mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-27 03:10:12 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal 5f6c253ebe netfilter: bridge: register hooks only when bridge interface is added 
This moves bridge hooks to a register-when-needed scheme.

We use a device notifier to register the 'call-iptables' netfilter hooks
only once a bridge gets added.

This means that if the initial namespace uses a bridge, newly created
network namespaces no longer get the PRE_ROUTING ipt_sabotage hook.

It will registered in that network namespace once a bridge is created
within that namespace.

A few modules still use global hooks:

- conntrack
- bridge PF_BRIDGE hooks
- IPVS
- CLUSTER match (deprecated)
- SYNPROXY

As long as these modules are not loaded/used, a new network namespace has
empty hook list and NF_HOOK() will boil down to single list_empty test even
if initial namespace does stateless packet filtering.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-03-02 20:05:25 +01:00
..
6lowpan 6lowpan: fix debugfs interface entry name 2015-12-20 08:21:00 +01:00
9p Rework and error handling fixes, primarily in the fscatch and fd transports. 2016-01-24 12:39:09 -08:00
802
8021q net: 8021q: use __ethtool_get_ksettings 2016-02-25 22:06:46 -05:00
appletalk appletalk: fix erroneous return value 2016-02-18 14:59:34 -05:00
atm net: Generalise wq_has_sleeper helper 2015-11-30 14:47:33 -05:00
ax25 net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
batman-adv batman-adv: Rename batadv_tt_orig_list_entry *_free_ref function to *_put 2016-02-23 13:51:01 +08:00
bluetooth Bluetooth: hci_core: Avoid mixing up req_complete and req_complete_skb 2016-02-20 08:52:28 +01:00
bridge netfilter: bridge: register hooks only when bridge interface is added 2016-03-02 20:05:25 +01:00
caif net: caif: fix erroneous return value 2016-02-18 14:59:35 -05:00
can
ceph libceph: MOSDOpReply v7 encoding 2016-02-04 18:26:08 +01:00
core net: ethtool: remove unused __ethtool_get_settings 2016-02-25 22:06:47 -05:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
decnet net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
dns_resolver
dsa net: dsa: drop vlan_getnext 2016-02-25 15:20:21 -05:00
ethernet eth: Pull header from first fragment via eth_get_headlen 2016-02-24 13:58:05 -05:00
hsr net/hsr: fix a warning message 2015-11-23 14:56:15 -05:00
ieee802154 sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
ipv4 netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ipv6 netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ipx
irda irda: fix a potential use-after-free in ircomm_param_request 2016-01-29 22:56:46 -08:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-01-19 14:21:08 -05:00
key
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
l3mdev net: l3mdev: address selection should only consider devices in L3 domain 2016-02-26 14:22:26 -05:00
lapb
llc af_llc: fix types on llc_ui_wait_for_conn 2016-02-17 16:12:13 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-01 15:56:08 -08:00
mac802154 mac802154: constify ieee802154_llsec_ops structure 2016-01-04 20:40:41 +01:00
mpls mpls: autoload lwt module 2016-02-21 22:00:28 -05:00
netfilter netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
netlabel
netlink nfnetlink: Revert "nfnetlink: add support for memory mapped netlink" 2016-02-18 11:42:22 -05:00
netrom
nfc NFC 4.5 pull request 2016-01-04 21:48:15 -05:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
packet net: core: use __ethtool_get_ksettings 2016-02-25 22:06:47 -05:00
phonet sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
rds rds: duplicate include net/tcp.h 2016-02-11 09:45:24 -05:00
rfkill rfkill: fix rfkill_fop_read wait_event usage 2016-01-26 11:32:05 +01:00
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-01-12 18:57:02 -08:00
sched net_sched: add network namespace support for tc actions 2016-02-25 14:16:21 -05:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
sunrpc Initial roundup of 4.5 merge window patches 2016-01-23 18:45:06 -08:00
switchdev switchdev: Require RTNL mutex to be held when sending FDB notifications 2016-01-28 16:21:31 -08:00
tipc tipc: fix null deref crash in compat config path 2016-02-25 17:04:48 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
vmw_vsock vsock: Fix blocking ops call in prepare_to_wait 2016-02-13 05:57:39 -05:00
wimax
wireless regulatory: fix world regulatory domain data 2016-01-14 11:10:13 +01:00
x25
xfrm net: preserve IP control block during GSO segmentation 2016-01-15 14:35:24 -05:00
compat.c
Kconfig net: add dst_cache support 2016-02-16 20:21:48 -05:00
Makefile
socket.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
sysctl_net.c