linux-hardened/net/ipv4
Changli Gao b46ffb8545 netfilter: fix ipt_REJECT TCP RST routing for indev == outdev
ip_route_me_harder can't create the route cache when the outdev is the same
with the indev for the skbs whichout a valid protocol set.

__mkroute_input functions has this check:
1998         if (skb->protocol != htons(ETH_P_IP)) {
1999                 /* Not IP (i.e. ARP). Do not create route, if it is
2000                  * invalid for proxy arp. DNAT routes are always valid.
2001                  *
2002                  * Proxy arp feature have been extended to allow, ARP
2003                  * replies back to the same interface, to support
2004                  * Private VLAN switch technologies. See arp.c.
2005                  */
2006                 if (out_dev == in_dev &&
2007                     IN_DEV_PROXY_ARP_PVLAN(in_dev) == 0) {
2008                         err = -EINVAL;
2009                         goto cleanup;
2010                 }
2011         }

This patch gives the new skb a valid protocol to bypass this check. In order
to make ipt_REJECT work with bridges, you also need to enable ip_forward.

This patch also fixes a regression. When we used skb_copy_expand(), we
didn't have this issue stated above, as the protocol was properly set.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-22 13:13:32 -07:00
..
netfilter netfilter: fix ipt_REJECT TCP RST routing for indev == outdev 2010-09-22 13:13:32 -07:00
af_inet.c inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage() 2010-07-12 20:21:46 -07:00
ah4.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
arp.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
cipso_ipv4.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
datagram.c udp: add rehash on connect() 2010-09-08 21:45:01 -07:00
devinet.c arp_notify: allow drivers to explicitly request a notification event. 2010-05-31 00:27:44 -07:00
esp4.c xfrm: SA lookups signature with mark 2010-02-22 16:20:22 -08:00
fib_frontend.c ipv4: Fix reverse path filtering with multipath routing. 2010-09-07 13:57:24 -07:00
fib_hash.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
fib_lookup.h ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_rules.c net: rtnetlink: decouple rtnetlink address families from real address families 2010-04-26 16:13:54 +02:00
fib_semantics.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
fib_trie.c ipv4: Suppress lockdep-RCU false positive in FIB trie (3) 2010-09-08 14:14:20 -07:00
icmp.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
igmp.c ipv4: force_igmp_version ignored when a IGMPv3 query received 2010-09-13 12:56:51 -07:00
inet_connection_sock.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_diag.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
inet_fragment.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_hashtables.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_lro.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
inet_timewait_sock.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
inetpeer.c inetpeer: restore small inet_peer structures 2010-06-16 11:55:39 -07:00
ip_forward.c net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
ip_fragment.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
ip_gre.c ip_gre: CONFIG_IPV6_MODULE support 2010-09-20 10:06:12 -07:00
ip_input.c net: use this_cpu_ptr() 2010-06-28 23:24:29 -07:00
ip_options.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
ip_output.c ip: fix truesize mismatch in ip fragmentation 2010-09-21 15:05:50 -07:00
ip_sockglue.c ipv4: enable getsockopt() for IP_NODEFRAG 2010-09-13 19:57:23 -07:00
ipcomp.c xfrm: SA lookups signature with mark 2010-02-22 16:20:22 -08:00
ipconfig.c ipconfig: send host-name in DHCP requests 2010-06-02 07:05:03 -07:00
ipip.c net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
ipmr.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 18:25:24 -07:00
Kconfig ipv4: minor fix about RPF in help of Kconfig 2010-09-01 14:29:36 -07:00
Makefile
netfilter.c Merge branch 'master' of /repos/git/net-next-2.6 2010-06-15 17:31:06 +02:00
proc.c snmp: 64bit ipstats_mib for all arches 2010-06-30 13:31:19 -07:00
protocol.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
raw.c net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
route.c net: blackhole route should always be recalculated 2010-09-08 14:35:43 -07:00
syncookies.c syncookies: add support for ECN 2010-06-26 22:00:03 -07:00
sysctl_net_ipv4.c net: reserve ports for applications using fixed port numbers 2010-05-15 23:28:40 -07:00
tcp.c tcp: Fix race in tcp_poll 2010-09-20 15:42:05 -07:00
tcp_bic.c
tcp_cong.c net/ipv4: Eliminate kstrdup memory leak 2010-08-27 19:31:56 -07:00
tcp_cubic.c
tcp_diag.c tcp: diag: Dont report negative values for rx queue 2009-12-03 16:06:13 -08:00
tcp_highspeed.c
tcp_htcp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_hybla.c TCP: tcp_hybla: Fix integer overflow in slow start increment 2010-06-02 07:15:48 -07:00
tcp_illinois.c
tcp_input.c tcp: Fix race in tcp_poll 2010-09-20 15:42:05 -07:00
tcp_ipv4.c inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage() 2010-07-12 20:21:46 -07:00
tcp_lp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_minisocks.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
tcp_output.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 18:25:24 -07:00
tcp_probe.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
tcp_scalable.c
tcp_timer.c tcp: Combat per-cpu skew in orphan tests. 2010-08-25 02:27:49 -07:00
tcp_vegas.c tcp: tcp_vegas ssthresh bugfix 2009-05-25 22:44:59 -07:00
tcp_vegas.h
tcp_veno.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_westwood.c
tcp_yeah.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tunnel4.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
udp.c udp: add rehash on connect() 2010-09-08 21:45:01 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udplite.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
xfrm4_input.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
xfrm4_output.c netfilter: ipv4: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:30 +01:00
xfrm4_policy.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-07 15:59:38 -07:00
xfrm4_state.c xfrm: Allow different selector family in temporary state 2010-09-20 11:11:38 -07:00
xfrm4_tunnel.c