linux/net
Changli Gao b46ffb8545 netfilter: fix ipt_REJECT TCP RST routing for indev == outdev
ip_route_me_harder can't create the route cache when the outdev is the same
with the indev for the skbs whichout a valid protocol set.

__mkroute_input functions has this check:
1998         if (skb->protocol != htons(ETH_P_IP)) {
1999                 /* Not IP (i.e. ARP). Do not create route, if it is
2000                  * invalid for proxy arp. DNAT routes are always valid.
2001                  *
2002                  * Proxy arp feature have been extended to allow, ARP
2003                  * replies back to the same interface, to support
2004                  * Private VLAN switch technologies. See arp.c.
2005                  */
2006                 if (out_dev == in_dev &&
2007                     IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
2008                         err = -EINVAL;
2009                         goto cleanup;
2010                 }
2011         }

This patch gives the new skb a valid protocol to bypass this check. In order
to make ipt_REJECT work with bridges, you also need to enable ip_forward.

This patch also fixes a regression. When we used skb_copy_expand(), we
didn't have this issue stated above, as the protocol was properly set.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-22 13:13:32 -07:00
..
9p fs/9p: destroy fid on failed remove 2010-08-02 14:28:36 -05:00
802 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
8021q vlan: Match underlying dev carrier on vlan add 2010-08-19 00:26:46 -07:00
appletalk Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
atm ppp: make channel_ops const 2010-08-04 21:53:17 -07:00
ax25 ax25: missplaced sock_put(sk) 2010-08-26 15:18:27 -07:00
bluetooth Bluetooth: Fix incorrect setting of remote_tx_win for L2CAP ERTM 2010-08-10 07:59:11 -04:00
bridge bridge: Clear INET control block of SKBs passed into ip_fragment(). 2010-09-01 19:17:34 -07:00
caif net/caif/cfrfml.c: use asm/unaligned.h 2010-08-26 16:11:08 -07:00
can can: add limit for nframes and clean up signed/unsigned variables 2010-08-11 16:12:35 -07:00
core net: use rcu_barrier() in rollback_registered_many 2010-09-14 14:27:29 -07:00
dcb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dccp net: dccp: fix sign bug 2010-07-18 15:07:14 -07:00
decnet net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
dns_resolver DNS: If the DNS server returns an error, allow that to be cached [ver #2] 2010-08-11 17:11:28 +00:00
dsa phylib: available for any speed ethernet 2010-08-11 23:03:50 -07:00
econet econet: fix locking 2010-06-11 18:37:08 -07:00
ethernet Net: ethernet: pe2.c: fix EXPORT_SYMBOL macro code style issue 2010-07-14 18:27:09 -07:00
ieee802154 ieee802154: Fix possible NULL pointer dereference in wpan_phy_alloc 2010-05-23 23:11:07 -07:00
ipv4 netfilter: fix ipt_REJECT TCP RST routing for indev == outdev 2010-09-22 13:13:32 -07:00
ipv6 ip: fix truesize mismatch in ip fragmentation 2010-09-21 15:05:50 -07:00
ipx include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
irda irda: off by one 2010-09-07 13:57:22 -07:00
iucv net: use __packed annotation 2010-06-03 03:21:52 -07:00
key pfkey: add severity to printk 2010-05-17 23:23:13 -07:00
l2tp l2tp: test for ethernet header in l2tp_eth_dev_recv() 2010-08-26 13:29:38 -07:00
lapb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
llc net/llc: storing negative error codes in unsigned short 2010-09-16 22:38:23 -07:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-07 14:06:10 -07:00
netfilter netfilter: nf_ct_sip: default to NF_ACCEPT in sip_help_tcp() 2010-09-22 13:13:32 -07:00
netlabel net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
netlink netlink: Make NETLINK_USERSOCK work again. 2010-08-31 09:51:37 -07:00
netrom net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
packet packet_mmap: expose hw packet timestamps to network packet capture utilities 2010-06-02 05:53:56 -07:00
phonet Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 18:25:24 -07:00
rds rds: fix a leak of kernel memory 2010-08-18 23:40:03 -07:00
rfkill Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
rose rose: Fix signedness issues wrt. digi count. 2010-09-20 15:40:35 -07:00
rxrpc Add a dummy printk function for the maintenance of unused printks 2010-08-12 09:51:35 -07:00
sched sch_atm: Fix potential NULL deref. 2010-09-12 11:56:44 -07:00
sctp sctp: Do not reset the packet during sctp_packet_config(). 2010-09-17 16:47:56 -07:00
sunrpc Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 2010-08-18 15:45:23 -07:00
tipc tipc: Reduce footprint by un-inlining tipc_msg_* routines 2010-05-12 23:02:29 -07:00
unix UNIX: Do not loop forever at unix_autobind(). 2010-09-07 13:57:23 -07:00
wanrouter net: autoconvert trivial BKL users to private mutex 2010-07-12 20:21:47 -07:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
wireless wext: fix potential private ioctl memory content leak 2010-09-20 13:41:40 -04:00
x25 X25: Remove bkl in sockopts 2010-05-17 17:39:28 -07:00
xfrm xfrm: Allow different selector family in temporary state 2010-09-20 11:11:38 -07:00
compat.c From abbffa2aa9bd6f8df16d0d0a102af677510d8b9a Mon Sep 17 00:00:00 2001 2010-06-03 20:03:40 -07:00
Kconfig net: RPS needs to depend upon USE_GENERIC_SMP_HELPERS 2010-09-14 21:42:22 -07:00
Makefile DNS: Separate out CIFS DNS Resolver code 2010-08-05 17:17:51 +00:00
nonet.c
socket.c net: support time stamping in phy devices. 2010-07-18 19:15:26 -07:00
sysctl_net.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
TUNABLE