kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/net/ipv4/netfilter
History
Jozsef Kadlecsik 8430eac2f6 netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently 
IPv6 conntrack marked invalid packets as INVALID and let the user
drop those by an explicit rule, while IPv4 conntrack dropped such
packets itself.

IPv4 conntrack is changed so that it marks INVALID packets and let
the user to drop them.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-04-10 00:38:34 +02:00
..
arp_tables.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2011-04-19 11:24:06 -07:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_queue.c Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
ip_tables.c netfilter: ip_tables: fix compile with debug 2011-06-16 17:16:37 +02:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_CLUSTERIP.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
ipt_NETMAP.c netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
ipt_REDIRECT.c netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
ipt_REJECT.c netfilter: Fix ip_route_me_harder triggering ip_rt_bug 2011-06-29 05:47:32 -07:00
ipt_rpfilter.c netfilter: add ipv4 reverse path filter match 2011-12-04 22:43:37 +01:00
ipt_ULOG.c module_param: make bool parameters really bool (net & drivers/net) 2011-12-19 22:27:29 -05:00
iptable_filter.c netfilter: remove forward module param confusion. 2012-03-22 22:36:17 -04:00
iptable_mangle.c netfilter: do not omit re-route check on NF_QUEUE verdict 2011-01-20 10:23:26 +01:00
iptable_raw.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
iptable_security.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Kconfig netfilter: merge ipt_LOG and ip6_LOG into xt_LOG 2012-03-07 17:40:49 +01:00
Makefile netfilter: merge ipt_LOG and ip6_LOG into xt_LOG 2012-03-07 17:40:49 +01:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently 2012-04-10 00:38:34 +02:00
nf_conntrack_l3proto_ipv4_compat.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
nf_conntrack_proto_icmp.c netfilter: add cttimeout infrastructure for fine timeout tuning 2012-03-07 17:41:22 +01:00
nf_defrag_ipv4.c ip: introduce ip_is_fragment helper inline function 2011-06-21 20:33:34 -07:00
nf_nat_amanda.c rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER 2011-08-02 04:29:23 -07:00
nf_nat_core.c netfilter: ctnetlink: allow to set expectfn for expectations 2012-03-07 17:40:46 +01:00
nf_nat_ftp.c rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER 2011-08-02 04:29:23 -07:00
nf_nat_h323.c netfilter: ctnetlink: allow to set expectfn for expectations 2012-03-07 17:40:46 +01:00
nf_nat_helper.c netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet() 2011-12-23 14:36:46 +01:00
nf_nat_irc.c rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER 2011-08-02 04:29:23 -07:00
nf_nat_pptp.c netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_nat_proto_common.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_dccp.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_gre.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_icmp.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_sctp.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_tcp.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_udp.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_udplite.c netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_proto_unknown.c netfilter: nat: remove module reference counting from NAT protocols 2011-12-23 14:36:45 +01:00
nf_nat_rule.c netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_nat_sip.c netfilter: ctnetlink: allow to set expectfn for expectations 2012-03-07 17:40:46 +01:00
nf_nat_snmp_basic.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
nf_nat_standalone.c netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_nat_tftp.c rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER 2011-08-02 04:29:23 -07:00