Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 17:41:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
117ca1f892
linux/net/ipv4/netfilter
History
Pablo Neira Ayuso 117ca1f892 netfilter: nft_reject_inet: allow to use reject from inet ingress 
Enhance validation to support for reject from inet ingress chains.

Note that, reject from inet ingress and netdev ingress differ.

Reject packets from inet ingress are sent through ip_local_out() since
inet reject emulates the IP layer receive path. So the reject packet
follows to classic IP output and postrouting paths.

The reject action from netdev ingress assumes the packet not yet entered
the IP layer, so the reject packet is sent through dev_queue_xmit().
Therefore, reject packets from netdev ingress do not follow the classic
IP output and postrouting paths.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-11-01 12:52:17 +01:00
..
arp_tables.c net: remove sockptr_advance 2020-07-28 13:43:40 -07:00
arpt_mangle.c netfilter: ipv4: prefer skb_ensure_writable 2019-05-31 18:02:46 +02:00
arptable_filter.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
ip_tables.c net: remove sockptr_advance 2020-07-28 13:43:40 -07:00
ipt_ah.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ipt_CLUSTERIP.c Replace HTTP links with HTTPS ones: IPv* 2020-07-06 13:23:03 -07:00
ipt_ECN.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
ipt_REJECT.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ipt_rpfilter.c netfilter: Fix rpfilter dropping vrf packets by mistake 2019-07-16 13:16:47 +02:00
ipt_SYNPROXY.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
iptable_filter.c netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. 2020-06-25 00:50:31 +02:00
iptable_mangle.c netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. 2020-06-25 00:50:31 +02:00
iptable_nat.c netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. 2020-06-25 00:50:31 +02:00
iptable_raw.c netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. 2020-06-25 00:50:31 +02:00
iptable_security.c netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c. 2020-06-25 00:50:31 +02:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile netfilter: fix coding-style errors. 2019-09-13 11:39:38 +02:00
nf_defrag_ipv4.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
nf_dup_ipv4.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
nf_flow_table_ipv4.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nf_log_arp.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-14 01:25:14 +02:00
nf_log_ipv4.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-14 01:25:14 +02:00
nf_nat_h323.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_pptp.c netfilter: delete repeated words 2020-08-28 20:11:38 +02:00
nf_nat_snmp_basic_main.c netfilter: ipv4: prefer skb_ensure_writable 2019-05-31 18:02:46 +02:00
nf_nat_snmp_basic.asn1 netfilter: nf_nat_snmp_basic: use asn1 decoder library 2018-01-19 13:59:07 +01:00
nf_reject_ipv4.c netfilter: nft_reject_inet: allow to use reject from inet ingress 2020-11-01 12:52:17 +01:00
nf_socket_ipv4.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
nf_tproxy_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-22 08:59:24 -04:00
nft_dup_ipv4.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_fib_ipv4.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_reject_ipv4.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00