leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
855404efae
linux/net/ipv4/netfilter
History
David S. Miller 855404efae Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 
Pablo Neira Ayuso says:

====================
netfilter/IPVS updates for net-next

The following patchset contains Netfilter updates for your net-next tree,
they are:

* Add full port randomization support. Some crazy researchers found a way
  to reconstruct the secure ephemeral ports that are allocated in random mode
  by sending off-path bursts of UDP packets to overrun the socket buffer of
  the DNS resolver to trigger retransmissions, then if the timing for the
  DNS resolution done by a client is larger than usual, then they conclude
  that the port that received the burst of UDP packets is the one that was
  opened. It seems a bit aggressive method to me but it seems to work for
  them. As a result, Daniel Borkmann and Hannes Frederic Sowa came up with a
  new NAT mode to fully randomize ports using prandom.

* Add a new classifier to x_tables based on the socket net_cls set via
  cgroups. These includes two patches to prepare the field as requested by
  Zefan Li. Also from Daniel Borkmann.

* Use prandom instead of get_random_bytes in several locations of the
  netfilter code, from Florian Westphal.

* Allow to use the CTA_MARK_MASK in ctnetlink when mangling the conntrack
  mark, also from Florian Westphal.

* Fix compilation warning due to unused variable in IPVS, from Geert
  Uytterhoeven.

* Add support for UID/GID via nfnetlink_queue, from Valentina Giusti.

* Add IPComp extension to x_tables, from Fan Du.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-01-05 20:18:50 -05:00
..
arp_tables.c netfilter: x_tables: fix ordering of jumpstack allocation and table update 2013-10-22 10:11:29 +02:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip_tables.c netfilter: x_tables: fix ordering of jumpstack allocation and table update 2013-10-22 10:11:29 +02:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_CLUSTERIP.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-11-04 19:46:58 -05:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
ipt_REJECT.c netfilter: ip[6]t_REJECT: tcp-reset using wrong MAC source if bridged 2013-08-28 00:13:12 +02:00
ipt_rpfilter.c netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too 2013-04-19 00:11:59 +02:00
ipt_SYNPROXY.c netfilter: SYNPROXY target: restrict to INPUT/FORWARD 2013-12-11 11:30:25 +01:00
ipt_ULOG.c netfilter: ipt_ULOG: fix info leaks 2013-10-02 17:28:36 +02:00
iptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_mangle.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_nat.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_raw.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_security.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
Kconfig netfilter: nf_tables: add ARP filtering support 2013-10-14 18:01:03 +02:00
Makefile netfilter: nf_tables: add ARP filtering support 2013-10-14 18:01:03 +02:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: remove dead code 2014-01-03 23:41:37 +01:00
nf_conntrack_proto_icmp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_defrag_ipv4.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
nf_nat_h323.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_l3proto_ipv4.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_gre.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_icmp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_snmp_basic.c ipv4: fix checkpatch error "space prohibited" 2013-12-26 13:43:21 -05:00
nf_tables_arp.c netfilter: nf_tables: add ARP filtering support 2013-10-14 18:01:03 +02:00
nf_tables_ipv4.c netfilter: nf_tables: remove duplicated include from nf_tables_ipv4.c 2013-11-03 22:36:25 +01:00
nft_chain_nat_ipv4.c netfilter: nf_tables: Add support for IPv6 NAT 2013-10-14 18:00:58 +02:00
nft_chain_route_ipv4.c netfilter: nf_tables: add compatibility layer for x_tables 2013-10-14 18:00:04 +02:00
nft_reject_ipv4.c netfilter: nft_reject: fix endianness in dump function 2013-12-12 09:37:39 +01:00