leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
902d6a4c2a
linux/net/ipv6
History
Subash Abhinov Kasiviswanathan 902d6a4c2a netfilter: nf_defrag: Skip defrag if NOTRACK is set 
conntrack defrag is needed only if some module like CONNTRACK or NAT
explicitly requests it. For plain forwarding scenarios, defrag is
not needed and can be skipped if NOTRACK is set in a rule.

Since conntrack defrag is currently higher priority than raw table,
setting NOTRACK is not sufficient. We need to move raw to a higher
priority for iptables only.

This is achieved by introducing a module parameter "raw_before_defrag"
which allows to change the priority of raw table to place it before
defrag. By default, the parameter is disabled and the priority of raw
table is NF_IP_PRI_RAW to support legacy behavior. If the module
parameter is enabled, then the priority of the raw table is set to
NF_IP_PRI_RAW_BEFORE_DEFRAG.

Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-01-11 13:14:20 +01:00
..
ila rhashtable: Change rhashtable_walk_start to return void 2017-12-11 09:58:38 -05:00
netfilter netfilter: nf_defrag: Skip defrag if NOTRACK is set 2018-01-11 13:14:20 +01:00
addrconf_core.c net: ipv6: Make inet6addr_validator a blocking notifier 2017-10-20 13:15:07 +01:00
addrconf.c ipv6: Set nexthop flags upon carrier change 2018-01-07 21:29:40 -05:00
addrlabel.c rtnetlink: ipv6: convert remaining users to rtnl_register_module 2017-12-04 13:35:36 -05:00
af_inet6.c net: reevalulate autoflowlabel setting after sysctl setting 2017-12-21 13:07:20 -05:00
ah6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
anycast.c net, ipv6: convert ifacaddr6.aca_refcnt from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00
calipso.c net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
datagram.c net: ipv6: Allow connect to linklocal address from socket bound to vrf 2018-01-08 14:11:18 -05:00
esp6_offload.c xfrm: Separate ESP handling from segmentation for GRO packets. 2017-12-20 10:41:31 +01:00
esp6.c esp: Don't require synchronous crypto fallback on offloading anymore. 2017-12-20 10:41:53 +01:00
exthdrs_core.c net: ipv6: remove unused code in ipv6_find_hdr() 2017-10-05 21:53:02 -07:00
exthdrs_offload.c
exthdrs.c ipv6: Implement limits on Hop-by-Hop and Destination options 2017-11-03 09:50:22 +09:00
fib6_notifier.c net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib6_rules.c net: ipv6: avoid overhead when no custom FIB rules are installed 2017-08-08 21:40:08 -07:00
fou6.c fou: make local function static 2017-05-21 13:42:36 -04:00
icmp.c ipv6: mark expected switch fall-throughs 2017-10-18 14:13:08 +01:00
inet6_connection_sock.c
inet6_hashtables.c inet: Add a 2nd listener hashtable (port+addr) 2017-12-03 10:18:28 -05:00
ip6_checksum.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip6_fib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-09 10:37:00 -05:00
ip6_flowlabel.c treewide: Switch DEFINE_TIMER callbacks to struct timer_list * 2017-11-21 15:57:05 -08:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-12-29 15:42:26 -05:00
ip6_icmp.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip6_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-20 10:35:33 -04:00
ip6_offload.c gso: fix payload length when gso_size is zero 2017-10-08 10:12:15 -07:00
ip6_offload.h
ip6_output.c netfilter: flow table support for IPv6 2018-01-08 18:11:08 +01:00
ip6_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-09 10:37:00 -05:00
ip6_udp_tunnel.c
ip6_vti.c ip6_vti: adjust vti mtu according to mtu of lower device 2017-12-20 11:52:32 -05:00
ip6mr.c rtnetlink: ipv6: convert remaining users to rtnl_register_module 2017-12-04 13:35:36 -05:00
ipcomp6.c
ipv6_sockglue.c net: reevalulate autoflowlabel setting after sysctl setting 2017-12-21 13:07:20 -05:00
Kconfig ipv6: sr: add helper functions for seg6local 2017-08-25 17:10:24 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mcast_snoop.c
mcast.c ipv6: mcast: better catch silly mtu values 2017-12-13 13:13:15 -05:00
mip6.c
ndisc.c net: ipv6: sysctl to specify IPv6 ND traffic class 2017-11-11 15:13:02 +09:00
netfilter.c netfilter: remove struct nf_afinfo and its helper functions 2018-01-08 18:11:02 +01:00
output_core.c net: accept UFO datagrams from tuntap and packet 2017-11-24 01:37:35 +09:00
ping.c net/ipv6: Convert icmpv6_push_pending_frames to void 2017-10-06 09:52:31 -07:00
proc.c proc: snmp6: Use correct type in memset 2017-06-12 09:53:14 -04:00
protocol.c net: Add sysctl to toggle early demux for tcp and udp 2017-03-24 13:17:07 -07:00
raw.c ipv6: mark expected switch fall-throughs 2017-10-18 14:13:08 +01:00
reassembly.c inet: frags: Convert timers to use timer_setup() 2017-10-18 12:39:55 +01:00
route.c ipv6: Flush multipath routes when all siblings are dead 2018-01-07 21:29:41 -05:00
seg6_hmac.c ipv6: sr: Use ARRAY_SIZE macro 2017-09-01 18:35:23 -07:00
seg6_iptunnel.c ipv6: sr: add support for encapsulation of L2 frames 2017-08-25 17:10:23 -07:00
seg6_local.c ipv6: use ARRAY_SIZE for array sizing calculation on array seg6_action_table 2018-01-09 11:40:46 -05:00
seg6.c rhashtable: Change rhashtable_walk_start to return void 2017-12-11 09:58:38 -05:00
sit.c sit: update frag_off info 2017-11-30 10:25:41 -05:00
syncookies.c tcp: Namespace-ify sysctl_tcp_workaround_signed_windows 2017-10-28 19:24:38 +09:00
sysctl_net_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
tcp_ipv6.c net: ipv6: Allow connect to linklocal address from socket bound to vrf 2018-01-08 14:11:18 -05:00
tcpv6_offload.c
tunnel6.c
udp_impl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udp_offload.c net: accept UFO datagrams from tuntap and packet 2017-11-24 01:37:35 +09:00
udp.c udp: Move udp[46]_portaddr_hash() to net/ip[v6].h 2017-12-03 10:18:28 -05:00
udplite.c
xfrm6_input.c xfrm: Reinject transport-mode packets through tasklet 2017-12-19 08:23:21 +01:00
xfrm6_mode_beet.c networking: make skb_pull & friends return void pointers 2017-06-16 11:48:39 -04:00
xfrm6_mode_ro.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-02 13:57:27 -04:00
xfrm6_mode_transport.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-02 13:57:27 -04:00
xfrm6_mode_tunnel.c xfrm: Separate ESP handling from segmentation for GRO packets. 2017-12-20 10:41:31 +01:00
xfrm6_output.c xfrm: Add an IPsec hardware offloading API 2017-04-14 10:06:10 +02:00
xfrm6_policy.c net: Create and use new helper xfrm_dst_child(). 2017-11-30 09:54:25 -05:00
xfrm6_protocol.c
xfrm6_state.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm6_tunnel.c xfrm6_tunnel: exit_net cleanup check added 2017-11-14 15:46:17 +09:00