linux/net/ipv6/netfilter
Dmitry Mishin 74c9c0c17d [NETFILTER]: Fix {ip,ip6,arp}_tables hook validation
Commit 590bdf7fd2 introduced a regression
in match/target hook validation. mark_source_chains builds a bitmask
for each rule representing the hooks it can be reached from, which is
then used by the matches and targets to make sure they are only called
from valid hooks. The patch moved the match/target specific validation
before the mark_source_chains call, at which point the mask is always zero.

This patch returns back to the old order and moves the standard checks
to mark_source_chains. This allows to get rid of a special case for
standard targets as a nice side-effect.

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-06 18:39:02 -08:00
..
ip6_queue.c [NETFILTER]: Fix PROC_FS=n warnings 2006-12-02 21:31:34 -08:00
ip6_tables.c [NETFILTER]: Fix {ip,ip6,arp}_tables hook validation 2006-12-06 18:39:02 -08:00
ip6t_ah.c [NETFILTER]: Fix ip6_tables extension header bypass bug 2006-10-24 16:15:10 -07:00
ip6t_eui64.c [IPV6]: Endian fix in net/ipv6/netfilter/ip6t_eui64.c:match(). 2006-05-16 15:24:41 -07:00
ip6t_frag.c [NETFILTER]: Fix ip6_tables extension header bypass bug 2006-10-24 16:15:10 -07:00
ip6t_hbh.c [NETFILTER]: Fix ip6_tables extension header bypass bug 2006-10-24 16:15:10 -07:00
ip6t_hl.c [NETFILTER]: Rename init functions. 2006-03-28 17:02:48 -08:00
ip6t_HL.c [NETFILTER]: ip6t_HL: remove write-only variable 2006-09-22 15:19:55 -07:00
ip6t_ipv6header.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
ip6t_LOG.c [NETFILTER]: x_tables: add NFLOG target 2006-12-02 21:31:31 -08:00
ip6t_owner.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
ip6t_REJECT.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
ip6t_rt.c [NETFILTER]: Fix ip6_tables extension header bypass bug 2006-10-24 16:15:10 -07:00
ip6table_filter.c [NETFILTER]: x_tables: remove unused argument to target functions 2006-09-22 14:55:33 -07:00
ip6table_mangle.c [NET]: Turn nfmark into generic mark 2006-12-02 21:21:38 -08:00
ip6table_raw.c [NETFILTER]: x_tables: remove unused argument to target functions 2006-09-22 14:55:33 -07:00
Kconfig [NETFILTER]: Mark old IPv4-only connection tracking scheduled for removal 2006-12-02 22:11:01 -08:00
Makefile [NETFILTER]: ip6_tables: consolidate dst and hbh matches 2006-09-22 14:55:37 -07:00
nf_conntrack_l3proto_ipv6.c [NETFILTER]: nf_conntrack: move conntrack protocol sysctls to individual modules 2006-12-02 21:31:18 -08:00
nf_conntrack_proto_icmpv6.c [NETFILTER]: nf_conntrack: endian annotations 2006-12-02 22:05:08 -08:00
nf_conntrack_reasm.c [NETFILTER]: nf_conntrack: endian annotations 2006-12-02 22:05:08 -08:00