leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
71212c9b04
linux/net/ipv6/netfilter
History
Pablo Neira Ayuso 71212c9b04 netfilter: nf_tables: don't drop IPv6 packets that cannot parse transport 
This is overly conservative and not flexible at all, so better let them
go through and let the filtering policy decide what to do with them. We
use skb_header_pointer() all over the place so we would just fail to
match when trying to access fields from malformed traffic.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-09-12 18:52:32 +02:00
..
ip6_tables.c netfilter: x_tables: speed up jump target validation 2016-07-18 21:35:23 +02:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c netfilter: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
ip6t_MASQUERADE.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ip6t_mh.c
ip6t_NPT.c
ip6t_REJECT.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
ip6t_rpfilter.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
ip6t_rt.c
ip6t_SYNPROXY.c netfilter: ip6t_SYNPROXY: unnecessary to check whether ip6_route_output returns NULL 2016-04-25 15:34:30 +02:00
ip6table_filter.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ip6table_mangle.c netfilter: x_tables: simplify ip{6}table_mangle_hook() 2016-07-01 16:37:02 +02:00
ip6table_nat.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ip6table_raw.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
ip6table_security.c netfilter: xtables: don't hook tables by default 2016-03-02 20:05:24 +01:00
Kconfig netfilter: nf_dup: add missing dependencies with NF_CONNTRACK 2015-12-10 18:17:06 +01:00
Makefile netfilter: nf_tables: add nft_dup expression 2015-08-07 11:49:49 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: remove hook owner refcounting 2015-10-16 18:21:39 +02:00
nf_conntrack_proto_icmpv6.c netfilter: ipv6: whitespace around operators 2015-10-13 14:12:38 +02:00
nf_conntrack_reasm.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-12-14 20:31:16 +01:00
nf_defrag_ipv6_hooks.c netfilter: ipv6: avoid nf_iterate recursion 2015-11-23 17:54:45 +01:00
nf_dup_ipv6.c netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags 2016-05-30 12:21:23 +02:00
nf_log_ipv6.c netfilter: log: Check param to avoid overflow in nf_log_set 2016-08-30 11:52:32 +02:00
nf_nat_l3proto_ipv6.c netfilter: Allow calling into nat helper without skb_dst. 2016-03-14 23:47:27 +01:00
nf_nat_masquerade_ipv6.c netfilter: conntrack: resched in nf_ct_iterate_cleanup 2016-02-01 00:15:26 +01:00
nf_nat_proto_icmpv6.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_reject_ipv6.c netfilter: ipv6: unnecessary to check whether ip6_route_output() returns NULL 2016-04-07 18:53:08 +02:00
nf_tables_ipv6.c netfilter: nf_tables: don't drop IPv6 packets that cannot parse transport 2016-09-12 18:52:32 +02:00
nft_chain_nat_ipv6.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
nft_chain_route_ipv6.c netfilter: nf_tables: don't drop IPv6 packets that cannot parse transport 2016-09-12 18:52:32 +02:00
nft_dup_ipv6.c netfilter: Pass net to nf_dup_ipv4 and nf_dup_ipv6 2015-09-18 21:59:11 +02:00
nft_masq_ipv6.c netfilter: nft_masq: support port range 2016-03-02 20:05:27 +01:00
nft_redir_ipv6.c netfilter: nf_tables: kill nft_pktinfo.ops 2015-09-18 21:58:01 +02:00
nft_reject_ipv6.c netfilter: nf_tables: Use pkt->net instead of computing net from the passed net_devices 2015-09-18 21:58:49 +02:00