FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-12 04:19:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/net/ipv4
History
lucien cc4998febd netfilter: ipt_rpfilter: remove the nh_scope test in rpfilter_lookup_reverse 
--accept-local  option works for res.type == RTN_LOCAL, which should be
from the local table, but there, the fib_info's nh->nh_scope =
RT_SCOPE_NOWHERE ( > RT_SCOPE_HOST). in fib_create_info().

	if (cfg->fc_scope == RT_SCOPE_HOST) {
		struct fib_nh *nh = fi->fib_nh;

		/* Local address is added. */
		if (nhs != 1 || nh->nh_gw)
			goto err_inval;
		nh->nh_scope = RT_SCOPE_NOWHERE;   <===
		nh->nh_dev = dev_get_by_index(net, fi->fib_nh->nh_oif);
		err = -ENODEV;
		if (!nh->nh_dev)
			goto failure;

but in our rpfilter_lookup_reverse():

	if (dev_match || flags & XT_RPFILTER_LOOSE)
		return FIB_RES_NH(res).nh_scope <= RT_SCOPE_HOST;

if nh->nh_scope > RT_SCOPE_HOST, it will fail. --accept-local option
will never be passed.

it seems the test is bogus and can be removed to fix this issue.

	if (dev_match || flags & XT_RPFILTER_LOOSE)
		return FIB_RES_NH(res).nh_scope <= RT_SCOPE_HOST;

ipv6 does not have this issue.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-10-12 17:27:48 +02:00
..
netfilter
netfilter: ipt_rpfilter: remove the nh_scope test in rpfilter_lookup_reverse
2015-10-12 17:27:48 +02:00
af_inet.c
net: Make table id type u32
2015-09-01 14:32:44 -07:00
ah4.c
ah4: Fix error return in ah_input().
2015-08-25 13:38:50 -07:00
arp.c
ipv4: send arp replies to the correct tunnel
2015-09-24 14:31:36 -07:00
cipso_ipv4.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
datagram.c
net: Set sk_txhash from a random number
2015-07-29 22:44:04 -07:00
devinet.c
net/ipv4: suppress NETDEV_UP notification on address lifetime update
2015-07-28 23:38:13 -07:00
esp4.c
esp4: Switch to new AEAD interface
2015-05-28 11:23:20 +08:00
fib_frontend.c
net: Initialize flow flags in input path
2015-09-29 21:52:32 -07:00
fib_lookup.h
ipv4: consider TOS in fib_select_default
2015-07-24 22:46:11 -07:00
fib_rules.c
net: ipv6: use common fib_default_rule_pref
2015-09-09 14:19:50 -07:00
fib_semantics.c
net: Make table id type u32
2015-09-01 14:32:44 -07:00
fib_trie.c
net: Fix vti use case with oif in dst lookups
2015-09-17 16:36:34 -07:00
fou.c
fou: reject IPv6 config
2015-08-29 13:07:54 -07:00
gre_demux.c
gre: Remove support for sharing GRE protocol hook.
2015-08-10 14:03:54 -07:00
gre_offload.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
icmp.c
net: Fix panic in icmp_route_lookup
2015-09-25 21:44:02 -07:00
igmp.c
IGMP: Inhibit reports for local multicast groups
2015-08-28 13:28:47 -07:00
inet_connection_sock.c
inet: fix races in reqsk_queue_hash_req()
2015-09-21 16:32:29 -07:00
inet_diag.c
net: inet_diag: always export IPV6_V6ONLY sockopt for listening sockets
2015-07-10 23:25:24 -07:00
inet_fragment.c
inet: frags: remove INET_FRAG_EVICTED and use list_evictor for the test
2015-07-26 21:00:15 -07:00
inet_hashtables.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-07-23 00:41:16 -07:00
inet_lro.c
lro: remove dead code
2013-12-29 16:34:25 -05:00
inet_timewait_sock.c
tcp/dccp: fix timewait races in timer handling
2015-09-21 16:32:29 -07:00
inetpeer.c
net: Add helper function to compare inetpeer addresses
2015-08-28 13:32:36 -07:00
ip_forward.c
ip: reject too-big defragmented DF-skb when forwarding
2015-05-25 00:08:48 -04:00
ip_fragment.c
net: Add support for VRFs to inetpeer cache
2015-08-28 13:32:36 -07:00
ip_gre.c
ip_tunnels: record IP version in tunnel info
2015-08-29 13:07:54 -07:00
ip_input.c
dst: Metadata destinations
2015-07-21 10:39:05 -07:00
ip_options.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
ip_output.c
net: Use VRF index for oif in ip_send_unicast_reply
2015-08-13 22:43:21 -07:00
ip_sockglue.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-06-24 02:58:51 -07:00
ip_tunnel_core.c
lwtunnel: remove source and destination UDP port config option
2015-09-24 14:31:37 -07:00
ip_tunnel.c
ip_gre: Add support to collect tunnel metadata.
2015-08-10 14:03:54 -07:00
ip_vti.c
ip_vti/ip6_vti: Preserve skb->mark after rcv_cb call
2015-05-28 06:23:32 +02:00
ipcomp.c
ipv4: coding style: comparison for equality with NULL
2015-04-03 12:11:15 -04:00
ipconfig.c
net: ipv4: increase dhcp inter device timeout
2015-08-12 16:40:22 -07:00
ipip.c
ip_gre: Add support to collect tunnel metadata.
2015-08-10 14:03:54 -07:00
ipmr.c
net: ipv6: use common fib_default_rule_pref
2015-09-09 14:19:50 -07:00
Kconfig
geneve: Consolidate Geneve functionality in single module.
2015-08-27 15:42:48 -07:00
Makefile
geneve: Consolidate Geneve functionality in single module.
2015-08-27 15:42:48 -07:00
netfilter.c
netfilter: don't use module_init/exit in core IPV4 code
2015-06-16 14:12:34 -04:00
ping.c
ipv6: Nonlocal bind
2015-07-09 21:09:10 -07:00
proc.c
net: track success and failure of TCP PMTU probing
2015-07-21 22:36:33 -07:00
protocol.c
net: Export inet_offloads and inet6_offloads
2014-09-19 17:15:31 -04:00
raw.c
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2015-04-13 18:18:05 -04:00
route.c
net: Initialize flow flags in input path
2015-09-29 21:52:32 -07:00
syncookies.c
tcp: get_cookie_sock() consolidation
2015-06-07 15:19:52 -07:00
sysctl_net_ipv4.c
IGMP: Inhibit reports for local multicast groups
2015-08-28 13:28:47 -07:00
tcp_bic.c
tcp: add tcp_in_slow_start helper
2015-07-09 14:22:52 -07:00
tcp_cdg.c
tcp: do not slow start when cwnd equals ssthresh
2015-07-09 14:22:52 -07:00
tcp_cong.c
tcp: use dctcp if enabled on the route to the initiator
2015-08-31 12:34:00 -07:00
tcp_cubic.c
tcp_cubic: do not set epoch_start in the future
2015-09-17 22:35:07 -07:00
tcp_dctcp.c
net: tcp: dctcp_update_alpha() fixes.
2015-06-10 23:28:33 -07:00
tcp_diag.c
sock_diag: implement a get_info handler for inet
2015-06-15 19:49:22 -07:00
tcp_fastopen.c
tcp: Do not call tcp_fastopen_reset_cipher from interrupt context
2015-06-23 02:38:10 -07:00
tcp_highspeed.c
tcp: add tcp_in_slow_start helper
2015-07-09 14:22:52 -07:00
tcp_htcp.c
tcp: add tcp_in_slow_start helper
2015-07-09 14:22:52 -07:00
tcp_hybla.c
tcp: do not slow start when cwnd equals ssthresh
2015-07-09 14:22:52 -07:00
tcp_illinois.c
tcp: add tcp_in_slow_start helper
2015-07-09 14:22:52 -07:00
tcp_input.c
tcp: use dctcp if enabled on the route to the initiator
2015-08-31 12:34:00 -07:00
tcp_ipv4.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-08-13 16:23:11 -07:00
tcp_lp.c
tcp: remove in_flight parameter from cong_avoid() methods
2014-05-03 19:23:07 -04:00
tcp_memcontrol.c
memcg: cleanup static keys decrement
2015-02-12 18:54:10 -08:00
tcp_metrics.c
net: Add helper function to compare inetpeer addresses
2015-08-28 13:32:36 -07:00
tcp_minisocks.c
tcp/dccp: fix timewait races in timer handling
2015-09-21 16:32:29 -07:00
tcp_offload.c
tcp: reserve tcp_skb_mss() to tcp stack
2015-06-11 16:33:10 -07:00
tcp_output.c
tcp: add proper TS val into RST packets
2015-09-23 14:24:07 -07:00
tcp_probe.c
tcp: whitespace fixes
2014-09-01 18:12:45 -07:00
tcp_scalable.c
tcp: add tcp_in_slow_start helper
2015-07-09 14:22:52 -07:00
tcp_timer.c
tcp: do not export tcp_init_xmit_timers()
2015-07-09 21:44:38 -07:00
tcp_vegas.c
tcp: add tcp_in_slow_start helper
2015-07-09 14:22:52 -07:00
tcp_vegas.h
tcp: prepare CC get_info() access from getsockopt()
2015-04-29 17:10:38 -04:00
tcp_veno.c
tcp: add tcp_in_slow_start helper
2015-07-09 14:22:52 -07:00
tcp_westwood.c
tcp_westwood: fix tcp_westwood_info()
2015-05-05 19:50:09 -04:00
tcp_yeah.c
tcp: stretch ACK fixes prep
2015-01-28 22:18:37 -08:00
tcp.c
tcp: fix slow start after idle vs TSO/GSO
2015-08-25 11:22:50 -07:00
tunnel4.c
udp_diag.c
sock_diag: specify info_size per inet protocol
2015-06-15 19:49:22 -07:00
udp_impl.h
net: Remove iocb argument from sendmsg and recvmsg
2015-03-02 13:06:31 -05:00
udp_offload.c
ipv4: coding style: comparison for inequality with NULL
2015-04-03 12:11:15 -04:00
udp_tunnel.c
tunnel: introduce udp_tun_rx_dst()
2015-08-27 15:42:47 -07:00
udp.c
net: Fix vti use case with oif in dst lookups
2015-09-17 16:36:34 -07:00
udplite.c
net: Eliminate no_check from protosw
2014-05-23 16:28:53 -04:00
xfrm4_input.c
netfilter: Pass socket pointer down through okfn().
2015-04-07 15:25:55 -04:00
xfrm4_mode_beet.c
ipv4: ERROR: code indent should use tabs where possible
2013-12-26 13:43:21 -05:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
ipv4: hash net ptr into fragmentation bucket selection
2015-03-25 14:07:04 -04:00
xfrm4_output.c
netfilter: Pass socket pointer down through okfn().
2015-04-07 15:25:55 -04:00
xfrm4_policy.c
net: Fix vti use case with oif in dst lookups
2015-09-17 16:36:34 -07:00
xfrm4_protocol.c
xfrm4: Remove duplicate semicolon
2014-06-30 07:49:47 +02:00
xfrm4_state.c
inet: make no_pmtu_disc per namespace and kill ipv4_config
2013-12-18 16:58:20 -05:00
xfrm4_tunnel.c
sit: add IPv4 over IPv4 support
2013-05-31 17:19:05 -07:00