unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../net/ipv4
History
Patrick McHardy ee68cea2c2 [NETFILTER]: Fix xfrm lookup after SNAT 
To find out if a packet needs to be handled by IPsec after SNAT, packets
are currently rerouted in POST_ROUTING and a new xfrm lookup is done. This
breaks SNAT of non-unicast packets to non-local addresses because the
packet is routed as incoming packet and no neighbour entry is bound to the
dst_entry. In general, it seems to be a bad idea to replace the dst_entry
after the packet was already sent to the output routine because its state
might not match what's expected.

This patch changes the xfrm lookup in POST_ROUTING to re-use the original
dst_entry without routing the packet again. This means no policy routing
can be used for transport mode transforms (which keep the original route)
when packets are SNATed to match the policy, but it looks like the best
we can do for now.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-15 01:34:23 -08:00
..
ipvs [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
netfilter [NETFILTER]: Fix xfrm lookup after SNAT 2006-02-15 01:34:23 -08:00
af_inet.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
ah4.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
arp.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
datagram.c
devinet.c [NETLINK]: illegal use of pid in rtnetlink 2006-02-09 16:43:41 -08:00
esp4.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
fib_frontend.c x86: Work around compiler code generation bug with -Os 2006-01-14 22:08:28 -08:00
fib_hash.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
fib_lookup.h
fib_rules.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
fib_semantics.c [NETLINK]: illegal use of pid in rtnetlink 2006-02-09 16:43:41 -08:00
fib_trie.c [IPV4] fib_trie: build fix 2006-01-03 14:38:34 -08:00
icmp.c [IPV4] ICMP: Invert default for invalid icmp msgs sysctl 2006-02-13 15:36:21 -08:00
igmp.c [PATCH] ipv4 NULL noise removal 2006-02-07 20:57:37 -05:00
inet_connection_sock.c
inet_diag.c [INET_DIAG]: Introduce sk_diag_fill 2006-01-09 14:56:56 -08:00
inet_hashtables.c [INET]: Generalise tcp_v4_hash_connect 2006-01-03 13:10:55 -08:00
inet_timewait_sock.c [TWSK]: Introduce struct timewait_sock_ops 2006-01-03 13:10:54 -08:00
inetpeer.c [NET]: Change some "if (x) BUG();" to "BUG_ON(x);" 2006-01-09 14:16:18 -08:00
ip_forward.c
ip_fragment.c [NET]: Endian-annotate struct iphdr 2006-01-06 13:24:29 -08:00
ip_gre.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
ip_input.c [NETFILTER]: Keep conntrack reference until IPsec policy checks are done 2006-01-07 12:57:36 -08:00
ip_options.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
ip_output.c [IPV4]: ip_output.c needs xfrm.h 2006-01-09 14:16:28 -08:00
ip_sockglue.c [NET]: Remove more unneeded typecasts on *malloc() 2006-01-11 16:32:14 -08:00
ipcomp.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
ipconfig.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
ipip.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
ipmr.c [PATCH] capable/capability.h (net/) 2006-01-11 18:42:14 -08:00
Kconfig
Makefile [NETFILTER]: net/ipv[46]/netfilter.c cleanups 2006-01-10 12:54:29 -08:00
multipath.c
multipath_drr.c
multipath_random.c
multipath_rr.c
multipath_wrandom.c [IPV4] multipath_wrandom: Fix softirq-unsafe spin lock usage 2006-02-02 16:59:16 -08:00
netfilter.c [NETFILTER]: Fix xfrm lookup after SNAT 2006-02-15 01:34:23 -08:00
proc.c [PATCH] percpu data: only iterate over possible CPUs 2006-02-05 11:06:51 -08:00
protocol.c
raw.c [PATCH] EDAC: atomic scrub operations 2006-01-18 19:20:30 -08:00
route.c [IPV4]: RT_CACHE_STAT_INC() warning fix 2006-01-17 22:46:49 -08:00
syncookies.c
sysctl_net_ipv4.c [INET_SOCK]: Move struct inet_sock & helper functions to net/inet_sock.h 2006-01-03 13:11:21 -08:00
tcp.c [IP_SOCKGLUE]: Remove most of the tcp specific calls 2006-01-03 13:10:58 -08:00
tcp_bic.c
tcp_cong.c [TCP]: less inline's 2006-01-03 16:03:49 -08:00
tcp_cubic.c [TCP] cubic: use Newton-Raphson 2006-01-03 13:11:09 -08:00
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c [TCP] H-TCP: Fix accounting 2006-01-30 20:54:39 -08:00
tcp_hybla.c
tcp_input.c [TCP]: rcvbuf lock when tcp_moderate_rcvbuf enabled 2006-02-09 17:06:57 -08:00
tcp_ipv4.c [NET]: Do not export inet_bind_bucket_create twice. 2006-01-31 17:47:02 -08:00
tcp_minisocks.c
tcp_output.c [TCP]: less inline's 2006-01-03 16:03:49 -08:00
tcp_scalable.c
tcp_timer.c
tcp_vegas.c [TCP] tcp_vegas: Fix slow start 2006-01-04 13:59:32 -08:00
tcp_westwood.c
udp.c [NETFILTER]: Keep conntrack reference until IPsec policy checks are done 2006-01-07 12:57:36 -08:00
xfrm4_input.c [IPV4/6]: Netfilter IPsec input hooks 2006-01-07 12:57:31 -08:00
xfrm4_output.c [NETFILTER]: Redo policy lookups after NAT when neccessary 2006-01-07 12:57:35 -08:00
xfrm4_policy.c [PATCH] remove bogus asm/bug.h includes. 2006-02-07 20:56:35 -05:00
xfrm4_state.c [XFRM]: IPsec tunnel wildcard address support 2006-01-13 14:34:36 -08:00
xfrm4_tunnel.c