korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-13 14:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
c8a2b1f720
linux/net/netfilter
History
Ismael Luceno 740a06078a ipvs: Fix checksumming on GSO of SCTP packets 
[ Upstream commit e10d3ba4d4 ]

It was observed in the wild that pairs of consecutive packets would leave
the IPVS with the same wrong checksum, and the issue only went away when
disabling GSO.

IPVS needs to avoid computing the SCTP checksum when using GSO.

Fixes: 90017accff ("sctp: Add GSO support")
Co-developed-by: Firo Yang <firo.yang@suse.com>
Signed-off-by: Ismael Luceno <iluceno@suse.de>
Tested-by: Andreas Taschner <andreas.taschner@suse.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-05-02 16:17:12 +02:00
..
ipset netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test 2023-12-13 17:42:15 +01:00
ipvs ipvs: Fix checksumming on GSO of SCTP packets 2024-05-02 16:17:12 +02:00
core.c Remove DECnet support from kernel 2023-06-21 15:39:57 +02:00
Kconfig netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y 2022-09-05 10:26:34 +02:00
Makefile netfilter: nf_tables: add tunnel support 2018-08-03 21:12:12 +02:00
nf_conncount.c netfilter: nf_conncount: fix argument order to find_next_bit 2019-01-22 21:40:29 +01:00
nf_conntrack_acct.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_amanda.c netfilter: use nf_conntrack_helpers_register when possible 2017-06-19 19:13:21 +02:00
nf_conntrack_broadcast.c netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_conntrack_core.c netfilter: conntrack: collect all entries in one cycle 2021-09-03 09:58:00 +02:00
nf_conntrack_ecache.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_conntrack_expect.c netfilter: use kvmalloc_array to allocate memory for hashtable 2018-08-03 18:37:55 +02:00
nf_conntrack_extend.c netfilter: conntrack: include kmemleak.h for kmemleak_not_leak() 2018-04-17 10:59:43 +02:00
nf_conntrack_ftp.c treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Add protection for bmp length out of range 2024-03-15 10:48:14 -04:00
nf_conntrack_h323_main.c netfilter: move route indirection to struct nf_ipv6_ops 2018-01-08 18:01:26 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-08-11 11:45:17 +02:00
nf_conntrack_irc.c netfilter: nf_conntrack_irc: Tighten matching on DCC message 2022-09-28 11:02:55 +02:00
nf_conntrack_labels.c netfilter: conntrack: mark extension structs as const 2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_netlink.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nf_conntrack_pptp.c netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build 2020-06-03 08:19:49 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp, sctp: handle null timeout argument 2020-01-14 20:07:08 +01:00
nf_conntrack_proto_generic.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_gre.c netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too 2019-04-17 08:38:46 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_sctp.c netfilter: set default timeout to 3 secs for sctp shutdown send and recv state 2023-08-30 16:31:50 +02:00
nf_conntrack_proto_tcp.c netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state 2023-02-06 07:49:40 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-05-16 19:41:24 +02:00
nf_conntrack_sane.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_seqadj.c netfilter: seqadj: re-load tcp header pointer after possible head reallocation 2019-01-13 09:50:57 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-08-11 11:45:07 +02:00
nf_conntrack_snmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-03-30 11:41:18 -04:00
nf_conntrack_standalone.c netfilter: conntrack: Make global sysctls readonly in non-init netns 2021-05-22 10:59:47 +02:00
nf_conntrack_tftp.c netfilter: add __exit mark to helper modules 2018-04-24 10:29:14 +02:00
nf_conntrack_timeout.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
nf_conntrack_timestamp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_dup_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-30 10:38:24 +01:00
nf_flow_table_core.c netfilter: flowtable: fix tcp and udp header checksum update 2021-02-23 15:00:57 +01:00
nf_flow_table_inet.c netfilter: nf_flow_table: move init code to nf_flow_table_core.c 2018-04-24 10:28:45 +02:00
nf_flow_table_ip.c netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} 2020-04-02 15:28:19 +02:00
nf_internals.h netfilter: core: export raw versions of add/delete hook functions 2018-05-23 09:14:05 +02:00
nf_log_common.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-29 09:55:15 +01:00
nf_log_netdev.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
nf_log.c netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger 2024-02-23 08:12:52 +01:00
nf_nat_amanda.c netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean 2017-04-06 22:01:38 +02:00
nf_nat_core.c netfilter: nf_nat: Fix memleak in nf_nat_init 2021-01-19 18:22:38 +01:00
nf_nat_ftp.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_helper.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_irc.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
nf_nat_proto_common.c netfilter: nat: limit port clash resolution attempts 2022-02-08 18:23:11 +01:00
nf_nat_proto_dccp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_sctp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_tcp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_udp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_unknown.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_redirect.c netfilter: nat: merge nf_nat_redirect into nf_nat 2018-05-29 00:25:40 +02:00
nf_nat_sip.c netfilter: nf_nat_sip: fix RTP/RTCP source port translations 2019-12-05 09:20:31 +01:00
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: fix socket leak 2023-08-30 16:31:56 +02:00
nf_sockopt.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_synproxy_core.c netfilter: synproxy: Fix out of bounds when parsing TCP options 2021-06-30 08:48:17 -04:00
nf_tables_api.c netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() 2024-05-02 16:17:09 +02:00
nf_tables_core.c netfilter: nf_tables: initialize registers in nft_do_chain() 2022-03-28 08:41:44 +02:00
nf_tables_set_core.c netfilter: nf_tables: place all set backends in one single module 2018-07-06 19:31:53 +02:00
nf_tables_trace.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_acct.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_cthelper.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_cttimeout.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: silence bogus compiler warning 2023-11-08 11:22:20 +01:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-23 10:48:14 +02:00
nfnetlink_queue.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-21 15:39:58 +02:00
nft_bitwise.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2024-02-23 08:12:58 +01:00
nft_chain_filter.c netfilter: nf_tables: use net_generic infra for transaction data 2023-08-11 11:45:16 +02:00
nft_cmp.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_compat.c netfilter: nft_compat: restrict match/target protocol to u16 2024-02-23 08:12:54 +01:00
nft_connlimit.c netfilter: nft_connlimit: disable bh on garbage collection 2019-10-29 09:19:34 +01:00
nft_counter.c netfilter: nf_tables: add destroy_clone expression 2018-06-03 00:02:11 +02:00
nft_ct.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_dup_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_dynset.c netfilter: nft_dynset: disallow object maps 2023-08-30 16:31:48 +02:00
nft_exthdr.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_fib_inet.c
nft_fib_netdev.c netfilter: nf_tables: add fib expression to the netdev family 2017-07-31 19:01:40 +02:00
nft_fib.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_flow_offload.c netfilter: nft_flow_offload: fix underflow in flowtable reference counter 2023-09-23 10:47:59 +02:00
nft_fwd_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_hash.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_immediate.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_limit.c netfilter: nft_limit: avoid possible divide error in nft_limit_init 2021-04-28 13:16:50 +02:00
nft_log.c netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it 2018-06-07 16:14:00 -04:00
nft_lookup.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_masq.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_meta.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_nat.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_numgen.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-08-16 18:13:01 +02:00
nft_osf.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_payload.c netfilter: nft_payload: fix wrong mac header matching 2023-10-25 11:16:43 +02:00
nft_queue.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_quota.c netfilter: nf_tables: add select_ops for stateful objects 2017-09-04 13:25:09 +02:00
nft_range.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_redir.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_reject_inet.c
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2019-11-20 18:46:50 +01:00
nft_rt.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_set_bitmap.c netfilter: nft_set: fix allocation size overflow in privsize callback. 2018-08-16 19:36:59 +02:00
nft_set_hash.c netfilter: nft_dynset: restore set element counter when failing to update 2022-07-07 17:35:10 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: .deactivate fails if element has expired 2023-10-25 11:16:49 +02:00
nft_socket.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_tproxy.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_tunnel.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
utils.c netfilter: utils: move nf_ip6_checksum* from ipv6 to utils 2018-07-16 17:51:48 +02:00
x_tables.c netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:49:31 +02:00
xt_addrtype.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_AUDIT.c audit: eliminate audit_enabled magic number comparison 2018-06-19 10:43:55 -04:00
xt_bpf.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2019-04-20 09:16:00 +02:00
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c
xt_connbytes.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlabel.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c netfilter: xt_connmark: fix list corruption on rmmod 2018-06-12 19:35:52 +02:00
xt_CONNSECMARK.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_conntrack.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_cpu.c
xt_CT.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_DSCP.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_ecn.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: limit the max size of hashtable 2020-02-28 16:39:00 +01:00
xt_helper.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_hl.c
xt_HL.c netfilter: x_tables: remove pr_info where possible 2018-02-14 21:05:33 +01:00
xt_HMARK.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: add sysfs filename checking routine 2018-11-27 16:13:03 +01:00
xt_ipcomp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_iprange.c
xt_ipvs.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_l2tp.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2018-02-14 21:05:39 +01:00
xt_length.c
xt_limit.c netfilter: xt_limit: Spelling s/maxmum/maximum/ 2018-03-05 23:15:50 +01:00
xt_LOG.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix DNAT target for shifted portmap ranges 2018-11-13 11:08:20 -08:00
xt_NETMAP.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_nfacct.c netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info 2019-09-21 07:16:55 +02:00
xt_NFLOG.c netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: use pr ratelimiting 2018-02-14 21:05:35 +01:00
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-28 10:15:30 +02:00
xt_owner.c netfilter: xt_owner: Fix for unsafe access of sk->sk_socket 2023-12-13 17:42:17 +01:00
xt_physdev.c netfilter: xt_physdev: Fix spurious error message in physdev_mt_check 2019-09-21 07:17:01 +02:00
xt_pkttype.c
xt_policy.c netfilter: x_tables: use pr ratelimiting in matches/targets 2018-02-14 21:05:37 +01:00
xt_quota.c
xt_rateest.c netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00
xt_RATEEST.c netfilter: xt_RATEEST: reject non-null terminated string from userspace 2021-01-12 20:10:24 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-20 10:29:21 +01:00
xt_REDIRECT.c netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
xt_repldata.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-09-23 10:48:09 +02:00
xt_SECMARK.c netfilter: xt_SECMARK: add new revision to fix structure layout 2021-05-22 10:59:43 +02:00
xt_set.c netfilter: ipset: Limit max timeout value 2018-06-06 14:00:54 +02:00
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_statistic.c netfilter: x_tables: fix pointer leaks to userspace 2018-01-31 14:59:24 +01:00
xt_string.c netfilter: ebtables: Add string filter 2018-03-30 11:04:12 +02:00
xt_tcpmss.c
xt_TCPMSS.c netfilter: x_tables: use pr ratelimiting in all remaining spots 2018-02-14 21:05:38 +01:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c netfilter: xt_TEE: add missing code to get interface index in checkentry. 2019-03-13 14:02:40 -07:00
xt_time.c netfilter: Replace printk() with pr_*() and define pr_fmt() 2018-03-20 13:44:14 +01:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c
xt_u32.c netfilter: xt_u32: validate user space input 2023-09-23 10:48:09 +02:00