linux-hardened/net/netfilter/ipvs
David Miller 7026b1ddb6 netfilter: Pass socket pointer down through okfn().
On the output paths in particular, we have to sometimes deal with two
socket contexts.  First, and usually skb->sk, is the local socket that
generated the frame.

And second, is potentially the socket used to control a tunneling
socket, such as one the encapsulates using UDP.

We do not want to disassociate skb->sk when encapsulating in order
to fix this, because that would break socket memory accounting.

The most extreme case where this can cause huge problems is an
AF_PACKET socket transmitting over a vxlan device.  We hit code
paths doing checks that assume they are dealing with an ipv4
socket, but are actually operating upon the AF_PACKET one.

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-04-07 15:25:55 -04:00
..
ip_vs_app.c ipvs: do not disable bh for long time 2013-04-02 00:23:58 +02:00
ip_vs_conn.c ipvs: use the new dest addr family field 2014-09-18 08:59:28 +09:00
ip_vs_core.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
ip_vs_ctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-03 21:16:48 -05:00
ip_vs_dh.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_est.c ipvs: use 64-bit rates in stats 2015-02-09 16:59:03 +09:00
ip_vs_fo.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_ftp.c ipvs: uninitialized data with IP_VS_IPV6 2014-12-10 17:36:47 +09:00
ip_vs_lblc.c ipvs: address family of LBLC entry depends on svc family 2014-09-16 09:03:38 +09:00
ip_vs_lblcr.c ipvs: address family of LBLCR entry depends on svc family 2014-09-16 09:03:38 +09:00
ip_vs_lc.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_nfct.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-01-06 17:37:45 -05:00
ip_vs_nq.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_pe.c netfilter: Deletion of unnecessary checks before two function calls 2014-11-20 13:08:43 +01:00
ip_vs_pe_sip.c netfilter: push reasm skb through instead of original frag skbs 2013-11-11 00:19:35 -05:00
ip_vs_proto.c ipvs: Trivial changes, use compressed IPv6 address in output 2012-09-28 11:33:52 +09:00
ip_vs_proto_ah_esp.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
ip_vs_proto_sctp.c ipvs: use the new dest addr family field 2014-09-18 08:59:28 +09:00
ip_vs_proto_tcp.c ipvs: use the new dest addr family field 2014-09-18 08:59:28 +09:00
ip_vs_proto_udp.c ipvs: convert services to rcu 2013-04-02 00:23:58 +02:00
ip_vs_rr.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_sched.c netfilter: Deletion of unnecessary checks before two function calls 2014-11-20 13:08:43 +01:00
ip_vs_sed.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_sh.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_sync.c ipv4, ipv6: kill ip_mc_{join, leave}_group and ipv6_sock_mc_{join, drop} 2015-03-18 22:05:09 -04:00
ip_vs_wlc.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_wrr.c ipvs: use correct address family in scheduler logs 2014-09-18 08:59:23 +09:00
ip_vs_xmit.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
Kconfig ipvs: Add simple weighted failover scheduler 2014-09-16 09:03:32 +09:00
Makefile ipvs: Add simple weighted failover scheduler 2014-09-16 09:03:32 +09:00