Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-27 02:13:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
18e1db67e9
linux/include/net/netfilter
History
Bernhard Thaler 18e1db67e9 netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n 
230ac490f7 introduced a dependency to CONFIG_IPV6 which breaks bridging
of IPv6 packets on a bridge with CONFIG_IPV6=n.

Sysctl entry /proc/sys/net/bridge/bridge-nf-call-ip6tables defaults to 1,
for this reason packets are handled by br_nf_pre_routing_ipv6(). When compiled
with CONFIG_IPV6=n this function returns NF_DROP but should return NF_ACCEPT
to let packets through.

Change CONFIG_IPV6=n br_nf_pre_routing_ipv6() return value to NF_ACCEPT.

Tested with a simple bridge with two interfaces and IPv6 packets trying
to pass from host on left side to host on right side of the bridge.

Fixes: 230ac490f7 ("netfilter: bridge: split ipv6 code into separated file")
Signed-off-by: Bernhard Thaler <bernhard.thaler@wvnet.at>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-19 21:21:41 +02:00
..
ipv4 netfilter: fix sparse warnings in reject handling 2015-03-10 15:01:32 +01:00
ipv6 netfilter: fix sparse warnings in reject handling 2015-03-10 15:01:32 +01:00
br_netfilter.h netfilter: bridge: fix IPv6 packets not being bridged with CONFIG_IPV6=n 2015-08-19 21:21:41 +02:00
nf_conntrack_acct.h netfilter: introduce nf_conn_acct structure 2013-11-03 21:48:49 +01:00
nf_conntrack_core.h netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_ecache.h netfilter: conntrack: remove timer from ecache extension 2014-06-25 19:15:38 +02:00
nf_conntrack_expect.h
nf_conntrack_extend.h netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len 2014-04-03 23:52:31 +02:00
nf_conntrack_helper.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_l3proto.h netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_l4proto.h netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_labels.h netfilter: nft_ct: labels get support 2014-02-19 11:41:25 +01:00
nf_conntrack_seqadj.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_synproxy.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-01 17:06:14 -04:00
nf_conntrack_timeout.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_timestamp.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_tuple.h
nf_conntrack_zones.h
nf_conntrack.h netfilter: fix netns dependencies with conntrack templates 2015-07-20 14:58:19 +02:00
nf_log.h netfilter: restore rule tracing via nfnetlink_log 2015-03-19 11:14:48 +01:00
nf_nat_core.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_nat_helper.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_nat_l3proto.h netfilter: Pass nf_hook_state through nf_nat_ipv6_{in,out,fn,local_fn}(). 2015-04-04 12:48:08 -04:00
nf_nat_l4proto.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_nat_redirect.h netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
nf_nat.h netfilter: fix compilation of masquerading without IP_NF_TARGET_MASQUERADE 2014-09-11 17:02:45 +02:00
nf_queue.h netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook 2015-06-23 06:23:23 -07:00
nf_tables_bridge.h netfilter: nf_tables_bridge: export nft_reject_ip*hdr_validate functions 2014-11-27 12:58:05 +01:00
nf_tables_core.h netfilter: nf_tables: add support for dynamic set updates 2015-04-08 16:58:27 +02:00
nf_tables_ipv4.h netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nf_tables_ipv6.h netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nf_tables.h netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg() 2015-08-19 21:21:41 +02:00
nfnetlink_log.h
nfnetlink_queue.h
nft_masq.h netfilter: nf_tables: restrict nat/masq expressions to nat chain type 2014-10-13 20:42:00 +02:00
nft_meta.h netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00
nft_redir.h netfilter: nf_tables: add new expression nft_redir 2014-10-27 22:49:39 +01:00
nft_reject.h netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 2014-10-02 18:29:57 +02:00
xt_rateest.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00