linux/net/ipv6
Jiri Pirko 6aafeef03b netfilter: push reasm skb through instead of original frag skbs
Pushing original fragments through causes several problems. For example
for matching, frags may not be matched correctly. Take following
example:

<example>
On HOSTA do:
ip6tables -I INPUT -p icmpv6 -j DROP
ip6tables -I INPUT -p icmpv6 -m icmp6 --icmpv6-type 128 -j ACCEPT

and on HOSTB you do:
ping6 HOSTA -s2000    (MTU is 1500)

Incoming echo requests will be filtered out on HOSTA. This issue does
not occur with smaller packets than MTU (where fragmentation does not happen)
</example>

As was discussed previously, the only correct solution seems to be to use
reassembled skb instead of separete frags. Doing this has positive side
effects in reducing sk_buff by one pointer (nfct_reasm) and also the reams
dances in ipvs and conntrack can be removed.

Future plan is to remove net/ipv6/netfilter/nf_conntrack_reasm.c
entirely and use code in net/ipv6/reassembly.c instead.

Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-11-11 00:19:35 -05:00
..
netfilter netfilter: push reasm skb through instead of original frag skbs 2013-11-11 00:19:35 -05:00
addrconf_core.c ipv6: move in6_dev_finish_destroy() into core kernel 2013-08-31 22:30:00 -04:00
addrconf.c ipv6: Remove privacy config option. 2013-10-28 20:07:50 -04:00
addrlabel.c ipv6: fix null pointer dereference in __ip6addrlbl_add 2013-09-04 14:14:53 -04:00
af_inet6.c tcp_memcontrol: Remove the per netns control. 2013-10-21 18:43:02 -04:00
ah6.c ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH 2013-09-16 09:45:32 +02:00
anycast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
datagram.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
esp6.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2013-11-02 02:13:48 -04:00
exthdrs_core.c ipv6: Correct comparisons and calculations using skb->tail and skb-transport_header 2013-05-28 23:49:07 -07:00
exthdrs_offload.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
exthdrs.c ipv6/exthdrs: accept tlv which includes only padding 2013-09-11 15:52:27 -04:00
fib6_rules.c fib6_rules: fix indentation 2013-09-11 16:16:29 -04:00
icmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-05 14:58:52 -04:00
inet6_connection_sock.c inet: rename ir_loc_port to ir_num 2013-10-10 14:37:35 -04:00
inet6_hashtables.c inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once 2013-10-19 19:45:35 -04:00
ip6_checksum.c ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
ip6_fib.c ipv6: compare sernum when walking fib for /proc/net/ipv6_route as safety net 2013-09-27 17:32:17 -04:00
ip6_flowlabel.c ipv6: protect flow label renew against GC 2013-11-08 13:44:15 -05:00
ip6_gre.c ipv6: Initialize ip6_tnl.hlen in gre tunnel even if no route is found 2013-10-11 17:50:59 -04:00
ip6_icmp.c ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
ip6_input.c net: add SNMP counters tracking incoming ECN bits 2013-08-08 22:24:59 -07:00
ip6_offload.c ipv6: sit: add GSO/TSO support 2013-10-21 18:49:39 -04:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ip6_output: fragment outgoing reassembled skb properly 2013-11-11 00:19:35 -05:00
ip6_tunnel.c ipv6: Allow the MTU of ipip6 tunnel to be set below 1280 2013-10-07 12:32:26 -04:00
ip6_vti.c ipv6: Add support for IPsec virtual tunnel interfaces 2013-10-10 12:00:01 +02:00
ip6mr.c tunnels: harmonize cleanup done on skb on rx path 2013-09-04 00:27:26 -04:00
ipcomp6.c ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH 2013-09-16 09:45:32 +02:00
ipv6_sockglue.c ipv6: enable IPV6_FLOWLABEL_MGR for getsockopt 2013-11-08 13:42:57 -05:00
Kconfig ipv6: Remove privacy config option. 2013-10-28 20:07:50 -04:00
Makefile ipv6: Add support for IPsec virtual tunnel interfaces 2013-10-10 12:00:01 +02:00
mcast.c ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put 2013-09-30 22:28:58 -07:00
mip6.c ipv6: Correct comparisons and calculations using skb->tail and skb-transport_header 2013-05-28 23:49:07 -07:00
ndisc.c ipv6: don't call fib6_run_gc() until routing is ready 2013-09-11 17:04:09 -04:00
netfilter.c netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6 2013-05-23 11:58:55 +02:00
output_core.c ipv6: move ip6_local_out into core kernel 2013-08-31 22:30:00 -04:00
ping.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
proc.c net: add SNMP counters tracking incoming ECN bits 2013-08-08 22:24:59 -07:00
protocol.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
raw.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
reassembly.c ipv6: split inet6_hash_frag for netfilter and initialize secrets with net_get_random_once 2013-10-23 17:01:40 -04:00
route.c ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv 2013-11-08 15:16:04 -05:00
sit.c ipv6: sit: add GSO/TSO support 2013-10-21 18:49:39 -04:00
syncookies.c inet: split syncookie keys for ipv4 and ipv6 and initialize with net_get_random_once 2013-10-19 19:45:35 -04:00
sysctl_net_ipv6.c net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
tcp_ipv6.c tcp_memcontrol: Remove the per netns control. 2013-10-21 18:43:02 -04:00
tcpv6_offload.c tcp: rename tcp_tso_segment() 2013-10-18 13:38:39 -04:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c ipv6: fix headroom calculation in udp6_ufo_fragment 2013-11-05 22:09:53 -05:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-23 16:49:34 -04:00
udplite.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
xfrm6_input.c
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipv6: Add a receive path hook for vti6 in xfrm6_mode_tunnel. 2013-10-09 13:16:36 +02:00
xfrm6_output.c xfrm: revert ipv4 mtu determination to dst_mtu 2013-08-26 12:40:53 +02:00
xfrm6_policy.c xfrm: Fix null pointer dereference when decoding sessions 2013-11-01 07:08:46 +01:00
xfrm6_state.c xfrm: make local error reporting more robust 2013-08-14 13:07:12 +02:00
xfrm6_tunnel.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00