linux/net/ipv4
Yasuyuki Kozakai 130e7a83d7 [NETFILTER]: nf_conntrack: Don't track locally generated special ICMP error
The conntrack assigned to locally generated ICMP error is usually the one
assigned to the original packet which has caused the error. But if
the original packet is handled as invalid by nf_conntrack, no conntrack
is assigned to the original packet. Then nf_ct_attach() cannot assign
any conntrack to the ICMP error packet. In that case the current
nf_conntrack_icmp assigns appropriate conntrack to it. But the current
code mistakes the direction of the packet. As a result, NAT code mistakes
the address to be mangled.

To fix the bug, this changes nf_conntrack_icmp not to assign conntrack
to such ICMP error. Actually no address is necessary to be mangled
in this case.

Spotted by Jordan Russell.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-14 20:45:41 -07:00
..
ipvs [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
netfilter [NETFILTER]: nf_conntrack: Don't track locally generated special ICMP error 2007-07-14 20:45:41 -07:00
af_inet.c [NET]: IPV6 checksum offloading in network devices 2007-07-10 22:15:52 -07:00
ah4.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00
arp.c [IPV4]: Convert IPv4 devconf to an array 2007-06-07 13:39:13 -07:00
cipso_ipv4.c [CIPSO]: Fix several unaligned kernel accesses in the CIPSO engine. 2007-06-08 13:33:10 -07:00
datagram.c [IPV4]: Fix "ipOutNoRoutes" counter error for TCP and UDP 2007-06-03 18:08:50 -07:00
devinet.c [IPV4]: Do not remove idev when addresses are cleared 2007-06-08 13:33:08 -07:00
esp4.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00
fib_frontend.c [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
fib_hash.c [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
fib_lookup.h [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
fib_rules.c [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
fib_semantics.c [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
fib_trie.c [RTNETLINK]: Fix sending netlink message when replace route. 2007-05-24 16:36:53 -07:00
icmp.c [ICMP]: Fix icmp_errors_use_inbound_ifaddr sysctl 2007-06-03 18:08:51 -07:00
igmp.c [IPV4]: Convert IPv4 devconf to an array 2007-06-07 13:39:13 -07:00
inet_connection_sock.c [TCP]: Use default 32768-61000 outgoing port range in all cases. 2007-06-03 18:08:43 -07:00
inet_diag.c [NETLINK]: Switch cb_lock spinlock to mutex and allow to override it 2007-04-25 22:29:03 -07:00
inet_hashtables.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
inet_timewait_sock.c [INET_SOCK]: make net/ipv4/inet_timewait_sock.c:__inet_twsk_kill() static 2007-07-14 19:00:59 -07:00
inetpeer.c [IPV4]: Optimize inet_getpeer() 2007-04-25 22:23:49 -07:00
ip_forward.c [NET]: Allow forwarding of ip_summed except CHECKSUM_COMPLETE 2007-04-25 22:28:16 -07:00
ip_fragment.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ip_gre.c [NET]: Avoid copying writable clones in tunnel drivers 2007-07-10 22:19:05 -07:00
ip_input.c [IPV4] SNMP: Support InMcastPkts and InBcastPkts 2007-04-30 00:58:29 -07:00
ip_options.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
ip_output.c [NETFILTER]: x_tables: add TRACE target 2007-07-10 22:17:14 -07:00
ip_sockglue.c [INET]: Add IP(V6)_PMTUDISC_RPOBE 2007-04-25 22:29:10 -07:00
ipcomp.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00
ipconfig.c [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
ipip.c [NET]: Avoid copying writable clones in tunnel drivers 2007-07-10 22:19:05 -07:00
ipmr.c [IPV4]: Restore old behaviour of default config values 2007-06-07 13:39:26 -07:00
Kconfig [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
Makefile [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
netfilter.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
proc.c [IPV4]: Convert IPv4 devconf to an array 2007-06-07 13:39:13 -07:00
protocol.c [IPV4]: align inet_protos[] on SMP 2007-04-25 22:28:20 -07:00
raw.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
route.c [IPV4]: Make ip_tos2prio const. 2007-07-10 22:19:04 -07:00
syncookies.c [SK_BUFF]: Introduce tcp_hdr(), remove skb->h.th 2007-04-25 22:25:26 -07:00
sysctl_net_ipv4.c [IPV4]: Convert IPv4 devconf to an array 2007-06-07 13:39:13 -07:00
tcp_bic.c [TCP]: Set initial_ssthresh default to zero in Cubic and BIC. 2007-06-13 01:03:53 -07:00
tcp_cong.c [TCP] slow start: Make comments and code logic clearer. 2007-05-17 14:20:31 -07:00
tcp_cubic.c [TCP]: Set initial_ssthresh default to zero in Cubic and BIC. 2007-06-13 01:03:53 -07:00
tcp_diag.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_highspeed.c [TCP] Highspeed: Limited slow-start is nowadays in tcp_slow_start 2007-05-03 13:28:35 -07:00
tcp_htcp.c [TCP]: Congestion control API update. 2007-04-25 22:29:45 -07:00
tcp_hybla.c [TCP]: whitespace cleanup 2007-04-25 22:24:13 -07:00
tcp_illinois.c [TCP]: Congestion control API RTT sampling fix 2007-06-15 15:08:43 -07:00
tcp_input.c [TCP]: Fix logic breakage due to DSACK separation 2007-06-15 15:14:04 -07:00
tcp_ipv4.c [TCPv4]: Improve BH latency in /proc/net/tcp 2007-07-10 22:06:20 -07:00
tcp_lp.c [TCP]: Congestion control API RTT sampling fix 2007-06-15 15:08:43 -07:00
tcp_minisocks.c [SK_BUFF]: Introduce tcp_hdr(), remove skb->h.th 2007-04-25 22:25:26 -07:00
tcp_output.c [TCP]: SACK fastpath did override adjusted fackets_out 2007-07-10 22:16:24 -07:00
tcp_probe.c [TCP]: tcp probe add back ssthresh field 2007-07-14 18:57:19 -07:00
tcp_scalable.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
tcp_timer.c [TCP]: Use LIMIT_NETDEBUG in tcp_retransmit_timer(). 2007-06-07 13:40:08 -07:00
tcp_vegas.c [TCP]: Congestion control API RTT sampling fix 2007-06-15 15:08:43 -07:00
tcp_vegas.h [TCP] TCP YEAH: Use vegas dont copy it. 2007-04-25 22:29:46 -07:00
tcp_veno.c [TCP]: Congestion control API RTT sampling fix 2007-06-15 15:08:43 -07:00
tcp_westwood.c [TCP]: Congestion control API update. 2007-04-25 22:29:45 -07:00
tcp_yeah.c [TCP] TCP YEAH: Use vegas dont copy it. 2007-04-25 22:29:46 -07:00
tcp.c I/OAT: warning fix 2007-07-11 16:10:53 -07:00
tunnel4.c [IPSEC]: Changing API of xfrm4_tunnel_register. 2007-02-13 12:54:47 -08:00
udp_impl.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
udp.c [UDP]: Fix length check. 2007-07-10 23:06:43 -07:00
udplite.c [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
xfrm4_input.c [UDP]: Cleanup UDP encapsulation code 2007-07-10 22:16:53 -07:00
xfrm4_mode_beet.c [XFRM]: beet: fix worst case header_len calculation 2007-04-25 22:28:39 -07:00
xfrm4_mode_transport.c [SK_BUFF]: unions of just one member don't get anything done, kill them 2007-04-25 22:26:20 -07:00
xfrm4_mode_tunnel.c [IPSEC]: Fix panic when using inter address familiy IPsec on loopback. 2007-05-31 01:23:28 -07:00
xfrm4_output.c [SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph 2007-04-25 22:25:10 -07:00
xfrm4_policy.c [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
xfrm4_state.c [IPSEC]: exporting xfrm_state_afinfo 2007-02-08 12:39:00 -08:00
xfrm4_tunnel.c [XFRM]: Add module alias for transformation type. 2007-07-10 22:15:43 -07:00