Florian Westphal 878aed8db3 netfilter: nat: force port remap to prevent shadowing well-known ports ... If destination port is above 32k and source port below 16k assume this might cause 'port shadowing' where a 'new' inbound connection matches an existing one, e.g. inbound X:41234 -> Y:53 matches existing conntrack entry Z:53 -> X:4123, where Z got natted to X. In this case, new packet is natted to Z:53 which is likely unwanted. We avoid the rewrite for connections that originate from local host: port-shadowing is only possible with forwarded connections. Also adjust test case. v3: no need to call tuple_force_port_remap if already in random mode (Phil) Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Phil Sutter <phil@nwl.cc> Acked-by: Eric Garver <eric@garver.life> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>		2021-12-23 01:07:44 +01:00
..
cxl	tools/testing/cxl: Introduce a mock memory device + driver	2021-09-21 14:09:34 -07:00
fault-injection
ktest	bootconfig/tracing/ktest: Update ktest example for boot-time tracing	2021-08-16 11:39:51 -04:00
kunit	kunit: tool: fix typecheck errors about loading qemu configs	2021-10-29 13:05:47 -06:00
nvdimm	tools/testing/nvdimm: Fix missing 'fallthrough' warning	2021-08-11 11:55:54 -07:00
radix-tree	tools: Fix math.h breakage	2021-11-30 09:14:42 -08:00
scatterlist	Merge branch 'akpm' (patches from Andrew)	2021-09-03 10:08:28 -07:00
selftests	netfilter: nat: force port remap to prevent shadowing well-known ports	2021-12-23 01:07:44 +01:00
vsock	vsock_diag_test: remove free_sock_stat() call in test_no_sockets	2021-10-15 17:21:34 -07:00