2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-24 13:13:57 +08:00
linux-next/net
Pablo Neira Ayuso 590b52e10d netfilter: conntrack: skip clash resolution if nat is in place
The clash resolution is not easy to apply if the NAT table is
registered. Even if no NAT rules are installed, the nul-binding ensures
that a unique tuple is used, thus, the packet that loses race gets a
different source port number, as described by:

http://marc.info/?l=netfilter-devel&m=146818011604484&w=2

Clash resolution with NAT is also problematic if addresses/port range
ports are used since the conntrack that wins race may describe a
different mangling that we may have earlier applied to the packet via
nf_nat_setup_info().

Fixes: 71d8c47fc6 ("netfilter: conntrack: introduce clash resolution on insertion race")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
2016-07-12 16:28:41 +02:00
..
6lowpan 6lowpan: move mac802154 header 2016-04-13 10:41:10 +02:00
9p remove lots of IS_ERR_VALUE abuses 2016-05-27 15:26:11 -07:00
802
8021q vlan: Propagate MAC address to VLANs 2016-05-31 11:56:48 -07:00
appletalk appletalk: fix erroneous return value 2016-02-18 14:59:34 -05:00
atm net/atm: sk_err_soft must be positive 2016-05-23 13:51:10 -07:00
ax25 AX.25: Close socket connection on session completion 2016-06-18 20:55:34 -07:00
batman-adv batman-adv: initialize ELP orig address on secondary interfaces 2016-05-18 11:49:44 +08:00
bluetooth Bluetooth: fix power_on vs close race 2016-05-13 16:50:23 +02:00
bridge bridge: Fix incorrect re-injection of STP packets 2016-06-10 22:41:58 -07:00
caif net: caif: fix misleading indentation 2016-03-14 13:09:50 -04:00
can sock: enable timestamping using control messages 2016-04-04 15:50:30 -04:00
ceph libceph: use %s instead of %pE in dout()s 2016-05-30 23:00:23 +02:00
core bpf: fix matching of data/data_end in verifier 2016-06-15 23:37:54 -07:00
dcb
dccp dccp: do not assume DCCP code is non preemptible 2016-05-02 17:02:25 -04:00
decnet decnet: Do not build routes to devices without decnet private data. 2016-04-10 23:01:30 -04:00
dns_resolver KEYS: Add a facility to restrict new links into a keyring 2016-04-11 22:37:37 +01:00
dsa dsa: Rename switch chip data to cd 2016-05-11 19:36:28 -04:00
ethernet eth: Pull header from first fragment via eth_get_headlen 2016-02-24 13:58:05 -05:00
hsr net/hsr: Use setup_timer and mod_timer. 2016-05-16 14:00:43 -04:00
ieee802154 ieee802154: fix logic error in ieee802154_llsec_parse_dev_addr 2016-05-29 22:36:25 -07:00
ipv4 gre: fix error handler 2016-06-15 22:15:21 -07:00
ipv6 sit: correct IP protocol used in ipip6_err 2016-06-16 17:10:30 -07:00
ipx
irda TTY and Serial driver update for 4.7-rc1 2016-05-20 20:57:27 -07:00
iucv
kcm kcm: fix /proc memory leak 2016-06-22 16:32:23 -04:00
key
l2tp l2tp: fix configuration passed to setup_udp_tunnel_sock() 2016-06-08 11:11:53 -07:00
l3mdev net: l3mdev: Allow send on enslaved interface 2016-05-09 22:33:52 -04:00
lapb net/lapb: tuse %*ph to dump buffers 2016-05-29 22:33:25 -07:00
llc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
mac80211 mac80211: fix fast_tx header alignment 2016-05-31 12:14:04 +02:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mpls gso: Remove arbitrary checks for unsupported GSO 2016-05-20 18:03:15 -04:00
netfilter netfilter: conntrack: skip clash resolution if nat is in place 2016-07-12 16:28:41 +02:00
netlabel netlabel: fix a problem with netlbl_secattr_catmap_setrng() 2016-04-05 16:10:47 -04:00
netlink netlink: Fix dump skb leak/double free 2016-05-16 22:05:15 -04:00
netrom
nfc nfc: nci: Add nci_nfcc_loopback to the nci core 2016-05-04 01:48:16 +02:00
openvswitch openvswitch: update checksum in {push,pop}_mpls 2016-05-31 13:51:42 -07:00
packet packet: compat support for sock_fprog 2016-06-09 23:41:03 -07:00
phonet sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
qrtr Merge tag 'qcom-soc-for-4.7-2' into net-next 2016-05-17 14:11:19 -04:00
rds net: rds: fix coding style issues 2016-06-18 21:34:09 -07:00
rfkill rfkill: Use switch to demux userspace operations 2016-04-05 10:48:53 +02:00
rose
rxrpc rxrpc: fix ptr_ret.cocci warnings 2016-06-07 15:30:21 -07:00
sched htb: call qdisc_root with rcu read lock held 2016-06-15 14:42:46 -07:00
sctp net: diag: add missing declarations 2016-06-10 23:22:55 -07:00
sunrpc NFS client updates for Linux 4.7 2016-05-26 10:33:33 -07:00
switchdev switchdev: pass pointer to fib_info instead of copy 2016-05-17 13:58:49 -04:00
tipc tipc: unclone unbundled buffers before forwarding 2016-06-22 16:33:35 -04:00
unix constify security_path_{mkdir,mknod,symlink} 2016-03-28 00:47:27 -04:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
wimax
wireless wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel 2016-06-09 09:56:11 +02:00
x25 net: fix a kernel infoleak in x25 module 2016-05-09 22:45:33 -04:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
compat.c packet: compat support for sock_fprog 2016-06-09 23:41:03 -07:00
Kconfig bpf: add generic constant blinding for use in jits 2016-05-16 13:49:32 -04:00
Makefile net: Add Qualcomm IPC router 2016-05-08 23:46:14 -04:00
socket.c fs: poll/select/recvmmsg: use timespec64 for timeout events 2016-05-19 19:12:14 -07:00
sysctl_net.c