linux/net/core
Patrick McHardy 124dff01af netfilter: don't reset nf_trace in nf_reset()
Commit 130549fe ("netfilter: reset nf_trace in nf_reset") added code
to reset nf_trace in nf_reset(). This is wrong and unnecessary.

nf_reset() is used in the following cases:

- when passing packets up the the socket layer, at which point we want to
  release all netfilter references that might keep modules pinned while
  the packet is queued. nf_trace doesn't matter anymore at this point.

- when encapsulating or decapsulating IPsec packets. We want to continue
  tracing these packets after IPsec processing.

- when passing packets through virtual network devices. Only devices on
  that encapsulate in IPv4/v6 matter since otherwise nf_trace is not
  used anymore. Its not entirely clear whether those packets should
  be traced after that, however we've always done that.

- when passing packets through virtual network devices that make the
  packet cross network namespace boundaries. This is the only cases
  where we clearly want to reset nf_trace and is also what the
  original patch intended to fix.

Add a new function nf_reset_trace() and use it in dev_forward_skb() to
fix this properly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-04-05 15:38:10 -04:00
..
datagram.c net: fix infinite loop in __skb_recv_datagram() 2013-02-12 16:07:19 -05:00
dev_addr_lists.c net: count hw_addr syncs so that unsync works properly. 2013-04-05 00:18:46 -04:00
dev_ioctl.c net: move ioctl functions into a separated file 2013-02-18 12:27:32 -05:00
dev.c netfilter: don't reset nf_trace in nf_reset() 2013-04-05 15:38:10 -04:00
drop_monitor.c
dst.c ipv6: fix race condition regarding dst->expires and dst->from. 2013-02-20 15:11:45 -05:00
ethtool.c v4 GRE: Add TCP segmentation offload for GRE 2013-02-15 15:17:11 -05:00
fib_rules.c net: Enable a userns root rtnl calls that are safe for unprivilged users 2012-11-18 20:33:36 -05:00
filter.c sk-filter: Add ability to lock a socket filter program 2013-01-17 03:21:25 -05:00
flow_dissector.c flow_keys: include thoff into flow_keys for later usage 2013-03-20 12:14:36 -04:00
flow.c net: fix the use of this_cpu_ptr 2013-03-29 15:13:27 -04:00
gen_estimator.c
gen_stats.c
iovec.c
link_watch.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
Makefile net: move procfs code to net/core/net-procfs.c 2013-02-19 00:51:10 -05:00
neighbour.c net neigh: Optimize neighbor entry size calculation. 2013-01-28 23:17:51 -05:00
net_namespace.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
net-procfs.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
net-sysfs.c net/core: apply pm_runtime_set_memalloc_noio on network devices 2013-02-23 17:50:16 -08:00
net-sysfs.h
net-traces.c
netevent.c
netpoll.c netpoll: fix smatch warnings in netpoll core code 2013-02-13 11:56:46 -05:00
netprio_cgroup.c net: core: Remove unnecessary alloc/OOM messages 2013-02-06 14:58:52 -05:00
pktgen.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
request_sock.c tcp: fix a panic on UP machines in reqsk_fastopen_remove 2013-01-14 18:10:05 -05:00
rtnetlink.c rtnetlink: fix error return code in rtnl_link_fill() 2013-03-27 14:06:40 -04:00
scm.c scm: Require CAP_SYS_ADMIN over the current pidns to spoof pids. 2013-03-17 17:16:16 -07:00
secure_seq.c netfilter: ipv6: add IPv6 NAT support 2012-08-30 03:00:17 +02:00
skbuff.c net: fix a wrong assignment in skb_split() 2013-02-20 15:11:44 -05:00
sock_diag.c sock_diag: Simplify sock_diag_handlers[] handling in __sock_diag_rcv_msg 2013-02-23 13:51:54 -05:00
sock.c sock: only define socket limit if mem cgroup configured 2013-02-22 15:10:19 -05:00
stream.c
sysctl_net_core.c net: avoid to hang up on sending due to sysctl configuration overflow. 2013-01-28 23:15:27 -05:00
timestamping.c
user_dma.c
utils.c net: add doc for in4_pton() 2012-10-12 13:56:52 -04:00