linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-26 20:38:12 +00:00

History

Florian Westphal 11961df002 netfilter: conntrack: set icmpv6 redirects as RELATED [ Upstream commit `7d7cfb48d8` ] icmp conntrack will set icmp redirects as RELATED, but icmpv6 will not do this. For icmpv6, only icmp errors (code <= 128) are examined for RELATED state. ICMPV6 Redirects are part of neighbour discovery mechanism, those are handled by marking a selected subset (e.g. neighbour solicitations) as UNTRACKED, but not REDIRECT -- they will thus be flagged as INVALID. Add minimal support for REDIRECTs. No parsing of neighbour options is added for simplicity, so this will only check that we have the embeeded original header (ND_OPT_REDIRECT_HDR), and then attempt to do a flow lookup for this tuple. Also extend the existing test case to cover redirects. Fixes: `9fb9cbb108` ("[NETFILTER]: Add nf_conntrack subsystem.") Reported-by: Eric Garver <eric@garver.life> Link: https://github.com/firewalld/firewalld/issues/1046 Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Eric Garver <eric@garver.life> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-12-31 13:26:06 +01:00
..
crypto/chacha20-s390	tools/testing/crypto: Use vzalloc instead of vmalloc+memset	2022-07-05 14:46:36 +02:00
cxl	tools/testing/cxl: Fix some error exits	2022-11-26 09:27:21 +01:00
fault-injection
ktest
kunit	kunit: tool: Enable virtio/PCI by default on UML	2022-07-08 11:22:29 -06:00
memblock	memblock updates for v5.20	2022-08-09 09:48:30 -07:00
nvdimm	ndtest: Cleanup all of blk namespace specific code	2022-07-12 17:57:55 -07:00
radix-tree	tools: Add kmem_cache_alloc_lru()	2022-04-22 14:24:28 -04:00
scatterlist
selftests	netfilter: conntrack: set icmpv6 redirects as RELATED	2022-12-31 13:26:06 +01:00
vsock