redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/netfilter
History
Florian Westphal e75b3e1c9b netfilter: nf_flow_table: ignore DF bit setting 
Its irrelevant if the DF bit is set or not, we must pass packet to
stack in either case.

If the DF bit is set, we must pass it to stack so the appropriate
ICMP error can be generated.

If the DF is not set, we must pass it to stack for fragmentation.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2019-05-22 10:51:49 +02:00
..
ipset netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
ipvs ipvs: Fix use-after-free in ip_vs_in 2019-05-21 18:31:09 +02:00
Kconfig netfilter: x_tables: merge ip and ipv6 masquerade modules 2019-04-11 20:59:29 +02:00
Makefile netfilter: x_tables: merge ip and ipv6 masquerade modules 2019-04-11 20:59:29 +02:00
core.c bridge: netfilter: unroll NF_HOOK helper in bridge input path 2019-04-12 01:47:39 +02:00
nf_conncount.c netfilter: nf_conncount: fix argument order to find_next_bit 2018-12-29 02:45:22 +01:00
nf_conntrack_acct.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_amanda.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_broadcast.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_conntrack_core.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
nf_conntrack_ecache.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_conntrack_expect.c netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) 2019-04-08 23:02:52 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: restore boundary check correctness 2019-05-06 00:36:17 +02:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_h323: Remove deprecated config check 2019-05-06 15:15:09 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_irc.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_labels.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-05-13 08:55:15 -07:00
nf_conntrack_pptp.c netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups 2019-01-18 15:02:34 +01:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-04-22 10:38:50 +02:00
nf_conntrack_proto_dccp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_generic.c netfilter: conntrack: remove l4proto init and get_net callbacks 2019-01-18 15:02:34 +01:00
nf_conntrack_proto_gre.c netfilter: conntrack: remove l4proto destroy hook 2019-01-18 15:02:34 +01:00
nf_conntrack_proto_icmp.c netfilter: conntrack: don't set related state for different outer address 2019-04-13 14:52:57 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: don't set related state for different outer address 2019-04-13 14:52:57 +02:00
nf_conntrack_proto_sctp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_tcp.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_conntrack_proto_udp.c netfilter: conntrack: remove l4proto init and get_net callbacks 2019-01-18 15:02:34 +01:00
nf_conntrack_sane.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: re-load tcp header pointer after possible head reallocation 2018-12-07 10:54:23 +01:00
nf_conntrack_sip.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c netfilter: conntrack: limit sysctl setting for boolean options 2019-04-30 14:18:56 +02:00
nf_conntrack_tftp.c netfilter: add API to manage NAT helpers. 2019-04-30 14:19:55 +02:00
nf_conntrack_timeout.c netfilter: Export nf_ct_{set,destroy}_timeout() 2019-03-28 16:53:29 -07:00
nf_conntrack_timestamp.c netfilter: conntrack: remove empty pernet fini stubs 2018-12-21 00:51:54 +01:00
nf_dup_netdev.c netfilter: dup: resolve warnings about missing prototypes 2017-05-29 11:32:36 +02:00
nf_flow_table_core.c netfilter: nf_flow_table: do not flow offload deleted conntrack entries 2019-05-06 15:15:09 +02:00
nf_flow_table_inet.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c netfilter: nf_flow_table: ignore DF bit setting 2019-05-22 10:51:49 +02:00
nf_internals.h bridge: netfilter: unroll NF_HOOK helper in bridge input path 2019-04-12 01:47:39 +02:00
nf_log.c netfilter: nf_log: don't hold nf_log_mutex during user access 2018-06-26 16:48:40 +02:00
nf_log_common.c netfilter: avoid using skb->nf_bridge directly 2018-12-19 11:21:37 -08:00
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_nat_amanda.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_core.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nf_nat_ftp.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_helper.c netfilter: nat: fix udp checksum corruption 2019-05-21 20:20:40 +02:00
nf_nat_irc.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_masquerade.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
nf_nat_proto.c netfilter: nf_tables: merge route type into core 2019-04-08 23:01:42 +02:00
nf_nat_redirect.c netfilter: nat: remove unnecessary rcu_read_lock in nf_nat_redirect_ipv{4/6} 2018-09-17 16:11:14 +02:00
nf_nat_sip.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_nat_tftp.c netfilter: nf_nat: register NAT helpers. 2019-04-30 14:19:55 +02:00
nf_queue.c netfilter: nf_queue: fix reinject verdict handling 2019-05-21 16:10:30 +02:00
nf_sockopt.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_synproxy_core.c proc: introduce proc_create_net{,_data} 2018-05-16 07:24:30 +02:00
nf_tables_api.c netfilter: nf_tables: fix oops during rule dump 2019-05-20 19:45:23 +02:00
nf_tables_core.c netfilter: nf_tables: check the result of dereferencing base_chain->stats 2019-03-01 14:34:24 +01:00
nf_tables_set_core.c netfilter: nf_tables: fix implicit include of module.h 2019-04-30 13:35:26 +02:00
nf_tables_trace.c netfilter: nf_tables: Allow chain name of up to 255 chars 2017-07-31 20:41:57 +02:00
nfnetlink.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_acct.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_cthelper.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_cttimeout.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nfnetlink_log.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
nfnetlink_osf.c netfilter: nft_osf: Add version option support 2019-04-08 23:27:12 +02:00
nfnetlink_queue.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_bitwise.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_byteorder.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_chain_filter.c netfilter: nf_tables: don't prevent event handler from device cleanup on netns exit 2018-08-16 19:37:03 +02:00
nft_chain_nat.c netfilter: nat: add inet family nat support 2019-04-08 23:01:39 +02:00
nft_chain_route.c netfilter: nf_tables: merge route type into core 2019-04-08 23:01:42 +02:00
nft_cmp.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_compat.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_connlimit.c netfilter: nf_conncount: merge lookup and add functions 2018-12-29 02:45:20 +01:00
nft_counter.c netfilter: nft_counter: remove wrong __percpu of nft_counter_resest()'s arg 2019-01-28 11:32:43 +01:00
nft_ct.c netfilter: nft_ct: Add ct id support 2019-04-30 14:19:57 +02:00
nft_dup_netdev.c netfilter: remove two unused variables. 2018-10-19 14:00:33 +02:00
nft_dynset.c netfilter: nf_tables: relocate header content to consumer 2019-04-30 13:35:17 +02:00
nft_exthdr.c netfilter: nf_tables: merge exthdr expression into nft core 2018-04-27 00:00:56 +02:00
nft_fib.c netfilter: nft_fib: Fix existence check support 2019-05-21 16:10:38 +02:00
nft_fib_inet.c netfilter: nf_tables: use hook state from xt_action_param structure 2016-11-03 11:52:34 +01:00
nft_fib_netdev.c netfilter: nf_tables: add fib expression to the netdev family 2017-07-31 19:01:40 +02:00
nft_flow_offload.c netfilter: nf_flow_table: fix netdev refcnt leak 2019-04-30 13:55:00 +02:00
nft_fwd_netdev.c netfilter: remove two unused variables. 2018-10-19 14:00:33 +02:00
nft_hash.c Revert "netfilter: nft_hash: add map lookups for hashing operations" 2019-01-18 15:59:47 +01:00
nft_immediate.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-08 15:00:17 -08:00
nft_limit.c netfilter: nft_limit: fix packet ratelimiting 2018-05-23 09:50:28 +02:00
nft_log.c netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it 2018-06-07 16:14:00 -04:00
nft_lookup.c netfilter: nf_tables: bogus EBUSY when deleting set after flush 2019-03-11 13:19:24 +01:00
nft_masq.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
nft_meta.c netfilter: nft_meta: Add NFT_META_I/OIFKIND meta type 2019-01-18 15:58:20 +01:00
nft_nat.c netfilter: nat: add inet family nat support 2019-04-08 23:01:39 +02:00
nft_numgen.c Revert "netfilter: nft_numgen: add map lookups for numgen random operations" 2018-10-29 11:11:33 +01:00
nft_objref.c netfilter: nf_tables: bogus EBUSY in helper removal from transaction 2019-03-18 16:22:49 +01:00
nft_osf.c netfilter: nft_osf: Add version option support 2019-04-08 23:27:12 +02:00
nft_payload.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_queue.c netfilter: Remove exceptional & on function name 2017-04-07 18:24:47 +02:00
nft_quota.c netfilter: nf_tables: prepare nft_object for lookups via hashtable 2019-01-18 15:02:32 +01:00
nft_range.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_redir.c netfilter: nft_redir: add inet support 2019-04-08 23:03:01 +02:00
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2018-09-17 16:11:12 +02:00
nft_reject_inet.c netfilter: nf_tables: validate the expr explicitly after init successfully 2017-03-06 18:22:12 +01:00
nft_rt.c netfilter: nf_tables: add direct calls for all builtin expressions 2019-01-18 15:02:33 +01:00
nft_set_bitmap.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_hash.c netfilter: nft_set_hash: remove nft_hash_key() 2019-02-27 11:08:32 +01:00
nft_set_rbtree.c netfilter: nft_set_rbtree: check for inactive element after flag mismatch 2019-03-18 16:21:09 +01:00
nft_socket.c netfilter: nft_socket: Expose socket mark 2018-07-18 11:26:52 +02:00
nft_tproxy.c netfilter: nft_tproxy: Fix missing-braces warning 2018-08-16 19:37:10 +02:00
nft_tunnel.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
nft_xfrm.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
utils.c netfilter: ipv6: avoid indirect calls for IPV6=y case 2019-02-04 18:21:12 +01:00
x_tables.c netfilter: make two functions static 2019-04-08 23:28:33 +02:00
xt_AUDIT.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_CT.c netfilter: Export nf_ct_{set,destroy}_timeout() 2019-03-28 16:53:29 -07:00
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: fix sysfs callback function type 2019-03-01 14:36:57 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_LOG.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_MASQUERADE.c netfilter: nf_nat_masquerade: unify ipv4/6 notifier registration 2019-04-11 20:59:34 +02:00
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_RATEEST.c netfilter: xt_RATEEST: remove netns exit routine 2018-11-13 09:57:29 +01:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_SECMARK.c netfilter: xtables: avoid BUG_ON 2018-09-17 16:11:12 +02:00
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TCPOPTSTRIP.c
xt_TEE.c netfilter: xt_TEE: add missing code to get interface index in checkentry. 2018-10-11 11:29:14 +02:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c
xt_addrtype.c netfilter: ipv6: avoid indirect calls for IPV6=y case 2019-02-04 18:21:12 +01:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2018-09-17 16:11:03 +02:00
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: connlabels: fix spelling mistake "trackling" -> "tracking" 2019-04-30 14:19:57 +02:00
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c netfilter: xt_connmark: fix list corruption on rmmod 2018-06-12 19:35:52 +02:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_dccp.c
xt_devgroup.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: use struct_size() helper 2019-05-06 01:03:04 +02:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_mac.c
xt_mark.c
xt_multiport.c netfilter: xt_multiport: Fix wrong unmatch result with multiple ports 2016-12-06 21:48:20 +01:00
xt_nat.c netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h 2019-02-27 10:54:08 +01:00
xt_nfacct.c netfilter: nfnetlink_acct: remove useless parameter 2018-03-05 23:15:43 +01:00
xt_osf.c netfilter: xt_osf: simplify xt_osf_match_packet() 2018-10-16 10:01:50 +02:00
xt_owner.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
xt_physdev.c netfilter: physdev: relax br_netfilter dependency 2019-01-18 15:02:33 +01:00
xt_pkttype.c netfilter: pkttype: unnecessary to check ipv6 multicast address 2017-01-18 20:32:43 +01:00
xt_policy.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
xt_quota.c Revert "netfilter: xt_quota: fix the behavior of xt_quota module" 2018-10-19 14:00:34 +02:00
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: Use struct_size() in kvzalloc() 2019-02-12 00:39:39 +01:00
xt_repldata.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_sctp.c sctp: remove the typedef sctp_chunkhdr_t 2017-07-01 09:08:41 -07:00
xt_set.c netfilter: ipset: Limit max timeout value 2018-06-06 14:00:54 +02:00
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c netfilter: x_tables: fix pointer leaks to userspace 2018-01-31 14:59:24 +01:00
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_tcpmss.c
xt_tcpudp.c
xt_time.c netfilter: never get/set skb->tstamp 2019-04-22 10:34:30 +02:00
xt_u32.c