kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/net/ipv4/netfilter
History
Julian Anastasov b0aeef3043 nf_nat: restrict ICMP translation for embedded header 
Skip ICMP translation of embedded protocol header
if NAT bits are not set. Needed for IPVS to see the original
embedded addresses because for IPVS traffic the IPS_SRC_NAT_BIT
and IPS_DST_NAT_BIT bits are not set. It happens when IPVS performs
DNAT for client packets after using nf_conntrack_alter_reply
to expect replies from real server.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
2010-10-21 13:30:02 +02:00
..
arp_tables.c netfilter: xtables: resolve indirect macros 3/3 2010-10-13 18:00:46 +02:00
arpt_mangle.c netfilter: xtables: resolve indirect macros 3/3 2010-10-13 18:00:46 +02:00
arptable_filter.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_queue.c netfilter: ip_queue: rwlock to spinlock conversion 2010-06-09 15:47:41 +02:00
ip_tables.c netfilter: xtables: resolve indirect macros 3/3 2010-10-13 18:00:46 +02:00
ipt_addrtype.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_CLUSTERIP.c netfilter: ipt_CLUSTERIP: use proto_ports_offset() to support AH message 2010-08-19 17:16:24 -07:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_ecn.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_LOG.c netfilter: ipt_LOG: add bufferisation to call printk() once 2010-10-04 20:56:05 +02:00
ipt_MASQUERADE.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_NETMAP.c netfilter: nf_nat: support user-specified SNAT rules in LOCAL_IN 2010-06-17 06:12:26 +02:00
ipt_REDIRECT.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_REJECT.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
ipt_ULOG.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
iptable_filter.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
iptable_mangle.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
iptable_raw.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
iptable_security.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Kconfig netfilter: fix kconfig unmet dependency warning 2010-10-18 11:13:30 +02:00
Makefile netfilter: Combine ipt_ttl and ip6t_hl source 2009-02-18 18:39:31 +01:00
nf_conntrack_l3proto_ipv4.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: nf_conntrack: extend with extra stat counter 2010-04-23 12:34:56 +02:00
nf_conntrack_proto_icmp.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_defrag_ipv4.c net - IP_NODEFRAG option for IPv4 socket 2010-06-23 13:16:38 -07:00
nf_nat_amanda.c netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers 2010-09-22 08:34:12 +02:00
nf_nat_core.c nf_nat: restrict ICMP translation for embedded header 2010-10-21 13:30:02 +02:00
nf_nat_ftp.c netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers 2010-09-22 08:34:12 +02:00
nf_nat_h323.c netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers 2010-09-22 08:34:12 +02:00
nf_nat_helper.c netfilter: nf_nat: add nf_nat_csum() 2010-09-15 19:24:50 +02:00
nf_nat_irc.c netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers 2010-09-22 08:34:12 +02:00
nf_nat_pptp.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_nat_proto_common.c netfilter: nf_nat: don't check if the tuple is unique when there isn't any other choice 2010-08-02 17:35:49 +02:00
nf_nat_proto_dccp.c netfilter: nf_nat: make unique_tuple return void 2010-08-02 17:20:54 +02:00
nf_nat_proto_gre.c netfilter: nf_nat: don't check if the tuple is unique when there isn't any other choice 2010-08-02 17:35:49 +02:00
nf_nat_proto_icmp.c netfilter: nf_nat: don't check if the tuple is unique when there isn't any other choice 2010-08-02 17:35:49 +02:00
nf_nat_proto_sctp.c netfilter: nf_nat: make unique_tuple return void 2010-08-02 17:20:54 +02:00
nf_nat_proto_tcp.c netfilter: nf_nat: make unique_tuple return void 2010-08-02 17:20:54 +02:00
nf_nat_proto_udp.c netfilter: nf_nat: make unique_tuple return void 2010-08-02 17:20:54 +02:00
nf_nat_proto_udplite.c netfilter: nf_nat: make unique_tuple return void 2010-08-02 17:20:54 +02:00
nf_nat_proto_unknown.c netfilter: nf_nat: make unique_tuple return void 2010-08-02 17:20:54 +02:00
nf_nat_rule.c netfilter: nf_nat: no IP_NAT_RANGE_MAP_IPS flags when alloc_null_binding() 2010-09-16 19:47:51 +02:00
nf_nat_sip.c netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers 2010-09-22 08:34:12 +02:00
nf_nat_snmp_basic.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
nf_nat_standalone.c netfilter: nf_nat: support user-specified SNAT rules in LOCAL_IN 2010-06-17 06:12:26 +02:00
nf_nat_tftp.c netfilter: fix some coding styles and remove moduleparam.h 2010-04-13 11:25:41 +02:00