dect/linux-2.6
Archived
14
0
Fork 0
Code Releases Activity
This repository has been archived on 2022-02-17. You can view files and clone it, but cannot push or open issues or pull requests.
linux-2.6/net/ipv6/netfilter
History
Jozsef Kadlecsik 9c13886665 netfilter: ip6table_raw: fix table priority 
The order of the IPv6 raw table is currently reversed, that makes impossible
to use the NOTRACK target in IPv6: for example if someone enters

ip6tables -t raw -A PREROUTING -p tcp --dport 80 -j NOTRACK

and if we receive fragmented packets then the first fragment will be
untracked and thus skip nf_ct_frag6_gather (and conntrack), while all
subsequent fragments enter nf_ct_frag6_gather and reassembly will never
successfully be finished.

Singed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-03-25 11:17:26 +01:00
..
ip6_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
ip6_tables.c netfilter: xtables: restore indentation 2010-02-26 17:53:31 +01:00
ip6t_ah.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ip6t_eui64.c netfilter: ip6t_eui: fix read outside array bounds 2009-08-31 15:30:31 +02:00
ip6t_frag.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ip6t_hbh.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
ip6t_ipv6header.c netfilter: ip6t_ipv6header: fix match on packets ending with NEXTHDR_NONE 2009-05-05 15:32:16 +02:00
ip6t_LOG.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ip6t_mh.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
ip6t_REJECT.c ipv6: drop unused "dev" arg of icmpv6_send() 2010-02-18 14:30:17 -08:00
ip6t_rt.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ip6table_filter.c netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
ip6table_mangle.c netfilter: iptables: remove unused function arguments 2010-02-15 16:56:51 +01:00
ip6table_raw.c netfilter: ip6table_raw: fix table priority 2010-03-25 11:17:26 +01:00
ip6table_security.c netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
Kconfig netfilter: trivial Kconfig spelling fixes 2009-03-24 13:35:27 -07:00
Makefile netfilter: Combine ipt_ttl and ip6t_hl source 2009-02-18 18:39:31 +01:00
nf_conntrack_l3proto_ipv6.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_proto_icmpv6.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_reasm.c netfilter: nf_conntrack_reasm: properly handle packets fragmented into a single fragment 2010-02-19 18:18:37 +01:00