2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-15 08:44:14 +08:00
linux-next/net/ipv4
Julian Anastasov ed6e4ef836 netfilter: Fix ip_route_me_harder triggering ip_rt_bug
Avoid creating input routes with ip_route_me_harder.
It does not work for locally generated packets. Instead,
restrict sockets to provide valid saddr for output route (or
unicast saddr for transparent proxy). For other traffic
allow saddr to be unicast or local but if callers forget
to check saddr type use 0 for the output route.

	The resulting handling should be:

- REJECT TCP:
	- in INPUT we can provide addr_type = RTN_LOCAL but
	better allow rejecting traffic delivered with
	local route (no IP address => use RTN_UNSPEC to
	allow also RTN_UNICAST).
	- FORWARD: RTN_UNSPEC => allow RTN_LOCAL/RTN_UNICAST
	saddr, add fix to ignore RTN_BROADCAST and RTN_MULTICAST
	- OUTPUT: RTN_UNSPEC

- NAT, mangle, ip_queue, nf_ip_reroute: RTN_UNSPEC in LOCAL_OUT

- IPVS:
	- use RTN_LOCAL in LOCAL_OUT and FORWARD after SNAT
	to restrict saddr to be local

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-06-29 05:47:32 -07:00
..
netfilter netfilter: Fix ip_route_me_harder triggering ip_rt_bug 2011-06-29 05:47:32 -07:00
af_inet.c net: rfs: enable RFS before first data packet is received 2011-06-17 15:27:31 -04:00
ah4.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
arp.c net: gre: provide multicast mappings for ipv4 and ipv6 2011-03-30 00:10:47 -07:00
cipso_ipv4.c inet: add RCU protection to inet->opt 2011-04-28 13:16:35 -07:00
datagram.c ipv4: Lock socket and use cork flow in ip4_datagram_connect(). 2011-05-08 13:48:57 -07:00
devinet.c net: fix two lockdep splats 2011-05-10 15:03:01 -07:00
esp4.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
fib_frontend.c Disable rp_filter for IPsec packets 2011-04-10 18:50:59 -07:00
fib_lookup.h ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
fib_rules.c ipv4: Use flowi4 in FIB layer. 2011-03-12 15:08:49 -08:00
fib_semantics.c net,rcu: convert call_rcu(fc_rport_free_rcu) to kfree_rcu() 2011-05-07 22:50:55 -07:00
fib_trie.c Add appropriate <linux/prefetch.h> include for prefetch users 2011-05-22 21:41:57 -07:00
gre.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
icmp.c ipv4: Pass explicit destination address to rt_bind_peer(). 2011-05-18 18:42:43 -04:00
igmp.c igmp: call ip_mc_clear_src() only when we have no users of ip_mc_list 2011-05-24 13:26:12 -04:00
inet_connection_sock.c seqlock: Get rid of SEQLOCK_UNLOCKED 2011-05-24 15:22:17 +02:00
inet_diag.c inet_diag: fix inet_diag_bc_audit() 2011-06-17 16:25:39 -04:00
inet_fragment.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_hashtables.c inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners 2010-11-28 18:18:44 -08:00
inet_lro.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
inet_timewait_sock.c tcp: fix inet_twsk_deschedule() 2011-02-19 18:59:04 -08:00
inetpeer.c inetpeer: fix race in unused_list manipulations 2011-05-27 13:39:11 -04:00
ip_forward.c ipv4: Fix 'iph' use before set. 2011-05-12 23:03:46 -04:00
ip_fragment.c ipv4: Don't use enums as bitmasks in ip_fragment.c 2011-05-17 17:28:02 -04:00
ip_gre.c net: call dev_alloc_name from register_netdevice 2011-05-05 10:57:45 -07:00
ip_input.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ip_options.c ip_options_compile: properly handle unaligned pointer 2011-05-31 15:11:02 -07:00
ip_output.c ipv4: Fix IPsec slowpath fragmentation problem 2011-06-27 20:34:26 -07:00
ip_sockglue.c inet: add RCU protection to inet->opt 2011-04-28 13:16:35 -07:00
ipcomp.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ipconfig.c ipconfig wait for carrier 2011-05-19 17:13:04 -04:00
ipip.c net: call dev_alloc_name from register_netdevice 2011-05-05 10:57:45 -07:00
ipmr.c ipv4: Pass explicit saddr/daddr args to ipmr_get_route(). 2011-05-04 12:18:54 -07:00
Kconfig ipv4: Remove fib_hash. 2011-02-01 15:35:25 -08:00
Makefile net: ipv4: add IPPROTO_ICMP socket kind 2011-05-13 16:08:13 -04:00
netfilter.c netfilter: Fix ip_route_me_harder triggering ip_rt_bug 2011-06-29 05:47:32 -07:00
ping.c ipv4, ping: Remove duplicate icmp.h include 2011-06-20 13:04:38 -07:00
proc.c tcp: Replace time wait bucket msg by counter 2010-12-08 12:16:33 -08:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
route.c ipv4: fix multicast losses 2011-06-18 11:59:18 -07:00
syncookies.c inet: add RCU protection to inet->opt 2011-04-28 13:16:35 -07:00
sysctl_net_ipv4.c net: ping: fix build failure 2011-05-17 14:16:58 -04:00
tcp_bic.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_cong.c net/ipv4: Eliminate kstrdup memory leak 2010-08-27 19:31:56 -07:00
tcp_cubic.c tcp_cubic: limit delayed_ack ratio to prevent divide error 2011-05-08 15:51:57 -07:00
tcp_diag.c tcp: diag: Dont report negative values for rx queue 2009-12-03 16:06:13 -08:00
tcp_highspeed.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_htcp.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_hybla.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_illinois.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_input.c tcp: Make undo_ssthresh arg to tcp_undo_cwr() a bool. 2011-03-22 19:37:11 -07:00
tcp_ipv4.c net: rfs: enable RFS before first data packet is received 2011-06-17 15:27:31 -04:00
tcp_lp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp_minisocks.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
tcp_output.c inet: Pass flowi to ->queue_xmit(). 2011-05-08 15:28:28 -07:00
tcp_probe.c net: ipv4: tcp_probe: cleanup snprintf() use 2010-11-17 12:27:46 -08:00
tcp_scalable.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_timer.c tcp: Remove debug macro of TCP_CHECK_TIMER 2011-02-20 11:10:14 -08:00
tcp_vegas.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_westwood.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_yeah.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp.c net: Allow no-cache copy from user on transmit 2011-04-04 22:30:30 -07:00
tunnel4.c tunnels: add __rcu annotations 2010-10-27 11:37:32 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet 2011-06-21 22:34:27 -07:00
udplite.c net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
xfrm4_input.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
xfrm4_mode_beet.c ipsec: Interfamily IPSec BEET 2008-08-06 02:39:30 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
xfrm4_output.c xfrm: Assign the inner mode output function to the dst entry 2011-05-10 15:03:34 -07:00
xfrm4_policy.c ipv4: xfrm: Eliminate ->rt_src reference in policy code. 2011-05-10 13:32:48 -07:00
xfrm4_state.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-3.6 2011-05-11 14:26:58 -04:00
xfrm4_tunnel.c net: struct xfrm_tunnel in read_mostly section 2010-08-30 13:50:45 -07:00