mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 21:57:43 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Florian Westphal e75b3e1c9b netfilter: nf_flow_table: ignore DF bit setting 
Its irrelevant if the DF bit is set or not, we must pass packet to
stack in either case.

If the DF bit is set, we must pass it to stack so the appropriate
ICMP error can be generated.

If the DF is not set, we must pass it to stack for fragmentation.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2019-05-22 10:51:49 +02:00
..
ipset netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
ipvs ipvs: Fix use-after-free in ip_vs_in 2019-05-21 18:31:09 +02:00
core.c bridge: netfilter: unroll NF_HOOK helper in bridge input path 2019-04-12 01:47:39 +02:00
Kconfig netfilter: x_tables: merge ip and ipv6 masquerade modules 2019-04-11 20:59:29 +02:00
Makefile netfilter: x_tables: merge ip and ipv6 masquerade modules 2019-04-11 20:59:29 +02:00
nf_conncount.c netfilter: nf_conncount: fix argument order to find_next_bit 2018-12-29 02:45:22 +01:00
nf_conntrack_acct.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_amanda.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_broadcast.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_conntrack_core.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
nf_conntrack_ecache.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_expect.c netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) 2019-04-08 23:02:52 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: restore boundary check correctness 2019-05-06 00:36:17 +02:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_h323: Remove deprecated config check 2019-05-06 15:15:09 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_irc.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-05-13 08:55:15 -07:00
nf_conntrack_pptp.c netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups 2019-01-18 15:02:34 +01:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-04-22 10:38:50 +02:00
nf_conntrack_proto_dccp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_generic.c netfilter: conntrack: remove l4proto init and get_net callbacks 2019-01-18 15:02:34 +01:00
nf_conntrack_proto_gre.c netfilter: conntrack: remove l4proto destroy hook 2019-01-18 15:02:34 +01:00
nf_conntrack_proto_icmp.c netfilter: conntrack: don't set related state for different outer address 2019-04-13 14:52:57 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: don't set related state for different outer address 2019-04-13 14:52:57 +02:00
nf_conntrack_proto_sctp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_tcp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_udp.c netfilter: conntrack: remove l4proto init and get_net callbacks 2019-01-18 15:02:34 +01:00
nf_conntrack_sane.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: re-load tcp header pointer after possible head reallocation 2018-12-07 10:54:23 +01:00
nf_conntrack_sip.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c netfilter: conntrack: limit sysctl setting for boolean options 2019-04-30 14:18:56 +02:00
nf_conntrack_tftp.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_timeout.c netfilter: Export nf_ct_{set,destroy}_timeout() 2019-03-28 16:53:29 -07:00
nf_conntrack_timestamp.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_dup_netdev.c
nf_flow_table_core.c netfilter: nf_flow_table: do not flow offload deleted conntrack entries 2019-05-06 15:15:09 +02:00
nf_flow_table_inet.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c netfilter: nf_flow_table: ignore DF bit setting 2019-05-22 10:51:49 +02:00
nf_internals.h bridge: netfilter: unroll NF_HOOK helper in bridge input path 2019-04-12 01:47:39 +02:00
nf_log.c netfilter: nf_log: don't hold nf_log_mutex during user access 2018-06-26 16:48:40 +02:00
nf_log_common.c netfilter: avoid using skb->nf_bridge directly 2018-12-19 11:21:37 -08:00
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_nat_amanda.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_core.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_nat_ftp.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_helper.c netfilter: nat: fix udp checksum corruption 2019-05-21 20:20:40 +02:00
nf_nat_irc.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_masquerade.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
nf_nat_proto.c netfilter: nf_tables: merge route type into core 2019-04-08 23:01:42 +02:00
nf_nat_redirect.c netfilter: nat: remove unnecessary rcu_read_lock in nf_nat_redirect_ipv{4/6} 2018-09-17 16:11:14 +02:00
nf_nat_sip.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_tftp.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_queue.c netfilter: nf_queue: fix reinject verdict handling 2019-05-21 16:10:30 +02:00
nf_sockopt.c
nf_synproxy_core.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
nf_tables_api.c netfilter: nf_tables: fix oops during rule dump 2019-05-20 19:45:23 +02:00
nf_tables_core.c netfilter: nf_tables: check the result of dereferencing base_chain->stats 2019-03-01 14:34:24 +01:00
nf_tables_set_core.c netfilter: nf_tables: fix implicit include of module.h 2019-04-30 13:35:26 +02:00
nf_tables_trace.c
nfnetlink.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_acct.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_cthelper.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_cttimeout.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_log.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
nfnetlink_osf.c netfilter: nft_osf: Add version option support 2019-04-08 23:27:12 +02:00
nfnetlink_queue.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_bitwise.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_byteorder.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_chain_filter.c netfilter: nf_tables: don't prevent event handler from device cleanup on netns exit 2018-08-16 19:37:03 +02:00
nft_chain_nat.c netfilter: nat: add inet family nat support 2019-04-08 23:01:39 +02:00
nft_chain_route.c netfilter: nf_tables: merge route type into core 2019-04-08 23:01:42 +02:00
nft_cmp.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_compat.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_connlimit.c netfilter: nf_conncount: merge lookup and add functions 2018-12-29 02:45:20 +01:00
nft_counter.c netfilter: nft_counter: remove wrong __percpu of nft_counter_resest()'s arg 2019-01-28 11:32:43 +01:00
nft_ct.c netfilter: nft_ct: Add ct id support 2019-04-30 14:19:57 +02:00
nft_dup_netdev.c netfilter: remove two unused variables. 2018-10-19 14:00:33 +02:00
nft_dynset.c netfilter: nf_tables: relocate header content to consumer 2019-04-30 13:35:17 +02:00
nft_exthdr.c netfilter: nf_tables: merge exthdr expression into nft core 2018-04-27 00:00:56 +02:00
nft_fib.c netfilter: nft_fib: Fix existence check support 2019-05-21 16:10:38 +02:00
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: nf_flow_table: fix netdev refcnt leak 2019-04-30 13:55:00 +02:00
nft_fwd_netdev.c netfilter: remove two unused variables. 2018-10-19 14:00:33 +02:00
nft_hash.c Revert "netfilter: nft_hash: add map lookups for hashing operations" 2019-01-18 15:59:47 +01:00
nft_immediate.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-08 15:00:17 -08:00
nft_limit.c netfilter: nft_limit: fix packet ratelimiting 2018-05-23 09:50:28 +02:00
nft_log.c netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it 2018-06-07 16:14:00 -04:00
nft_lookup.c netfilter: nf_tables: bogus EBUSY when deleting set after flush 2019-03-11 13:19:24 +01:00
nft_masq.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
nft_meta.c netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type 2019-01-18 15:58:20 +01:00
nft_nat.c netfilter: nat: add inet family nat support 2019-04-08 23:01:39 +02:00
nft_numgen.c Revert "netfilter: nft_numgen: add map lookups for numgen random operations" 2018-10-29 11:11:33 +01:00
nft_objref.c netfilter: nf_tables: bogus EBUSY in helper removal from transaction 2019-03-18 16:22:49 +01:00
nft_osf.c netfilter: nft_osf: Add version option support 2019-04-08 23:27:12 +02:00
nft_payload.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_queue.c
nft_quota.c netfilter: nf_tables: prepare nft_object for lookups via hashtable 2019-01-18 15:02:32 +01:00
nft_range.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_redir.c netfilter: nft_redir: add inet support 2019-04-08 23:03:01 +02:00
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2018-09-17 16:11:12 +02:00
nft_reject_inet.c
nft_rt.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_set_bitmap.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_hash.c netfilter: nft_set_hash: remove nft_hash_key() 2019-02-27 11:08:32 +01:00
nft_set_rbtree.c netfilter: nft_set_rbtree: check for inactive element after flag mismatch 2019-03-18 16:21:09 +01:00
nft_socket.c netfilter: nft_socket: Expose socket mark 2018-07-18 11:26:52 +02:00
nft_tproxy.c netfilter: nft_tproxy: Fix missing-braces warning 2018-08-16 19:37:10 +02:00
nft_tunnel.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_xfrm.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
utils.c netfilter: ipv6: avoid indirect calls for IPV6=y case 2019-02-04 18:21:12 +01:00
x_tables.c netfilter: make two functions static 2019-04-08 23:28:33 +02:00
xt_addrtype.c netfilter: ipv6: avoid indirect calls for IPV6=y case 2019-02-04 18:21:12 +01:00
xt_AUDIT.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2018-09-17 16:11:03 +02:00
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: connlabels: fix spelling mistake "trackling" -> "tracking" 2019-04-30 14:19:57 +02:00
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c netfilter: xt_connmark: fix list corruption on rmmod 2018-06-12 19:35:52 +02:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: Export nf_ct_{set,destroy}_timeout() 2019-03-28 16:53:29 -07:00
xt_dccp.c
xt_devgroup.c
xt_DSCP.c
xt_dscp.c
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: use struct_size() helper 2019-05-06 01:03:04 +02:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c netfilter: xt_IDLETIMER: fix sysfs callback function type 2019-03-01 14:36:57 +01:00
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_LOG.c
xt_mac.c
xt_mark.c
xt_MASQUERADE.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
xt_multiport.c
xt_nat.c netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h 2019-02-27 10:54:08 +01:00
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_nfacct.c netfilter: nfnetlink_acct: remove useless parameter 2018-03-05 23:15:43 +01:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c
xt_osf.c netfilter: xt_osf: simplify xt_osf_match_packet() 2018-10-16 10:01:50 +02:00
xt_owner.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
xt_physdev.c netfilter: physdev: relax br_netfilter dependency 2019-01-18 15:02:33 +01:00
xt_pkttype.c
xt_policy.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
xt_quota.c Revert "netfilter: xt_quota: fix the behavior of xt_quota module" 2018-10-19 14:00:34 +02:00
xt_RATEEST.c netfilter: xt_RATEEST: remove netns exit routine 2018-11-13 09:57:29 +01:00
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: Use struct_size() in kvzalloc() 2019-02-12 00:39:39 +01:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_repldata.h
xt_sctp.c
xt_SECMARK.c netfilter: xtables: avoid BUG_ON 2018-09-17 16:11:12 +02:00
xt_set.c netfilter: ipset: Limit max timeout value 2018-06-06 14:00:54 +02:00
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c netfilter: xt_TEE: add missing code to get interface index in checkentry. 2018-10-11 11:29:14 +02:00
xt_time.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c
xt_u32.c