linux/net/ipv6
Pablo Neira Ayuso 7210e4e38f netfilter: nf_tables: restrict nat/masq expressions to nat chain type
This adds the missing validation code to avoid the use of nat/masq from
non-nat chains. The validation assumes two possible configuration
scenarios:

1) Use of nat from base chain that is not of nat type. Reject this
   configuration from the nft_*_init() path of the expression.

2) Use of nat from non-base chain. In this case, we have to wait until
   the non-base chain is referenced by at least one base chain via
   jump/goto. This is resolved from the nft_*_validate() path which is
   called from nf_tables_check_loops().

The user gets an -EOPNOTSUPP in both cases.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-10-13 20:42:00 +02:00
..
netfilter netfilter: nf_tables: restrict nat/masq expressions to nat chain type 2014-10-13 20:42:00 +02:00
addrconf_core.c ipv6: remove rt6i_genid 2014-09-30 14:00:48 -04:00
addrconf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-10-02 11:25:43 -07:00
addrlabel.c list: fix order of arguments for hlist_add_after(_rcu) 2014-08-06 18:01:24 -07:00
af_inet6.c ipv6: make fib6 serial number per namespace 2014-10-07 00:02:30 -04:00
ah6.c ipsec: Remove obsolete MAX_AH_AUTH_LEN 2014-09-18 10:54:36 +02:00
anycast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-09-23 12:09:27 -04:00
datagram.c sock: deduplicate errqueue dequeue 2014-09-01 21:49:08 -07:00
esp6.c ipv6: White-space cleansing : Structure layouts 2014-08-24 22:37:52 -07:00
exthdrs_core.c ipv6: ipv6_find_hdr restore prev functionality 2014-02-27 18:27:26 -05:00
exthdrs_offload.c ipv6: Fix exthdrs offload registration. 2014-03-06 16:35:55 -05:00
exthdrs.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
fib6_rules.c ipv6: move IPV6_TCLASS_SHIFT into ipv6.h and define a helper 2014-01-15 15:53:18 -08:00
icmp.c ipv6: Do not warn for informational ICMP messages, regardless of type. 2014-10-07 16:33:53 -04:00
inet6_connection_sock.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
inet6_hashtables.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
ip6_checksum.c udp: Generic functions to set checksum 2014-06-04 22:46:38 -07:00
ip6_fib.c ipv6: don't walk node's leaf during serial number update 2014-10-07 00:02:30 -04:00
ip6_flowlabel.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-10-08 16:22:22 -04:00
ip6_icmp.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
ip6_input.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
ip6_offload.c net: Remove gso_send_check as an offload callback 2014-09-26 00:22:47 -04:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-09-23 12:09:27 -04:00
ip6_tunnel.c net: better IFF_XMIT_DST_RELEASE support 2014-10-07 13:22:11 -04:00
ip6_udp_tunnel.c udp: Need to make ip6_udp_tunnel.c have GPL license 2014-09-22 15:08:25 -04:00
ip6_vti.c net: better IFF_XMIT_DST_RELEASE support 2014-10-07 13:22:11 -04:00
ip6mr.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
ipcomp6.c ipv6: White-space cleansing : Structure layouts 2014-08-24 22:37:52 -07:00
ipv6_sockglue.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
Kconfig ip6_vti: Fix build when NET_IP_TUNNEL is not set. 2014-02-20 14:29:49 +01:00
Makefile udp_tunnel: Only build ip6_udp_tunnel.c when IPV6 is selected 2014-09-19 22:05:28 -04:00
mcast.c ipv6: mld: answer mldv2 queries with mldv1 reports in mldv1 fallback 2014-09-22 16:23:15 -04:00
mip6.c ipv6: White-space cleansing : Structure layouts 2014-08-24 22:37:52 -07:00
ndisc.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
netfilter.c netfilter: Fix potential use after free in ip6_route_me_harder() 2014-05-09 02:36:39 +02:00
output_core.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
ping.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
proc.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
protocol.c net: Export inet_offloads and inet6_offloads 2014-09-19 17:15:31 -04:00
raw.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
reassembly.c ipv6: White-space cleansing : Structure layouts 2014-08-24 22:37:52 -07:00
route.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-10-02 11:25:43 -07:00
sit.c net: better IFF_XMIT_DST_RELEASE support 2014-10-07 13:22:11 -04:00
syncookies.c ipv6: add a struct inet6_skb_parm param to ipv6_opt_accepted() 2014-09-28 16:35:43 -04:00
sysctl_net_ipv6.c ipv6: add sysctl_mld_qrv to configure query robustness variable 2014-09-04 22:26:14 -07:00
tcp_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2014-10-08 21:40:54 -04:00
tcpv6_offload.c net: Remove gso_send_check as an offload callback 2014-09-26 00:22:47 -04:00
tunnel6.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c fou: eliminate IPv4,v6 specific GRO functions 2014-10-03 16:53:32 -07:00
udp.c udp: Add support for doing checksum unnecessary conversion 2014-09-01 21:36:28 -07:00
udplite.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
xfrm6_input.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Remove xfrm_tunnel_notifier 2014-03-14 07:28:08 +01:00
xfrm6_output.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
xfrm6_policy.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
xfrm6_protocol.c xfrm6: Properly handle unsupported protocols 2014-05-06 07:08:38 +02:00
xfrm6_state.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
xfrm6_tunnel.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00