leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
681f130f39
linux/include
History
Eric Dumazet 681f130f39 netfilter: xt_socket: add XT_SOCKET_NOWILDCARD flag 
xt_socket module can be a nice replacement to conntrack module
in some cases (SYN filtering for example)

But it lacks the ability to match the 3rd packet of TCP
handshake (ACK coming from the client).

Add a XT_SOCKET_NOWILDCARD flag to disable the wildcard mechanism.

The wildcard is the legacy socket match behavior, that ignores
LISTEN sockets bound to INADDR_ANY (or ipv6 equivalent)

iptables -I INPUT -p tcp --syn -j SYN_CHAIN
iptables -I INPUT -m socket --nowildcard -j ACCEPT

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2013-06-20 20:28:49 +02:00
..
acpi ACPI / PM: Allow device power states to be used for CONFIG_PM unset 2013-05-22 00:19:28 +02:00
asm-generic Merge branch 'fixes' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2013-06-11 11:16:43 -07:00
clocksource ARM: late Exynos multiplatform changes 2013-05-07 11:28:42 -07:00
crypto
drm Merge branch 'drm-radeon-sun-hainan' of git://people.freedesktop.org/~airlied/linux 2013-05-21 08:50:57 -07:00
dt-bindings
keys
linux Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-19 16:49:39 -07:00
math-emu
media Merge branch 'topic/omap3isp' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2013-05-01 09:57:04 -07:00
memory
misc
net ndisc: Convert use of typedef ctl_table to struct ctl_table 2013-06-19 23:18:07 -07:00
pcmcia
ras
rdma
rxrpc
scsi Merge branch 'postmerge' into for-linus 2013-05-10 07:54:01 -07:00
sound ASoC: dapm: Treat DAI widgets like AIF widgets for power 2013-06-07 15:54:50 +01:00
target target: Propigate up ->cmd_kref put return via transport_generic_free_cmd 2013-05-31 01:21:23 -07:00
trace Fixed regressions (two stability regressions and a performance 2013-05-14 09:30:54 -07:00
uapi netfilter: xt_socket: add XT_SOCKET_NOWILDCARD flag 2013-06-20 20:28:49 +02:00
video Merge branch 'fbdev-3.10-fixes' of git://gitorious.org/linux-omap-dss2/linux into linux-fbdev/for-3.10-fixes 2013-05-29 17:00:34 +08:00
xen Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-06-05 16:37:30 -07:00
Kbuild UAPI: remove empty Kbuild files 2013-04-30 17:04:09 -07:00