mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-13 14:14:37 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/bridge
History
Florian Westphal 5f6c253ebe netfilter: bridge: register hooks only when bridge interface is added 
This moves bridge hooks to a register-when-needed scheme.

We use a device notifier to register the 'call-iptables' netfilter hooks
only once a bridge gets added.

This means that if the initial namespace uses a bridge, newly created
network namespaces no longer get the PRE_ROUTING ipt_sabotage hook.

It will registered in that network namespace once a bridge is created
within that namespace.

A few modules still use global hooks:

- conntrack
- bridge PF_BRIDGE hooks
- IPVS
- CLUSTER match (deprecated)
- SYNPROXY

As long as these modules are not loaded/used, a new network namespace has
empty hook list and NF_HOOK() will boil down to single list_empty test even
if initial namespace does stateless packet filtering.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-03-02 20:05:25 +01:00
..
netfilter ipv4: Namespaceify ip_default_ttl sysctl knob 2016-02-16 20:42:54 -05:00
br.c switchdev: Require RTNL mutex to be held when sending FDB notifications 2016-01-28 16:21:31 -08:00
br_device.c bridge: fix lockdep addr_list_lock false positive splat 2016-01-15 15:40:45 -05:00
br_fdb.c switchdev: Pass original device to port netdev driver 2015-12-15 11:58:20 -05:00
br_forward.c bridge: set is_local and is_static before fdb entry is added to the fdb hashtable 2015-10-30 12:13:05 +09:00
br_if.c net: bridge: use __ethtool_get_ksettings 2016-02-25 22:06:46 -05:00
br_input.c bridge: vlan: use proper rcu for the vlgrp member 2015-10-13 04:57:52 -07:00
br_ioctl.c bridge: push bridge setting ageing_time down to switchdev 2015-10-12 05:20:20 -07:00
br_mdb.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
br_multicast.c bridge: mdb: Passing the port-group pointer to br_mdb module 2016-02-09 04:42:47 -05:00
br_netfilter_hooks.c netfilter: bridge: register hooks only when bridge interface is added 2016-03-02 20:05:25 +01:00
br_netfilter_ipv6.c bridge: Pass net into br_validate_ipv4 and br_validate_ipv6 2015-09-29 20:21:32 +02:00
br_netlink.c net: bridge: log port STP state on change 2016-02-18 14:20:08 -05:00
br_nf_core.c net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
br_private.h net: bridge: log port STP state on change 2016-02-18 14:20:08 -05:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_stp.c net: bridge: log port STP state on change 2016-02-18 14:20:08 -05:00
br_stp_bpdu.c netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
br_stp_if.c net: bridge: log port STP state on change 2016-02-18 14:20:08 -05:00
br_stp_timer.c net: bridge: log port STP state on change 2016-02-18 14:20:08 -05:00
br_sysfs_br.c bridge: use kobj_to_dev instead of to_dev 2015-12-23 22:26:48 -05:00
br_sysfs_if.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_vlan.c bridge: switchdev: Offload VLAN flags to hardware bridge 2016-02-18 11:18:11 -05:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile netfilter: bridge: split ipv6 code into separated file 2015-06-18 21:14:21 +02:00