mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-05 18:39:59 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Eric Dumazet 681f130f39 netfilter: xt_socket: add XT_SOCKET_NOWILDCARD flag 
xt_socket module can be a nice replacement to conntrack module
in some cases (SYN filtering for example)

But it lacks the ability to match the 3rd packet of TCP
handshake (ACK coming from the client).

Add a XT_SOCKET_NOWILDCARD flag to disable the wildcard mechanism.

The wildcard is the legacy socket match behavior, that ignores
LISTEN sockets bound to INADDR_ANY (or ipv6 equivalent)

iptables -I INPUT -p tcp --syn -j SYN_CHAIN
iptables -I INPUT -m socket --nowildcard -j ACCEPT

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-06-20 20:28:49 +02:00
..
9p zero copy error fix 2013-06-10 17:35:25 -07:00
802 net/802/mrp: fix lockdep splat 2013-05-14 13:02:30 -07:00
8021q net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
appletalk net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
atm net: always pass struct netdev_notifier_info to netdevice notifiers 2013-05-28 21:58:54 -07:00
ax25 net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
bluetooth Bluetooth: Fix conditions for HCI_Delete_Stored_Link_Key 2013-06-13 13:05:40 -04:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
caif net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
can net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
ceph libceph: must hold mutex for reset_changed_osds() 2013-05-17 12:45:40 -05:00
core neigh: disallow un-init_net to change thresh of neigh 2013-06-19 21:13:24 -07:00
dcb rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
dccp tcp: Remove TCPCT 2013-03-17 14:35:13 -04:00
decnet net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
dns_resolver
dsa dsa: fix freeing of sparse port allocation 2013-03-25 12:23:41 -04:00
ethernet net: add ETH_P_802_3_MIN 2013-03-28 01:20:42 -04:00
ieee802154 net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
ipv4 inet: frag , remove an empty ifdef. 2013-06-19 23:06:52 -07:00
ipv6 sit: fix an oops when IFLA_IPTUN_PROTO is not set 2013-06-19 21:18:17 -07:00
ipx net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
irda net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
iucv net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
key xfrm: force a garbage collection after deleting a policy 2013-05-31 17:30:07 -07:00
l2tp l2tp: Fix sendmsg() return value 2013-06-13 02:39:04 -07:00
lapb
llc llc: Fix missing msg_namelen update in llc_ui_recvmsg() 2013-04-07 16:28:01 -04:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
mpls MPLS: Add limited GSO support 2013-05-27 22:50:59 -07:00
netfilter netfilter: xt_socket: add XT_SOCKET_NOWILDCARD flag 2013-06-20 20:28:49 +02:00
netlabel net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
netrom net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
nfc NFC: Remove commented out LLCP related Makefile line 2013-05-21 10:47:41 +02:00
openvswitch openvswitch: Add gre tunnel support. 2013-06-19 18:07:42 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
phonet net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
rds net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
rfkill Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-04-22 14:58:14 -04:00
rose net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
rxrpc Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
sched htb: refactor struct htb_sched fields for performance 2013-06-19 23:06:52 -07:00
sctp sctp: Convert __list_for_each use to list_for_each 2013-06-19 23:02:49 -07:00
sunrpc net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
tipc tipc: remove dev_base_lock use from enable_bearer 2013-06-17 15:53:01 -07:00
unix net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
x25 net: pass info struct via netdevice notifier 2013-05-28 13:11:01 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-05 16:37:30 -07:00
compat.c net: Unbreak compat_sys_{send,recv}msg 2013-06-06 11:52:14 -07:00
Kconfig net: remove NET_LL_RX_POLL config menue 2013-06-17 15:48:14 -07:00
Makefile MPLS: Add limited GSO support 2013-05-27 22:50:59 -07:00
nonet.c
socket.c net: add socket option for low latency polling 2013-06-17 15:48:14 -07:00
sysctl_net.c