leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a0ecb85a2c
linux/net/ipv6
History
Jozsef Kadlecsik a0ecb85a2c netfilter: nf_nat: Handle routing changes in MASQUERADE target 
When the route changes (backup default route, VPNs) which affect a
masqueraded target, the packets were sent out with the outdated source
address. The patch addresses the issue by comparing the outgoing interface
directly with the masqueraded interface in the nat table.

Events are inefficient in this case, because it'd require adding route
events to the network core and then scanning the whole conntrack table
and re-checking the route for all entry.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-12-03 15:14:20 +01:00
..
netfilter netfilter: nf_nat: Handle routing changes in MASQUERADE target 2012-12-03 15:14:20 +01:00
addrconf_core.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
addrconf.c ipv6: unify logic evaluating inet6_dev's accept_ra property 2012-12-01 11:36:37 -05:00
addrlabel.c net: Enable a userns root rtnl calls that are safe for unprivilged users 2012-11-18 20:33:36 -05:00
af_inet6.c net: Make CAP_NET_BIND_SERVICE per user namespace 2012-11-18 20:33:37 -05:00
ah6.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
anycast.c net: Allow userns root to control ipv6 2012-11-18 20:32:45 -05:00
datagram.c net: Allow userns root to control ipv6 2012-11-18 20:32:45 -05:00
esp6.c net: ipv6: fix error return code 2012-08-31 16:27:48 -04:00
exthdrs_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch 2012-11-30 12:01:30 -05:00
exthdrs_offload.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
exthdrs.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
fib6_rules.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
icmp.c net: Enable some sysctls that are safe for the userns root 2012-11-18 20:33:00 -05:00
inet6_connection_sock.c ipv6: fix inet6_csk_update_pmtu() return value 2012-11-20 15:16:15 -05:00
inet6_hashtables.c net: move inet_dport/inet_num in sock_common 2012-11-30 15:02:56 -05:00
ip6_fib.c ipv6: add support of equal cost multipath (ECMP) 2012-10-23 02:38:32 -04:00
ip6_flowlabel.c net: Allow userns root to control ipv6 2012-11-18 20:32:45 -05:00
ip6_gre.c net: Allow userns root to control ipv6 2012-11-18 20:32:45 -05:00
ip6_input.c net: TCP early demux cleanup 2012-07-30 14:53:21 -07:00
ip6_offload.c net: Remove code duplication between offload structures 2012-11-15 17:39:51 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
ip6_tunnel.c ip6tnl/sit: drop packet if ECN present with not-ECT 2012-11-28 11:37:11 -05:00
ip6mr.c ip6mr: Add sizeof verification to MRT6_ASSERT and MT6_PIM 2012-11-26 17:35:58 -05:00
ipcomp6.c ipv6: Add redirect support to all protocol icmp error handlers. 2012-07-12 00:25:15 -07:00
ipv6_sockglue.c net: Allow userns root to control ipv6 2012-11-18 20:32:45 -05:00
Kconfig gre: Support GRE over IPv6 2012-08-14 14:28:32 -07:00
Makefile ipv6: Preserve ipv6 functionality needed by NET 2012-11-18 02:34:00 -05:00
mcast.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
mip6.c ipv6: mip6: fix mip6_mh_filter() 2012-09-25 16:04:44 -04:00
ndisc.c ipv6: unify logic evaluating inet6_dev's accept_ra property 2012-12-01 11:36:37 -05:00
netfilter.c netfilter: ipv6: expand skb head in ip6_route_me_harder after oif change 2012-08-30 03:00:15 +02:00
output_core.c ipv6: Update ipv6 static library with newly needed functions 2012-11-15 17:39:23 -05:00
proc.c net: ipv6: proc: Fix error handling 2012-08-14 14:45:07 -07:00
protocol.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
raw.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
reassembly.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
route.c net: Enable a userns root rtnl calls that are safe for unprivilged users 2012-11-18 20:33:36 -05:00
sit.c ip6tnl/sit: drop packet if ECN present with not-ECT 2012-11-28 11:37:11 -05:00
syncookies.c tcp: better retrans tracking for defer-accept 2012-11-03 14:45:00 -04:00
sysctl_net_ipv6.c net: Enable some sysctls that are safe for the userns root 2012-11-18 20:33:00 -05:00
tcp_ipv6.c ipv6: adapt connect for repair move 2012-11-22 15:30:14 -05:00
tcpv6_offload.c net: Remove code duplication between offload structures 2012-11-15 17:39:51 -05:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp_impl.h
udp_offload.c ipv6: Fix build error with udp_offload 2012-11-15 22:48:32 -05:00
udp.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_output.c xfrm6: remove unneeded NULL check in __xfrm6_output() 2012-02-01 02:52:48 -05:00
xfrm6_policy.c xfrm6: Remove commented out function call to xfrm6_input_fini 2012-11-16 08:07:56 +01:00
xfrm6_state.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
xfrm6_tunnel.c net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00