linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 06:08:07 +00:00

History

Pablo Neira Ayuso 523b929d54 netfilter: nft_reject_bridge: don't use IP stack to reject traffic If the packet is received via the bridge stack, this cannot reject packets from the IP stack. This adds functions to build the reject packet and send it from the bridge stack. Comments and assumptions on this patch: 1) Validate the IPv4 and IPv6 headers before further processing, given that the packet comes from the bridge stack, we cannot assume they are clean. Truncated packets are dropped, we follow similar approach in the existing iptables match/target extensions that need to inspect layer 4 headers that is not available. This also includes packets that are directed to multicast and broadcast ethernet addresses. 2) br_deliver() is exported to inject the reject packet via bridge localout -> postrouting. So the approach is similar to what we already do in the iptables reject target. The reject packet is sent to the bridge port from which we have received the original packet. 3) The reject packet is forged based on the original packet. The TTL is set based on sysctl_ip_default_ttl for IPv4 and per-net ipv6.devconf_all hoplimit for IPv6. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2014-10-31 12:50:08 +01:00
..
6lowpan	6lowpan: Allow 6LoWPAN to be modular	2014-08-07 11:44:18 -07:00
9p	9p/trans_virtio: enable VQs early	2014-10-15 10:25:04 +10:30
802	net: set name_assign_type in alloc_netdev()	2014-07-15 16:12:48 -07:00
8021q	net: better IFF_XMIT_DST_RELEASE support	2014-10-07 13:22:11 -04:00
appletalk	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2014-07-16 14:09:34 -07:00
atm	net: better IFF_XMIT_DST_RELEASE support	2014-10-07 13:22:11 -04:00
ax25
batman-adv	batman-adv: replace strnicmp with strncasecmp	2014-10-14 02:18:24 +02:00
bluetooth	Bluetooth: 6lowpan: Check transmit errors for multicast packets	2014-10-02 13:41:57 +03:00
bridge	netfilter: nft_reject_bridge: don't use IP stack to reject traffic	2014-10-31 12:50:08 +01:00
caif	caif_usb: use target structure member in memset	2014-10-14 16:05:45 -04:00
can
ceph	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client	2014-10-15 06:46:01 +02:00
core	net: core: handle encapsulation offloads when computing segment lengths	2014-10-20 12:38:13 -04:00
dcb	dcbnl : Fix misleading dcb_app->priority explanation	2014-07-30 17:21:05 -07:00
dccp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2014-10-18 09:31:37 -07:00
decnet	af_decnet: Use time_after_eq	2014-08-22 12:23:11 -07:00
dns_resolver	Merge commit 'v3.16' into next	2014-10-01 00:44:04 +10:00
dsa	Net: DSA: Fix checking for get_phy_flags function	2014-10-19 12:46:31 -04:00
ethernet	net: Add function for parsing the header length out of linear ethernet frames	2014-09-05 17:47:02 -07:00
hsr	net/hsr: Remove left-over never-true conditional code.	2014-07-11 15:04:40 -07:00
ieee802154	Merge tag 'master-2014-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next	2014-10-05 21:34:39 -04:00
ipv4	netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions	2014-10-31 12:49:05 +01:00
ipv6	netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions	2014-10-31 12:49:57 +01:00
ipx
irda	irda: add __init to irlan_open	2014-09-30 17:08:06 -04:00
iucv	iucv: Convert pr_warning to pr_warn	2014-09-10 12:40:10 -07:00
key	af_key: remove unnecessary break after return	2014-07-15 16:27:00 -07:00
l2tp	l2tp: Refactor l2tp core driver to make use of the common UDP tunnel functions	2014-09-19 15:57:15 -04:00
lapb
llc	net_dma: simple removal	2014-09-28 07:05:16 -07:00
mac80211	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless	2014-10-07 14:48:29 -04:00
mac802154	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2014-10-08 21:40:54 -04:00
mpls	net: gso: use feature flag argument in all protocol gso handlers	2014-10-20 12:38:12 -04:00
netfilter	ipvs: Avoid null-pointer deref in debug code	2014-10-28 09:48:31 +09:00
netlabel	netlabel: kernel-doc warning fix	2014-10-09 01:40:05 -04:00
netlink	netlink: Re-add locking to netlink_lookup() and seq walker	2014-10-21 21:34:49 -04:00
netrom	netrom: use linux/uaccess.h	2014-10-17 23:52:54 -04:00
nfc	NFC: nci: Add support for proprietary RF Protocols	2014-09-24 02:02:24 +02:00
openvswitch	net: make skb_gso_segment error handling more robust	2014-10-20 12:38:13 -04:00
packet	net: Pass a "more" indication down into netdev_start_xmit() code paths.	2014-09-01 17:39:55 -07:00
phonet	net: fix rcu access on phonet_routes	2014-10-06 18:16:30 -04:00
rds	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2014-10-18 09:31:37 -07:00
rfkill	net: rfkill: kernel-doc warning fixes	2014-10-08 15:24:15 -04:00
rose	rose: use %*ph specifier	2014-09-07 16:07:25 -07:00
rxrpc	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2014-10-12 10:13:55 -04:00
sched	net: sched: initialize bstats syncp	2014-10-21 21:45:21 -04:00
sctp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2014-10-18 09:31:37 -07:00
sunrpc	Merge branch 'for-3.18' of git://linux-nfs.org/~bfields/linux	2014-10-08 12:51:44 -04:00
tipc	tipc: fix lockdep warning when intra-node messages are delivered	2014-10-21 15:28:15 -04:00
unix	af_unix: remove 0 assignment on static	2014-10-07 17:03:14 -04:00
vmw_vsock
wimax	wimax: convert printk to pr_foo()	2014-10-07 20:28:44 -04:00
wireless	lib80211: remove unused print_ssid()	2014-10-14 02:18:27 +02:00
x25
xfrm	net: make skb_gso_segment error handling more robust	2014-10-20 12:38:13 -04:00
compat.c	net: sendmsg: fix NULL pointer dereference	2014-07-29 12:20:22 -07:00
Kconfig	net: bpf: fix bpf syscall dependence on anon_inodes	2014-10-10 15:02:23 -04:00
Makefile	6lowpan: introduce new net/6lowpan directory	2014-07-12 01:53:30 +02:00
nonet.c
socket.c	File locking related changes for v3.18 (pile #1 )	2014-10-11 13:21:34 -04:00
sysctl_net.c