redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/ipv6/netfilter
History
Phil Oester affe759dba netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 
As reported by Casper Gripenberg, in a bridged setup, using ip[6]t_REJECT
with the tcp-reset option sends out reset packets with the src MAC address
of the local bridge interface, instead of the MAC address of the intended
destination.  This causes some routers/firewalls to drop the reset packet
as it appears to be spoofed.  Fix this by bypassing ip[6]_local_out and
setting the MAC of the sender in the tcp reset packet.

This closes netfilter bugzilla #531.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-08-28 00:13:12 +02:00
..
ip6_tables.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c
ip6t_MASQUERADE.c netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
ip6t_mh.c
ip6t_NPT.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-07 18:37:01 -04:00
ip6t_REJECT.c netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 2013-08-28 00:13:12 +02:00
ip6t_rpfilter.c netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too 2013-04-19 00:11:59 +02:00
ip6t_rt.c
ip6table_filter.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
ip6table_mangle.c netfilter: ipv6: propagate routing errors from ip6_route_me_harder() 2013-04-08 12:34:01 +02:00
ip6table_nat.c netfilter: nat: propagate errors from xfrm_me_harder() 2013-04-08 12:34:01 +02:00
ip6table_raw.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
ip6table_security.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
Kconfig netfilter: xt_rpfilter: depend on raw or mangle table 2013-04-19 00:22:55 +02:00
Makefile netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: nf_conntrack_ipv6: Plug sk_buff leak in fragment handling 2013-06-20 12:01:24 +02:00
nf_conntrack_proto_icmpv6.c netfilter: nf_log: prepare net namespace support for loggers 2013-04-05 20:12:54 +02:00
nf_conntrack_reasm.c netfilter: implement RFC3168 5.3 (ecn protection) for ipv6 fragmentation handling 2013-04-06 13:06:37 +02:00
nf_defrag_ipv6_hooks.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
nf_nat_l3proto_ipv6.c netfilter: ipv6: using csum_ipv6_magic requires net/ip6_checksum.h 2012-09-05 17:46:06 -04:00
nf_nat_proto_icmpv6.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00