (iface_is_bound_by_hwaddr(iface) &&
 	    net_get_netdev_from_hwaddress(iface->hwaddress, session->netdev)) {
@@ -467,7 +470,7 @@ iscsi_io_tcp_poll(iscsi_conn_t *conn, in
 	}
 
 	len = sizeof(ss);
-	if (log_level > 0 || !conn->session->netdev)
+	if (log_level > 0 || !conn->session->netdev[0])
 		rc = getsockname(conn->socket_fd, (struct sockaddr *)&ss, &len);
 	if (log_level > 0 && rc >= 0) {
 		getnameinfo((struct sockaddr *) &conn->saddr,
diff -aurp open-iscsi-2.0-872-rc4-bnx2i/usr/iscsi_err.c open-iscsi-2.0-872-rc4-bnx2i.fix/usr/iscsi_err.c
--- open-iscsi-2.0-872-rc4-bnx2i/usr/iscsi_err.c	2011-04-02 01:40:02.000000000 -0500
+++ open-iscsi-2.0-872-rc4-bnx2i.fix/usr/iscsi_err.c	2011-04-02 05:22:51.000000000 -0500
@@ -44,7 +44,7 @@ static char *iscsi_err_msgs[] = {
 	/* 19 */ "encountered non-retryable iSCSI login failure",
 	/* 20 */ "could not connect to iscsid",
 	/* 21 */ "no objects found",
-	/* 23 */ "sysfs lookup failure",
+	/* 22 */ "sysfs lookup failure",
 	/* 23 */ "host not found",
 	/* 24 */ "iSCSI login failed due to authorization failure",
 	/* 25 */ "iSNS query failed",
diff -aurp open-iscsi-2.0-872-rc4-bnx2i/usr/netlink.c open-iscsi-2.0-872-rc4-bnx2i.fix/usr/netlink.c
--- open-iscsi-2.0-872-rc4-bnx2i/usr/netlink.c	2011-04-02 01:40:02.000000000 -0500
+++ open-iscsi-2.0-872-rc4-bnx2i.fix/usr/netlink.c	2011-04-02 05:23:10.000000000 -0500
@@ -53,15 +53,15 @@ static struct iscsi_ipc_ev_clbk *ipc_ev_
 
 static int ctldev_handle(void);
 
-#define NLM_BUF_DEFAULT_MAX \
-	(NLMSG_SPACE(ISCSI_DEF_MAX_RECV_SEG_LEN + \
-			 sizeof(struct iscsi_hdr)))
+#define NLM_BUF_DEFAULT_MAX (NLMSG_SPACE(ISCSI_DEF_MAX_RECV_SEG_LEN +	\
+					sizeof(struct iscsi_uevent) +	\
+					sizeof(struct iscsi_hdr)))
+
+#define PDU_SENDBUF_DEFAULT_MAX	(ISCSI_DEF_MAX_RECV_SEG_LEN +		\
+					sizeof(struct iscsi_uevent) +	\
+					sizeof(struct iscsi_hdr))
 
-#define PDU_SENDBUF_DEFAULT_MAX \
-	(ISCSI_DEF_MAX_RECV_SEG_LEN + sizeof(struct iscsi_hdr))
-
-#define NLM_SETPARAM_DEFAULT_MAX \
-	(NI_MAXHOST + 1 + sizeof(struct iscsi_uevent))
+#define NLM_SETPARAM_DEFAULT_MAX (NI_MAXHOST + 1 + sizeof(struct iscsi_uevent))
 
 static int
 kread(char *data, int count)
@@ -108,6 +108,12 @@ nlpayload_read(int ctrl_fd, char *data, 
 
 	iov.iov_base = nlm_recvbuf;
 	iov.iov_len = NLMSG_SPACE(count);
+
+	if (iov.iov_len > NLM_BUF_DEFAULT_MAX) {
+		log_error("Cannot read %lu bytes. nlm_recvbuf too small.",
+			  iov.iov_len);
+		return -1;
+	}
 	memset(iov.iov_base, 0, iov.iov_len);
 
 	memset(&msg, 0, sizeof(msg));
@@ -517,6 +523,7 @@ ksend_pdu_begin(uint64_t transport_handl
 			int hdr_size, int data_size)
 {
 	struct iscsi_uevent *ev;
+	int total_xmitlen = sizeof(*ev) + hdr_size + data_size;
 
 	log_debug(7, "in %s", __FUNCTION__);
 
@@ -525,8 +532,13 @@ ksend_pdu_begin(uint64_t transport_handl
 		exit(-EIO);
 	}
 
+	if (total_xmitlen > PDU_SENDBUF_DEFAULT_MAX) {
+		log_error("BUG: Cannot send %d bytes.", total_xmitlen);
+		exit(-EINVAL);
+	}
+
 	xmitbuf = pdu_sendbuf;
-	memset(xmitbuf, 0, sizeof(*ev) + hdr_size + data_size);
+	memset(xmitbuf, 0, total_xmitlen);
 	xmitlen = sizeof(*ev);
 	ev = xmitbuf;
 	memset(ev, 0, sizeof(*ev));