mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 15:20:41 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Florian Westphal fdacd57c79 netfilter: x_tables: never register tables by default 
For historical reasons x_tables still register tables by default in the
initial namespace.
Only newly created net namespaces add the hook on demand.

This means that the init_net always pays hook cost, even if no filtering
rules are added (e.g. only used inside a single netns).

Note that the hooks are added even when 'iptables -L' is called.
This is because there is no way to tell 'iptables -A' and 'iptables -L'
apart at kernel level.

The only solution would be to register the table, but delay hook
registration until the first rule gets added (or policy gets changed).

That however means that counters are not hooked either, so 'iptables -L'
would always show 0-counters even when traffic is flowing which might be
unexpected.

This keeps table and hook registration consistent with what is already done
in non-init netns: first iptables(-save) invocation registers both table
and hooks.

This applies the same solution adopted for ebtables.
All tables register a template that contains the l3 family, the name
and a constructor function that is called when the initial table has to
be added.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-08-09 10:22:01 +02:00
..
6lowpan
9p
802
8021q dev_ioctl: split out ndo_eth_ioctl 2021-07-27 20:11:45 +01:00
appletalk net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
atm
ax25
batman-adv
bluetooth
bpf Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-07-23 16:13:06 +01:00
bpfilter
bridge netfilter: ebtables: do not hook tables by default 2021-08-02 11:40:45 +02:00
caif net: fix uninit-value in caif_seqpkt_sendmsg 2021-07-15 11:08:33 -07:00
can can: j1939: j1939_xtp_rx_dat_one(): use separate pointer for session skb control buffer 2021-07-25 11:36:25 +02:00
ceph
core devlink: Allocate devlink directly in requested net namespace 2021-07-30 13:16:38 -07:00
dcb
dccp memcg: enable accounting for inet_bin_bucket cache 2021-07-20 06:00:38 -07:00
decnet net: convert fib_treeref from int to refcount_t 2021-07-30 15:33:24 +02:00
dns_resolver
dsa net: dsa: don't set skb->offload_fwd_mark when not offloading the bridge 2021-07-29 22:17:37 +01:00
ethernet Revert "net: dsa: Allow drivers to filter packets they can decode source port from" 2021-07-26 22:35:22 +01:00
ethtool dev_ioctl: pass SIOCDEVPRIVATE data separately 2021-07-27 20:11:44 +01:00
hsr
ieee802154 net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
ife
ipv4 netfilter: x_tables: never register tables by default 2021-08-09 10:22:01 +02:00
ipv6 netfilter: x_tables: never register tables by default 2021-08-09 10:22:01 +02:00
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211
mac802154
mctp mctp: Allow per-netns default networks 2021-07-29 15:06:50 +01:00
mpls mpls: defer ttl decrement in mpls_forward() 2021-07-23 17:17:56 +01:00
mptcp net: Use nlmsg_unicast() instead of netlink_unicast() 2021-07-13 09:28:29 -07:00
ncsi net/ncsi: add dummy response handler for Intel boards 2021-07-08 14:16:39 -07:00
netfilter netfilter: x_tables: never register tables by default 2021-08-09 10:22:01 +02:00
netlabel net: cipso: fix warnings in netlbl_cipsov4_add_std 2021-07-27 20:58:30 +01:00
netlink net: netlink: Remove unused function 2021-07-30 18:35:47 +02:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-18 09:48:59 -07:00
nfc nfc: hci: cleanup unneeded spaces 2021-07-30 17:22:53 +02:00
nsh
openvswitch openvswitch: fix sparse warning incorrect type 2021-07-27 11:48:43 +01:00
packet
phonet phonet: use siocdevprivate 2021-07-27 20:11:43 +01:00
psample
qrtr net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
rds
rfkill
rose
rxrpc
sched net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sctp sctp: do not update transport pathmtu if SPP_PMTUD_ENABLE is not set 2021-07-21 14:17:58 -07:00
smc
strparser
sunrpc NFS client updates for Linux 5.14 2021-07-09 09:43:57 -07:00
switchdev net: switchdev: fix FDB entries towards foreign ports not getting propagated to us 2021-07-22 00:45:40 -07:00
tipc tipc: fix an use-after-free issue in tipc_recvmsg 2021-07-25 10:43:30 +01:00
tls
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-07-15 22:40:10 -07:00
vmw_vsock
wireless
x25
xdp
xfrm
compat.c
devres.c
Kconfig mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
Makefile mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
socket.c mctp: Add MCTP base 2021-07-29 15:06:49 +01:00
sysctl_net.c