leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
097f95d319
linux/net
History
Tan Hu 097f95d319 netfilter: masquerade: don't flush all conntracks if only one address deleted on device 
We configured iptables as below, which only allowed incoming data on
established connections:

iptables -t mangle -A PREROUTING -m state --state ESTABLISHED -j ACCEPT
iptables -t mangle -P PREROUTING DROP

When deleting a secondary address, current masquerade implements would
flush all conntracks on this device. All the established connections on
primary address also be deleted, then subsequent incoming data on the
connections would be dropped wrongly because it was identified as NEW
connection.

So when an address was delete, it should only flush connections related
with the address.

Signed-off-by: Tan Hu <tan.hu@zte.com.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-09-28 14:28:26 +02:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-07-06 12:32:12 +02:00
9p Pull request for inclusion in 4.19, take two 2018-08-17 17:27:58 -07:00
802
8021q net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
appletalk
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
ax25 ax25: remove blank line at EOF 2018-07-24 14:10:42 -07:00
batman-adv Merge ra.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux 2018-07-20 21:17:12 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
bpf bpf/test_run: support cgroup local storage 2018-08-03 00:47:32 +02:00
bpfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
bridge net: bridge: add support for sticky fdb entries 2018-09-12 20:30:03 -07:00
caif net: simplify sock_poll_wait 2018-07-30 09:10:25 -07:00
can
ceph crush: fix using plain integer as NULL warning 2018-08-13 17:55:44 +02:00
core pktgen: Fix fall-through annotation 2018-09-13 15:36:41 -07:00
dcb net: dcb: Add priority-to-DSCP map getters 2018-07-27 13:17:50 -07:00
dccp Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-08-09 11:52:36 -07:00
decnet decnet: fix using plain integer as NULL warning 2018-08-09 14:11:24 -07:00
dns_resolver net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
dsa net: dsa: Add Lantiq / Intel GSWIP tag support 2018-09-13 08:14:33 -07:00
ethernet
hsr
ieee802154 net: Add and use skb_mark_not_on_list(). 2018-09-10 10:06:54 -07:00
ife
ipv4 netfilter: masquerade: don't flush all conntracks if only one address deleted on device 2018-09-28 14:28:26 +02:00
ipv6 netfilter: masquerade: don't flush all conntracks if only one address deleted on device 2018-09-28 14:28:26 +02:00
iucv net/iucv: declare iucv_path_table_empty() as static 2018-09-05 22:32:22 -07:00
kcm net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2018-07-27 09:33:37 -07:00
l2tp l2tp: fix unused function warning 2018-08-13 20:45:49 -07:00
l3mdev
lapb
llc llc: avoid blocking in llc_sap_close() 2018-09-13 09:04:58 -07:00
mac80211 mac80211: Don't access sk_queue_head->next directly. 2018-09-10 10:06:53 -07:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-08-06 11:21:37 +02:00
mpls mpls: remove trailing whitepace 2018-07-24 14:10:42 -07:00
ncsi net/ncsi: remove duplicated include from ncsi-netlink.c 2018-08-29 19:10:40 -07:00
netfilter netfilter: ctnetlink: must check mark attributes vs NULL 2018-09-21 10:14:46 +02:00
netlabel
netlink netlink: remove hash::nelems check in netlink_insert 2018-09-12 00:08:44 -07:00
netrom
nfc net: simplify sock_poll_wait 2018-07-30 09:10:25 -07:00
nsh nsh: set mac len based on inner packet 2018-07-12 16:55:29 -07:00
openvswitch netfilter: conntrack: pass nf_hook_state to packet and error handlers 2018-09-20 17:54:37 +02:00
packet packet: add sockopt to ignore outgoing packets 2018-09-05 22:09:37 -07:00
phonet
psample
qrtr net: qrtr: Reset the node and port ID of broadcast messages 2018-07-05 20:20:03 +09:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-09-12 22:22:42 -07:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-09-04 21:33:03 -07:00
rose
rxrpc net: Add and use skb_mark_not_on_list(). 2018-09-10 10:06:54 -07:00
sched net/sched: act_police: don't use spinlock in the data path 2018-09-16 15:30:22 -07:00
sctp sctp: Use skb_queue_is_first(). 2018-09-10 10:06:53 -07:00
smc RDMA/smc: Replace ib_query_gid with rdma_get_gid_attr 2018-08-17 16:45:51 -06:00
strparser strparser: remove redundant variable 'rd_desc' 2018-08-01 10:00:06 -07:00
sunrpc NFS client updates for Linux 4.19 2018-08-23 16:03:58 -07:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-09-12 22:22:42 -07:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-09-12 22:22:42 -07:00
unix af_unix: ensure POLLOUT on remote close() for connected dgram socket 2018-08-03 16:44:19 -07:00
vmw_vsock vsock: split dwork to avoid reinitializations 2018-08-07 12:39:13 -07:00
wimax wimax: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
wireless cfg80211: validate wmm rule when setting 2018-09-05 10:16:59 +02:00
x25 x25: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
xdp xsk: i40e: get rid of useless struct xdp_umem_props 2018-09-01 01:38:16 +02:00
xfrm net: Add and use skb_mark_not_on_list(). 2018-09-10 10:06:54 -07:00
compat.c net: avoid unnecessary sock_flag() check when enable timestamp 2018-08-06 10:42:48 -07:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-08-15 15:04:25 -07:00
sysctl_net.c