Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
kernel-fxtec-pro1x/net/ipv4/netfilter
History
Patrick McHardy ee68cea2c2 [NETFILTER]: Fix xfrm lookup after SNAT 
To find out if a packet needs to be handled by IPsec after SNAT, packets
are currently rerouted in POST_ROUTING and a new xfrm lookup is done. This
breaks SNAT of non-unicast packets to non-local addresses because the
packet is routed as incoming packet and no neighbour entry is bound to the
dst_entry. In general, it seems to be a bad idea to replace the dst_entry
after the packet was already sent to the output routine because its state
might not match what's expected.

This patch changes the xfrm lookup in POST_ROUTING to re-use the original
dst_entry without routing the packet again. This means no policy routing
can be used for transport mode transforms (which keep the original route)
when packets are SNATed to match the policy, but it looks like the best
we can do for now.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15 01:34:23 -08:00
..
arp_tables.c [NETFILTER]: Fix possible overflow in netfilters do_replace() 2006-02-04 23:51:25 -08:00
arpt_mangle.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
arptable_filter.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip_conntrack_amanda.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_core.c [NETFILTER]: Fix ip_conntrack_flush abuse in ctnetlink 2005-12-05 13:33:50 -08:00
ip_conntrack_ftp.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_helper_pptp.c [NETFILTER]: ip_ct_proto_gre_fini() cannot be __exit 2006-01-11 16:32:12 -08:00
ip_conntrack_irc.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_netbios_ns.c [NETFILTER]: Fix module_param types and permissions 2006-01-05 12:19:46 -08:00
ip_conntrack_netlink.c [NETFILTER]: ctnetlink: add MODULE_ALIAS for expectation subsystem 2006-02-04 23:51:16 -08:00
ip_conntrack_proto_generic.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
ip_conntrack_proto_gre.c [NETFILTER]: ip_conntrack_proto_gre.c needs linux/interrupt.h 2006-01-17 02:42:02 -08:00
ip_conntrack_proto_icmp.c netfilter: headers included twice 2006-01-11 02:04:35 +01:00
ip_conntrack_proto_sctp.c [NETFILTER]: Fix timeout sysctls on big-endian 64bit architectures 2006-01-10 12:54:35 -08:00
ip_conntrack_proto_tcp.c netfilter: headers included twice 2006-01-11 02:04:35 +01:00
ip_conntrack_proto_udp.c netfilter: headers included twice 2006-01-11 02:04:35 +01:00
ip_conntrack_standalone.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip_conntrack_tftp.c [NETFILTER]: Fix missing src port initialization in tftp expectation mask 2006-02-04 23:51:21 -08:00
ip_nat_amanda.c [NETFILTER]: ip_conntrack_expect_related must not free expectation 2005-07-21 13:14:46 -07:00
ip_nat_core.c [NETFILTER] ipv4: small cleanups 2005-11-29 16:28:18 -08:00
ip_nat_ftp.c kbuild: un-stringnify KBUILD_MODNAME 2006-01-06 21:17:50 +01:00
ip_nat_helper.c [NETFILTER]: Fix invalid module autoloading by splitting iptable_nat 2005-09-26 15:25:11 -07:00
ip_nat_helper_pptp.c [NETFILTER]: Fix return value confusion in PPTP NAT helper 2006-01-10 12:54:33 -08:00
ip_nat_irc.c kbuild: un-stringnify KBUILD_MODNAME 2006-01-06 21:17:50 +01:00
ip_nat_proto_gre.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_icmp.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_tcp.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_udp.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_proto_unknown.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_rule.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ip_nat_snmp_basic.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
ip_nat_standalone.c [NETFILTER]: Fix xfrm lookup after SNAT 2006-02-15 01:34:23 -08:00
ip_nat_tftp.c [NETFILTER]: ip_nat_tftp: Fix expectation NAT 2005-12-12 15:02:48 -08:00
ip_queue.c [NET]: Fix packet timestamping. 2005-10-03 13:57:23 -07:00
ip_tables.c [NETFILTER]: Fix possible overflow in netfilters do_replace() 2006-02-04 23:51:25 -08:00
ipt_addrtype.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ah.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_CLUSTERIP.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_DSCP.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_dscp.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ECN.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ecn.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_esp.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_hashlimit.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_iprange.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_LOG.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_MASQUERADE.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_multiport.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_NETMAP.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_owner.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_policy.c [NETFILTER]: Prepare {ipt,ip6t}_policy match for x_tables unification 2006-02-04 23:51:28 -08:00
ipt_recent.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_REDIRECT.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_REJECT.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_SAME.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_TCPMSS.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_tos.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_TOS.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_TTL.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ttl.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_ULOG.c [NETFILTER]: Fix undersized skb allocation in ipt_ULOG/ebt_ulog/nfnetlink_log 2006-02-04 23:51:19 -08:00
iptable_filter.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
iptable_mangle.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
iptable_raw.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
Kconfig [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
Makefile [NETFILTER] Makefile cleanup 2006-01-17 02:38:56 -08:00
nf_conntrack_l3proto_ipv4.c [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
nf_conntrack_proto_icmp.c [NETFILTER]: Add ctnetlink port for nf_conntrack 2006-01-05 12:19:05 -08:00