dect
/
linux-2.6
Archived
13
0
Fork 0
Code Releases Activity
This repository has been archived on 2022-02-17. You can view files and clone it, but cannot push or open issues or pull requests.
linux-2.6/net/netfilter
History
Pablo Neira Ayuso 10db9069eb netfilter: xt_CT: recover NOTRACK target support 
Florian Westphal reported that the removal of the NOTRACK target
(9655050 netfilter: remove xt_NOTRACK) is breaking some existing
setups.

That removal was scheduled for removal since long time ago as
described in Documentation/feature-removal-schedule.txt

What:  xt_NOTRACK
Files: net/netfilter/xt_NOTRACK.c
When:  April 2011
Why:   Superseded by xt_CT

Still, people may have not notice / may have decided to stick to an
old iptables version. I agree with him in that some more conservative
approach by spotting some printk to warn users for some time is less
agressive.

Current iptables 1.4.16.3 already contains the aliasing support
that makes it point to the CT target, so upgrading would fix it.
Still, the policy so far has been to avoid pushing our users to
upgrade.

As a solution, this patch recovers the NOTRACK target inside the CT
target and it now spots a warning.

Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2012-12-24 12:55:09 +01:00
..
ipset netfilter: ipset: Increase the number of maximal sets automatically 2012-12-03 14:36:08 +01:00
ipvs Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/jesse/openvswitch 2012-11-30 12:01:30 -05:00
Kconfig netfilter: xt_CT: recover NOTRACK target support 2012-12-24 12:55:09 +01:00
Makefile netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
core.c netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
nf_conntrack_acct.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_amanda.c netfilter: nf_nat: support IPv6 in amanda NAT helper 2012-08-30 03:00:21 +02:00
nf_conntrack_broadcast.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_core.c netfilter: xt_CT: fix crash while destroy ct templates 2012-12-16 23:44:12 +01:00
nf_conntrack_ecache.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_expect.c netfilter: nf_ct_expect: fix possible access to uninitialized timer 2012-08-16 11:49:53 +02:00
nf_conntrack_extend.c netfilter: nf_ct_ext: support variable length extensions 2012-06-16 15:08:49 +02:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: add sequence tracking pickup facility for injected entries 2012-09-24 14:29:40 +02:00
nf_conntrack_h323_asn1.c netfilter: h323: bug in parsing of ASN1 SEQOF field 2011-04-04 15:21:02 +02:00
nf_conntrack_h323_main.c netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper 2012-10-22 12:21:55 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_irc.c netfilter: nf_nat: support IPv6 in IRC NAT helper 2012-08-30 03:00:23 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c netfilter: ctnetlink: nla_policy updates 2012-12-03 15:13:10 +01:00
nf_conntrack_pptp.c netfilter: nf_nat: add protoff argument to packet mangling functions 2012-08-30 03:00:13 +02:00
nf_conntrack_proto.c netfilter: nf_conntrack: remove unnecessary RTNL locking 2012-08-20 12:46:29 +02:00
nf_conntrack_proto_dccp.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_proto_generic.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_proto_gre.c netfilter: nf_conntrack: prepare l4proto->init_net cleanup 2012-06-27 18:31:14 +02:00
nf_conntrack_proto_sctp.c netfilter: nf_ct_sctp: merge sctpv[4,6]_net_init into sctp_net_init 2012-06-27 19:13:31 +02:00
nf_conntrack_proto_tcp.c netfilter: ctnetlink: nla_policy updates 2012-12-03 15:13:10 +01:00
nf_conntrack_proto_udp.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_proto_udplite.c netfilter: nf_ct_udplite: add udplite_kmemdup_sysctl_table function 2012-06-27 19:12:52 +02:00
nf_conntrack_sane.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_sip.c netfilter: nf_nat: support IPv6 in SIP NAT helper 2012-08-30 03:00:22 +02:00
nf_conntrack_snmp.c netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_standalone.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_conntrack_tftp.c netfilter: nf_nat: support IPv6 in TFTP NAT helper 2012-08-30 03:00:24 +02:00
nf_conntrack_timeout.c netfilter: nf_ct_ext: add timeout extension 2012-03-07 17:41:25 +01:00
nf_conntrack_timestamp.c net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
nf_internals.h netfilter: pass 'nf_hook_ops' instead of 'list_head' to nf_queue() 2012-09-03 13:52:54 +02:00
nf_log.c various: Fix spelling of "registered" in comments. 2012-11-19 14:29:46 +01:00
nf_nat_amanda.c netfilter: nf_nat: support IPv6 in amanda NAT helper 2012-08-30 03:00:21 +02:00
nf_nat_core.c netfilter: nf_nat: remove obsolete rcu_read_unlock call 2012-09-21 12:09:25 +02:00
nf_nat_ftp.c netfilter: nf_nat: support IPv6 in FTP NAT helper 2012-08-30 03:00:20 +02:00
nf_nat_helper.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_irc.c netfilter: nf_nat: support IPv6 in IRC NAT helper 2012-08-30 03:00:23 +02:00
nf_nat_proto_common.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_dccp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_sctp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_tcp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_udp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_udplite.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_proto_unknown.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_sip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-09-03 15:34:51 +02:00
nf_nat_tftp.c netfilter: nf_nat: support IPv6 in TFTP NAT helper 2012-08-30 03:00:24 +02:00
nf_queue.c netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
nf_sockopt.c
nf_tproxy_core.c netfilter: tproxy: do not assign timewait sockets to skb->sk 2011-02-17 11:32:38 +01:00
nfnetlink.c net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm 2012-11-18 20:32:45 -05:00
nfnetlink_acct.c netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
nfnetlink_cthelper.c netfilter: nf_ct_ftp: add sequence tracking pickup facility for injected entries 2012-09-24 14:29:40 +02:00
nfnetlink_cttimeout.c netfilter: cttimeout: fix buffer overflow 2012-11-21 23:50:14 +01:00
nfnetlink_log.c netfilter: nfnetlink_log: fix possible compilation issue due to missing include 2012-12-17 01:16:17 +01:00
nfnetlink_queue_core.c netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
nfnetlink_queue_ct.c netfilter: nfnetlink_queue: fix sparse warning due to missing include 2012-06-23 02:13:38 +02:00
x_tables.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_AUDIT.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c netfilter: xt_CT: recover NOTRACK target support 2012-12-24 12:55:09 +01:00
xt_DSCP.c netfilter: IPv6: fix DSCP mangle code 2011-05-10 10:00:21 +02:00
xt_HL.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_HMARK.c ipv6: Move ipv6_find_hdr() out of Netfilter code. 2012-11-09 17:05:07 -08:00
xt_IDLETIMER.c netfilter: Remove unnecessary OOM logging messages 2011-11-01 09:19:49 +01:00
xt_LED.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_LOG.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-10-02 11:11:09 -07:00
xt_NETMAP.c netfilter: combine ipt_NETMAP and ip6t_NETMAP 2012-09-21 12:11:08 +02:00
xt_NFLOG.c
xt_NFQUEUE.c netfilter: sparse endian fixes 2012-08-20 12:45:57 +02:00
xt_RATEEST.c net,rcu: Convert call_rcu(xt_rateest_free_rcu) to kfree_rcu() 2011-07-20 14:10:19 -07:00
xt_REDIRECT.c netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
xt_SECMARK.c
xt_TCPMSS.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
xt_TCPOPTSTRIP.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_TEE.c netfilter: xt_TEE: don't use destination address found in header 2012-10-17 11:00:31 +02:00
xt_TPROXY.c net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xt_TRACE.c
xt_addrtype.c net:netfilter: use IS_ENABLED 2011-12-16 15:49:52 -05:00
xt_cluster.c
xt_comment.c
xt_connbytes.c Merge branch 'nf-next' of git://1984.lsi.us.es/net-next 2011-12-25 02:21:45 -05:00
xt_connlimit.c netfilter: xt_connlimit: remove revision 0 2012-06-07 14:58:39 +02:00
xt_connmark.c
xt_conntrack.c netfilter: revert a2361c8735 2011-05-10 12:13:36 +02:00
xt_cpu.c netfilter: xtables: add missing aliases for autoloading via iptables 2011-01-18 06:33:54 +01:00
xt_dccp.c
xt_devgroup.c netfilter: xtables: add device group match 2011-02-03 00:05:43 +01:00
xt_dscp.c
xt_ecn.c netfilter: xtables: collapse conditions in xt_ecn 2011-12-27 20:45:25 +01:00
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits 2012-05-17 00:56:31 +02:00
xt_helper.c
xt_hl.c netfilter: Reduce switch/case indent 2011-07-01 16:11:15 -07:00
xt_iprange.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-04 14:28:58 -08:00
xt_ipvs.c ipvs: API change to avoid rescan of IPv6 exthdr 2012-09-28 11:34:33 +09:00
xt_length.c
xt_limit.c netfilter: xt_limit: have r->cost != 0 case work 2012-09-26 01:33:16 +02:00
xt_mac.c netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:18 -04:00
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets 2012-10-15 13:39:12 +02:00
xt_nfacct.c netfilter: xtables: add nfacct match to support extended accounting 2011-12-25 02:43:17 +01:00
xt_osf.c netfilter: sparse endian fixes 2012-08-20 12:45:57 +02:00
xt_owner.c userns: xt_owner: Add basic user namespace support. 2012-08-14 21:55:30 -07:00
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_rateest.c netfilter: xt_rateest: fix xt_rateest_mt_checkentry() 2011-07-29 16:24:46 +02:00
xt_realm.c
xt_recent.c userns xt_recent: Specify the owner/group of ip_list_perms in the initial user namespace 2012-08-14 21:55:29 -07:00
xt_repldata.h
xt_sctp.c
xt_set.c netfilter: ipset: Support to match elements marked with "nomatch" 2012-09-22 22:44:34 +02:00
xt_socket.c netfilter: xt_socket: fix compilation warnings with gcc 4.7 2012-09-03 13:31:39 +02:00
xt_state.c
xt_statistic.c net: Fix files explicitly needing to include module.h 2011-10-31 19:30:28 -04:00
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c netfilter: xt_time: add support to ignore day transition 2012-09-24 14:29:01 +02:00
xt_u32.c