leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a0ecb85a2c
linux/net/ipv4/netfilter
History
Jozsef Kadlecsik a0ecb85a2c netfilter: nf_nat: Handle routing changes in MASQUERADE target 
When the route changes (backup default route, VPNs) which affect a
masqueraded target, the packets were sent out with the outdated source
address. The patch addresses the issue by comparing the outgoing interface
directly with the masqueraded interface in the nat table.

Events are inefficient in this case, because it'd require adding route
events to the network core and then scanning the whole conntrack table
and re-checking the route for all entry.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-12-03 15:14:20 +01:00
..
arp_tables.c net: Allow userns root to control ipv4 2012-11-18 20:32:45 -05:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_tables.c net: Allow userns root to control ipv4 2012-11-18 20:32:45 -05:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_CLUSTERIP.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: ip6tables: add MASQUERADE target 2012-08-30 03:00:18 +02:00
ipt_REJECT.c netfilter: Fix ip_route_me_harder triggering ip_rt_bug 2011-06-29 05:47:32 -07:00
ipt_rpfilter.c net: Loopback ifindex is constant now 2012-08-09 16:18:07 -07:00
ipt_ULOG.c netlink: hide struct module parameter in netlink_kernel_create 2012-09-08 18:46:30 -04:00
iptable_filter.c netfilter: remove unnecessary goto statement for error recovery 2012-08-22 19:17:38 +02:00
iptable_mangle.c netfilter: remove unnecessary goto statement for error recovery 2012-08-22 19:17:38 +02:00
iptable_nat.c netfilter: nf_nat: Handle routing changes in MASQUERADE target 2012-12-03 15:14:20 +01:00
iptable_raw.c netfilter: remove unnecessary goto statement for error recovery 2012-08-22 19:17:38 +02:00
iptable_security.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
Kconfig netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
Makefile netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
nf_conntrack_l3proto_ipv4_compat.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
nf_conntrack_l3proto_ipv4.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_conntrack_proto_icmp.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_defrag_ipv4.c netfilter: ipv4, defrag: switch hook PFs to nfproto 2012-06-07 14:58:42 +02:00
nf_nat_h323.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_l3proto_ipv4.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_pptp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_gre.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_icmp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_snmp_basic.c net: Remove casts to same type 2012-06-04 11:45:11 -04:00