linux/net/ipv4/netfilter
Florian Westphal f83a7ea207 netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too
Alex Efros reported rpfilter module doesn't match following packets:
IN=br.qemu SRC=192.168.2.1 DST=192.168.2.255 [ .. ]
(netfilter bugzilla #814).

Problem is that network stack arranges for the locally generated broadcasts
to appear on the interface they were sent out, so the IFF_LOOPBACK check
doesn't trigger.

As -m rpfilter is restricted to PREROUTING, we can check for existing
rtable instead, it catches locally-generated broad/multicast case, too.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-04-19 00:11:59 +02:00
..
arp_tables.c netfilter: Use IS_ERR_OR_NULL(). 2013-01-22 14:28:29 -05:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_tables.c netfilter: Use IS_ERR_OR_NULL(). 2013-01-22 14:28:29 -05:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_CLUSTERIP.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: ip6tables: add MASQUERADE target 2012-08-30 03:00:18 +02:00
ipt_REJECT.c netfilter: ip[6]t_REJECT: fix wrong transport header pointer in TCP reset 2012-12-16 23:27:35 +01:00
ipt_rpfilter.c netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too 2013-04-19 00:11:59 +02:00
ipt_ULOG.c net: remove redundant check for timer pending state before del_timer 2013-02-04 13:26:49 -05:00
iptable_filter.c netfilter: remove unnecessary goto statement for error recovery 2012-08-22 19:17:38 +02:00
iptable_mangle.c netfilter: remove unnecessary goto statement for error recovery 2012-08-22 19:17:38 +02:00
iptable_nat.c netfilter: nf_nat: Also handle non-ESTABLISHED routing changes in MASQUERADE 2012-12-16 23:28:30 +01:00
iptable_raw.c netfilter: remove unnecessary goto statement for error recovery 2012-08-22 19:17:38 +02:00
iptable_security.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
Kconfig netfilter: remove unused "config IP_NF_QUEUE" 2013-03-20 00:11:43 +01:00
Makefile netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
nf_conntrack_l3proto_ipv4_compat.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_conntrack_proto_icmp.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_defrag_ipv4.c netfilter: ipv4, defrag: switch hook PFs to nfproto 2012-06-07 14:58:42 +02:00
nf_nat_h323.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_l3proto_ipv4.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_pptp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_gre.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_icmp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_snmp_basic.c net: Remove casts to same type 2012-06-04 11:45:11 -04:00